Learn Exchange Server 2000: Viewing Address Lists in Exchange 2000 Page 3

Now that we have that out of the way, let's take a look at setting up Address lists that are restricted to only certain users and groups. This is nice especially if you are hosting multiple organizations on a single Exchange Server and you want to preserve the privacy of each company. Keep in mind that there could be many other reasons for doing this as well. I just wanted to give out one example scenario, but you can substitute your own as we go. The first thing that I am going to point out is that I am certain that there are other ways to accomplish our goal other than what I am about to show you. That is fine. I am simply showing you the way that I do it. 

We could accomplish our goal by simply denying the Open Address List permission. But there is a problem with that. The problem is that although the users can't view the contents of the Address List, they can still view the Address List itself. I want to hide the entire thing so that they won't see the Address list or the contents.

So back to ESM we go. What we are going to do is create an empty Address List that acts as a container for the address lists that we would like to hide. We will then remove or deny the list contents permission to specific groups or users in order to determine who will or will not be able to see a particular address list.

Now in our case, you will have to think back quite a while ago to an article I wrote where I talked about granting different administrative groups rights throughout your Exchange Organization. If you will remember, we had both a BostonEXAdmin group and a TampaEXAdmin group. Using these two groups, I am going to allow the members of the TampaEXAdmin group the ability to access the address book while denying the BostonEXAdmin group from even being able to see the Confidential Address Book. What I have done is gone into the ESM and created a blank Address List called HiddenContainer, as you can see in Figure 11.

Figure 11.

Now, what I need to do next is to drag the Confidential Address List so that it becomes a child object of the HiddenContainer Address List, as wee see in Figure 12.

Figure 12.

Now I go into the properties of the HiddenContainer Address List, and I am going to specifically deny the BostonEXAdmins group the List Content Permission!

Figure 13.

Now that I have accomplished that, the last step is to actually log on as different users from the different groups to verify that I have accomplished my goal of restricting access to the contents of a specific Address List. I first log on as a user from the TampaEXAdmins Group, and when I open up Outlook and select to see the available address lists, this is what I see:

Figure 14.

Now, I log on as a member of the BostonEXAdmins group, and you should notice the difference in their view;

Figure 15.

As you can see, they can see the actual HiddenContainer Address List but not the Confidential Address List that it contains. And as they don't have list contents permission, they can't see the membership of the Confidential Address list either. Hopefully this helps to clarify the question of how to hide an Address List from your users.

I hope that you have found this information useful. I also want to apologize for my long delay in getting out a new article. I would love to say that I am going to get back to writing an article every other week, but I don't want to commit to anything just yet. But be on the lookout for another Exchange 2000 article in the not too distant future!! Thanks for your support, and until next time, cya!

Michael Bell


This article was originally published on Sep 18, 2002
Page 3 of 3

Thanks for your registration, follow us on our social networks to keep up-to-date