When migrating from other platform, I was used to having public facing aliases that forwards to multiple addresses. For example, firstname.lastname@example.org will be forwarded to email@example.com and firstname.lastname@example.org. The default setting for Google Groups for Business to have this setup is by setting a “Public Group” that allow posts from external email address. This is not the only public facing group that we have, in fact we have about 200 of these. Unfortunately, we also have groups such as email@example.com (that only forward to firstname.lastname@example.org) that’s public facing. The default option for public facing group is to have the post viewable from anyone in the organization. It could be worse if the “App Setting” is also set to public.
My initial expectation is that even if a group can receive emails publicly, it should only limit the viewing of the topics only to the members, but it is not. Even when using email@example.com account, I was able to view posts from firstname.lastname@example.org. In the beginning, Google support told me that it’s the admin’s job to make sure that each created group to be fully setup manually and checked for every permission. That means, when creating a group I have to:
- Create the group
- Set the group as public facing
- Add the users
- Go to the group page
- Access the group advanced permission setting
- Change the “View Post” to “All Members of the Group only”
There’s no way to set this setting as the default, so it has to be done for every single group.
In order to fix my issue, Google support also advised me to manually change the “View Topic” setting through the GUI for each group. That’s over 200 groups and it’s going to be tedious and error prone.
In the end I found a tool that I can use to make list the group, and make the bulk changes. The command prompt tool is called GAM (Google-Apps-Manager) created by Dito. I also have a scripting method to update all groups at once. Read the rest of this entry »