Interesting Exchange / Outlook issue

  • From: "Rene Fisher" <Rene_Fisher@xxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 18 Mar 2004 06:03:00 -0700

I have an interesting problem from my perspective. I am not sure if anyone has 
come across this or not.
Exchange 2003 running on W2K in native mode < previous it was Exchange 2000 > 
Any user that is using Outlook 2000 or better can add a distribution list to 
the ACL permissions on his /her mailbox. Or a mailbox they have delegated 
rights to. What happens is that the Store will convert the DL to a security 
group. For example if you have a Global DL called all users the store will 
convert it to a global SG called All Users. Once the group is converted to a 
Security group the Kerberos token increases in size for everyone who is a 
member of that DL. I find it odd that a regular user with no permissions to 
modify AD security groups has the ability to do this. I am looking for a way to 
stop this behaviour. I know that I can educate the end user etc etc etc ..but 
we all know how well that goes .. 
I hope someone has some suggestions or Ideas. I know that this is only an issue 
in Native mode, also it does not work on the new query based distribution lists 
that Exchange 2003 offers but neither is a solution that I can use at the 
moment .. 
Thanks in Advance 

Other related posts: