RE: Interesting Exchange / Outlook issue

  • From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 18 Mar 2004 09:06:00 -0500

Rene, I'm interested in hearing what the impact is of this issue to what
you're doing.  When you add the permissions to the mailbox, the group gets
converted by store which is expected.  The user is not the one that is
adding the security token, the store is. The store has that permission and
requires it for the change in permission type.  

My question is whether or not this negatively impacts or if you're looking
at a problem down the road?


-----Original Message-----
From: Rene Fisher [mailto:Rene_Fisher@xxxxxx] 
Sent: Thursday, March 18, 2004 8:03 AM
To: [ExchangeList]
Subject: [exchangelist] Interesting Exchange / Outlook issue

I have an interesting problem from my perspective. I am not sure if anyone
has come across this or not.
Exchange 2003 running on W2K in native mode < previous it was Exchange 2000
Any user that is using Outlook 2000 or better can add a distribution list to
the ACL permissions on his /her mailbox. Or a mailbox they have delegated
rights to. What happens is that the Store will convert the DL to a security
group. For example if you have a Global DL called all users the store will
convert it to a global SG called All Users. Once the group is converted to a
Security group the Kerberos token increases in size for everyone who is a
member of that DL. I find it odd that a regular user with no permissions to
modify AD security groups has the ability to do this. I am looking for a way
to stop this behaviour. I know that I can educate the end user etc etc etc
..but we all know how well that goes .. 
I hope someone has some suggestions or Ideas. I know that this is only an
issue in Native mode, also it does not work on the new query based
distribution lists that Exchange 2003 offers but neither is a solution that
I can use at the moment .. 
Thanks in Advance

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:

Other related posts: