Rene, I'm interested in hearing what the impact is of this issue to what you're doing. When you add the permissions to the mailbox, the group gets converted by store which is expected. The user is not the one that is adding the security token, the store is. The store has that permission and requires it for the change in permission type. My question is whether or not this negatively impacts or if you're looking at a problem down the road? Al -----Original Message----- From: Rene Fisher [mailto:Rene_Fisher@xxxxxx] Sent: Thursday, March 18, 2004 8:03 AM To: [ExchangeList] Subject: [exchangelist] Interesting Exchange / Outlook issue http://www.MSExchange.org/ I have an interesting problem from my perspective. I am not sure if anyone has come across this or not. Configuration. Exchange 2003 running on W2K in native mode < previous it was Exchange 2000 > Issue: Any user that is using Outlook 2000 or better can add a distribution list to the ACL permissions on his /her mailbox. Or a mailbox they have delegated rights to. What happens is that the Store will convert the DL to a security group. For example if you have a Global DL called all users the store will convert it to a global SG called All Users. Once the group is converted to a Security group the Kerberos token increases in size for everyone who is a member of that DL. I find it odd that a regular user with no permissions to modify AD security groups has the ability to do this. I am looking for a way to stop this behaviour. I know that I can educate the end user etc etc etc ..but we all know how well that goes .. I hope someone has some suggestions or Ideas. I know that this is only an issue in Native mode, also it does not work on the new query based distribution lists that Exchange 2003 offers but neither is a solution that I can use at the moment .. Thanks in Advance Rene ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------