Security on a distro list marked hidden via Exchange tasks for the 2 groups: Allow - Account Operators - Ready Property - This object and all child objects Deny - Everyone - Ready Property - This object and all child objects There is also: Enterprise Admins - Full Control - This object and all child objects I am a member of Account Operators and Enterprise Admins and I can see membership. But I have some users as Domain Admins (not in Account Ops or Enterprise Admins) who can't see membership. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil Sent: Thursday, January 06, 2005 9:26 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: view hidden group membership I would have thought (given how DACLs and ACEs work) that deny (especially for everyone) will take precedence. As I'm not sure I have a similar scenario to look at, could you expand on how the override for Account Operators is implemented? Neil > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann > Sent: 06 January 2005 14:11 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] OT: view hidden group membership > > When you hide membership to a distribution list in AD, Everyone is > given Deny on reading the members, including Domain Admins. The > Account Operators group has an override over this. > > I want to use Delegate control to give the correct specific > permissions to a few people so they can view the hidden membership. I > tried using simply read permission on group objects, but that doesn't > seem to do the trick. > > Anyone know specifically what security a users need to override the > Deny on Everyone which is set by hiding membership? *********************************************** This e-mail and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this e-mail from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods. Please note that e-mail communications may be monitored. The registered office of Littlewoods Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is 262152. ************************************************ ******************************************************** This Weeks Sponsor SeamlessPlanet.com Domain Names Register your .com domain name for as low as $7.85 One of the lowest prices on the web! Part of The Kenzig Group. http://www.seamlessplanet.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Awesome SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor SeamlessPlanet.com Domain Names Register your .com domain name for as low as $7.85 One of the lowest prices on the web! Part of The Kenzig Group. http://www.seamlessplanet.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Awesome SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm