Permissions for Distribution Group Are Not in the Standard Format (290801)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q290801

SUMMARY

When you use Active Directory Users and Computers to view permissions for a distribution group whose membership is hidden, the Special Security message box is displayed. The following message is displayed in the message box:

Windows cannot edit the permissions on 'Group Name' because they have been written in a nonstandard format by another application. To enable editing, you must use the application to restore the permissions to a standard format.

After you click OK, the permissions are displayed.

MORE INFORMATION

Microsoft Exchange 2000 hides group membership by listing the access control entries in a non-standard order.

To view membership, click the Advanced button. The Access Control Settings for 'Group Name' dialog box opens. On the Permissions tab, the permissions appear in the following order:

TypeNamePermission
AllowedExchange Domain ServersRead Property
AllowedAccount OperatorsRead Property
DenyEveryoneRead Property

NOTE: Other permissions follow.

With the "Deny" access controls listed after the "Allowed" access controls rather than at the top the list, the permissions are not listed in the standard order. By design, this is how the membership of the group is hidden.

The domain's Exchange 2000 servers and the members of the Account Operators group can view the distribution list. However members of other groups, including the Everyone group, cannot.

For additional information about how group membership is hidden, click the article number below to view the article in the Microsoft Knowledge Base:

253827 How Exchange Hides Group Membership in Active Directory

Modification Type:MinorLast Reviewed:1/27/2006
Keywords:kbenv kbinfo KB290801
©2004 Microsoft Corporation. All rights reserved.