JSI Tip 3493. Windows can not edit the permissions on 'Group Name' because they have been written in a nonstandard format?


When you use the Active Directory Users and Computers snap-into view the permissions on a distribution group, the message box of Special Security contains:

Windows can not edit the permissions on 'Group Name' because they have been written in a nonstandard format by another application. To enable editing, you must use the application to restore the permissions to a standard format.

When you press OK, the permissions are displayed.

To HIDE group membership, Microsoft Exchange 2000 arranges ACEs (Access Control Entry) in the ACL (Access Control List) in a non-standard order.

To view the ACEs:

1. Press the Advanced button.

2. Permissions appear with the Deny ACE displayed after the Allowed ACEs:

Type     Name                       Permission

Allowed  Exchange Domain Servers       Read  
Allowed  Account Operators             Read 
Deny     Everyone                      Read 
         ** Other ACEs **
NOTE: Normally, the DENY ACE is listed first.

NOTE: See Knowledge Base article Q253827 How Exchange Hides Group Membership in Active Directory.




Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish