pmooney.net

1 - SWEET! I have a service request at work asking for just this type of restriction, and I hadn't been able to do much to resolve it. My solution would have been MUCH more convoluted than this.

Thanks, Paul, and I owe you big time.

2 - Hi Mike - I have used that method too, but as a quick fix goes, the method above works fine

3 - WHAAAAT?
A developer admitted to learning something from an Admin????

4 - Awesome tip, Paul, Thanks! I'm posting this on the LUG blog now.

5 - Just curious, does this prevent routing the mail if the group is spelled correctly (desired), or does it just prevent the user without access to the document from seeing the group name?

6 - @8 - Yep - even if you know the group name, it wont work

@7 - Excellent! Happy to test/help out

@9 - Cool! Thanks Jess

7 - @6 I agree Paul. Again, just wanted to mention the potential issue and an alternative solution. As an aid in this effort, look for an OpenNTF project very soon that will facilitate the other process quite easily. I made some good progress on it last night. I've been meaning to do it for quite sometime anyway. I will update this post when I am done.
mkinder@acadiasolutions.com

8 - @2... I'm more than willing to admit there's the odd nugget of truth that an admin might possess that could have bypassed me (or been forgotten over time). It's rare, but possible...

@3... It seems like that would be a problem with just about any approach that restricted use of distro groups. But I think I'd rather live with the odd call than have someone do an all-company "burn the bridges" email on their way out the door... :)

9 - Hey, one word of warning using this method though. If a user who is not allowed to use the group is a member of the group and they use the "Reply to All" option they will get an error when sending. The error says something about cannot see the group, choose OK to skip or cancel to stop. Choosing OK removes the group and does not send to it - but the error may create just as many help desk calls. There are alternatives, each of which has some drawbacks though.

10 - @4 - True Duffbert (love the screen name BTW), I just wanted to let you know of the caveat. There is an alternative that I have used in the past that eliminates this trouble. It is more difficult to setup the first time, but using it has some added benefits. In a nutshell (feel free to email me if you want more details) you set the "group" up as a Mail in database. Then have an agent in the mail-in db check every message that comes in to determine if the sender has a right to send to this group. If not, flag it and be done with it. If so, forward the info, but as a doc link back to the database. This allows for better controls all around, message sizes, message recall, etc. What this mail-in db sends to is the reader restricted group, with two changes. The group is not a group that can be mailed to (i.e. ACL Only group). And, you don't mail to the group name but the members in the group as BCC members only so no one knows about the group or its name. There is a little more to it -maybe a good OpenNTF project?