The change in the behavior to restrict Address Book views is to ensure that, by default, the permission on the Address Book views object is not inherited by the site naming context.
The meaning of the heuristic bit is actually reversed in Service Pack 4 from any earlier fixes, to accommodate this request.
In more detail, if the bit is set to 1, the Address Book Views object inherits permissions from the site naming context. If the heuristic bit is 0 or is not set, the Address Book Views object does not inherit any permissions and is locked down to the service account unless a security descriptor has already been stamped on the Address Book Views object.
Furthermore, if you set the heuristic bit to 1 after you apply the post Exchange Server 5.5 Service Pack 3 Dsamain.exe fixes that are described in Knowledge Base article Q248398, to lock down the permissions to either a service account or security descriptor, notice that the heuristic bit is changed back to 0 after you apply Service Pack 4.
The behavior to restrict Address Book views first changed in the post Exchange Server 5.5 Service Pack 3 version of the Dsamain.exe file (version 5.5.2652.11).
The version of the Dsamain.exe file that is included in Exchange Server 5.5 Service Pack 4 is 5.5.2653.17.
For additional information, click the article number below
to view the article in the Microsoft Knowledge Base:
284234�
XADM: Permissions on Address Book View Are Displayed Incorrectly After You Apply Service Pack 4