Hello We're using Exchange2007, and we want to configure a resource so that it can be booked by 1 group only. I've already configured it via OWA > "permissions for resourceplanning" and verified via powershell RequestOutOfPolicy : {DOMAIN.LOCAL\testgroup} AllRequestOutOfPolicy : False BookInPolicy : {DOMAIN.LOCAL\testgroup} AllBookInPolicy : False RequestInPolicy : {DOMAIN.LOCAL\testgroup} AllRequestInPolicy : False AddAdditionalResponse : False As you can see I even configured it for all 3. After applying other users (not member of this group) still are able to book the resource. Does anyone know what setting might be wrong? I already expaned the group "testgroup" --> user isn't in it, but still can book the resource.

Is the user booking the resource through the booking agent (by inviting it as a resource), or are they doing direct booking? I Does the user have any delegeted permissions to the calendar folder of that resource mailbox?[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

The user which normally shouldn't be able to book is booking it via the Rooms button. I see that I did forget to mention that it's a room mailbox :-) When I open the calender properties in outlook (opened the room mbx), I have Default > "Custom permissions" > "create items" and "edit own" is enabled.

Change that to no higher than "Reviewer". If you're using the Auto-Accept feature, the users don't need and should not have permission to create items on that calendar. The booking agent will put the items on the calendar, based on appointment requests received in the Inbox and according to the policy settings for that resource and resource availability. Using the Rooms button does a direct booking (the user is placing the appointment directly onto the calendar, rather than emailing an appointment request to the room mailbox). This bypassed the booking agent, and all of the policy settings.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Hi, Your configuration is incorrect: ResourceDelegates : {} RequestOutOfPolicy : {} AllRequestOutOfPolicy : False BookInPolicy : {DOMAIN.LOCAL\testgroup} AllBookInPolicy : False RequestInPolicy : {} AllRequestInPolicy : FAlse I would suggest you enable the AD account of this Resource mailbox and then set up the resource Scheduling Permissions in OWA/Option. It will help avoiding confusion. For more information, see http://support.microsoft.com/kb/2005631 Fiona

Hello, I already tried it by configuring only the first option you can set via the resource settings in OWA, which should be sufficient. I tried again, so my settings are now : AutomateProcessing : AutoAccept AllowConflicts : False BookingWindowInDays : 1080 MaximumDurationInMinutes : 1440 AllowRecurringMeetings : True EnforceSchedulingHorizon : False ScheduleOnlyDuringWorkHours : False ConflictPercentageAllowed : 0 MaximumConflictInstances : 0 ForwardRequestsToDelegates : True DeleteAttachments : True DeleteComments : True RemovePrivateProperty : True DeleteSubject : True DisableReminders : True AddOrganizerToSubject : True DeleteNonCalendarItems : True TentativePendingApproval : True EnableResponseDetails : True OrganizerInfo : True ResourceDelegates : {} RequestOutOfPolicy : AllRequestOutOfPolicy : False BookInPolicy : {DOMAIN.LOCAL/TESTGROUP} AllBookInPolicy : False RequestInPolicy : AllRequestInPolicy : False AddAdditionalResponse : False AdditionalResponse : <DIV><FONT size=2 face=Tahoma></FONT></DIV> RemoveOldMeetingMessages : True AddNewRequestsTentatively : True ProcessExternalMeetingMessages : False DefaultReminderTime : 15 RemoveForwardedMeetingNotifications : False The result is the same however, I can still book the resource with a user that isn't in the testgroup

Have you gone back and changed the default permissions on the calendar? As long as the default is to allow creating new items on that calendar, you aren't going to be able to prevent people from direct booking that resource, regardless of what your calendar processing settings are.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Hello Tnx a lot both for your help!! Mjolinor, it seems I looked over your previous post :-) I've changed the settings, and it seems to be ok now when I try to book with a testaccount. I didn't know about the bypass of the calendar permissions in outlook.

Hello, I did find another problem with this resource mailbox afterwards. The resource mbx was still behaving very strange (no receipts, booked in own calendar, but not in resource calendar, etc.) What I didn't mention in my first post was that this mbx is a migrated mailbox from exchange 2000. There seems to be a problem for migrated mailboxes, that are converted to a resource mailbox in exchange 2007. What I need to do, was create a new resource mailbox, and need to export/import the calendar into it.