Deny option of Add-MailboxPermission of MSH not working
We are currently developing a solution based on the add-in of Outlook 2007. This solution uses the permission granted via Microsoft Exchange Management Shell. We have noted that when we grant a Full Acces to a mailbox for a user, this Full Acces cannot be altered later by denying the right to delete items.
Here are the commands we use:
Add-MailboxPermission Identity Mailbox User User DomainController Domain AccessRights FullAccess
Add-MailboxPermission Identity Mailbox User User DomainController Domain AccessRight DeleteItem Deny
When we check the MailboxPermissions we see that the deny setting has been correctly set, however the user can still delete items.
Have you got any idea why the Deny option does not work?
Antoine
April 2nd, 2007 4:49pm
I'm having the same problem. I need select users to access a shared mailbox with read-only permissions via OWA. The only way I can seem to get OWA to let me view the shared mailbox is with fullaccess and it's taking priority. Anyone have any suggestions been trying stuff for hours with no luck.thanks.
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2007 3:31am
I also tried to add only read permissions (AccessRights: ReadPermission), but it does not seem to work.
Only if I add the FullAccess AccessRights it works...
Benjamin VH: Still no solution to your problem ?
June 28th, 2007 2:36pm
are you using permission editting inactive directory ?
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2007 4:05pm
Permission editing is done with the Exchange Powershell console.
June 28th, 2007 5:16pm
Does anyone have found the solution to this problem?
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2007 12:20pm
Hi, this works for me
1. Add-MailboxPermission -Identity 'Mailbox' -User 'User/Group' -AccessRights FullAccess (gives user/group full access)
2. Add-MailboxPermission -Identity 'Mailbox' -User 'User/Group' -Deny -AccessRights DeleteItem (retracts the delete access)
3. Get-MailboxPermission -Identity 'User/Group' | fl (Get a list of what you've done)
Hope this helps
/Tore
November 15th, 2007 4:21pm