We are currently developing a solution based on the add-in of Outlook 2007. This solution uses the permission granted via Microsoft Exchange Management Shell. We have noted that when we grant a Full Acces to a mailbox for a user, this Full Acces cannot be altered later by denying the right to delete items. Here are the commands we use: Add-MailboxPermission Identity Mailbox User User DomainController Domain AccessRights FullAccess Add-MailboxPermission Identity Mailbox User User DomainController Domain AccessRight DeleteItem Deny When we check the MailboxPermissions we see that the deny setting has been correctly set, however the user can still delete items. Have you got any idea why the Deny option does not work? Antoine

I'm having the same problem. I need select users to access a shared mailbox with read-only permissions via OWA. The only way I can seem to get OWA to let me view the shared mailbox is with fullaccess and it's taking priority. Anyone have any suggestions been trying stuff for hours with no luck.thanks.

I also tried to add only read permissions (AccessRights: ReadPermission), but it does not seem to work. Only if I add the FullAccess AccessRights it works... Benjamin VH: Still no solution to your problem ?

are you using permission editting inactive directory ?

Permission editing is done with the Exchange Powershell console.

Does anyone have found the solution to this problem?

Hi, this works for me 1. Add-MailboxPermission -Identity 'Mailbox' -User 'User/Group' -AccessRights FullAccess (gives user/group full access) 2. Add-MailboxPermission -Identity 'Mailbox' -User 'User/Group' -Deny -AccessRights DeleteItem (retracts the delete access) 3. Get-MailboxPermission -Identity 'User/Group' | fl (Get a list of what you've done) Hope this helps /Tore