Grant full access permission to user mailbox with exclusions
Hello I have the following task to do,.. that some kind of users in my environment (Exchange 2007) that already have the full access permissions on special user mailbox should have also one exclusion with permission, that all these users do not have delete item permisson. So, They should not have the rights to delete mail items in the mailbox with full access permissions on it. I think that this action must be done from EMS and not from EMC,... So, i need the right solution or the right EMS cmdlet to do this operation... I want your suggestions about this... Thanks in advance
July 15th, 2010 2:44pm
Hi, I dont think it is possible when u have assigned full access permission. But you should test it to verify. Add-MailboxPermission -Identity <MailboxId> -AccessRights DeleteItem -User <yourUserID> -Deny:$true you should run this command for a MailboxID, for which you have given Full Access permission to YourUserID. Note: By default mailbox permission takes 2 hours to apply, so for testing don't forget to restart MS Exchange Information Store Service on mailbox server to apply mailbox permission immediately. Regards, Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
July 15th, 2010 3:14pm
With Full Access permission it is all or nothing. If you want to restrict the permissions then you cannot use the Full Access permission. Instead you will have to use permissions within Outlook itself. This is set on a per folder basis. However note that if a user cannot delete the item, then they also cannot move it. If you must keep the data then the best way is to have a copy of it elsewhere. Journal the mailbox to another mailbox for example, so that the users don't have access to that second copy. Depending on permissions to stop a user deleting something isn't foolproof. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
July 16th, 2010 3:22am
Hi, As Simon said, you can do this task by configure the folder rights instead of the mailbox rights. Step 1: ========== 1. Remove the full access rights for the users who already have the full access permissions on special user mailbox. 2. Open Outlook, log into the special user's mailbox. Right click the folder you want to share, such as Inbox. Then click choose properties. 3. In Permission tab, click Add button to add the users such as B. Set the permission level to Reviewer. Step 2: =============== 1. On User B's outlook client, click Tool->Mail Setup, click E-mail Accounts. 2. Click User B 's profile and click Change. 3. Click More settings, in Advanced tab, click Add to add the shared mailbox.
July 16th, 2010 12:02pm
Thanks a lot for your suggestions and for your exhaustive explanations...
July 16th, 2010 4:02pm