Hi Team, I performed a Groupwise 7.x to Exchange 2007 migration and with a little sweat and tears it went successful. The migration is still going on and a new issue popped up. In Outlook 2007 users can open a shared calendar, type in a users name and receive full access to that users calendar. I need to remove this functionality. After a bit searching I sumised this has something to do with the Quest Migration tool setting a default permission on the mailbox during migration. I will take care of that later. For now I have two questions. 1) What permission allows a user to see another calendar? And where exactly is this stored? (I assume its a property of the mailbox somewhere). 2) What tool will allow me to view this permission to confirm its causing the issue 3) What tool / option do I have to remove from all affected mailboxes If there are any docs that discuss mailbox permission structure I would be interested in that as well. Thank you

Hello,The Send AS permission on user object allow to see other users mailbox.I would suggest you to check these following KB's- Get-ADPermissionhttp://technet.microsoft.com/en-us/library/bb125183.aspx If the above list matches all the users you want to remove the permission for, you can simply pipe it to Remove-ADPermission:get-adpermission "mailbox database" | where {$_.ExtendedRights -like- Alternatively, you can do it for each user:Remove-ADPermission "mailbox database" -User "foo" -ExtendedRights receive-asRemove-ADPermissionhttp://technet.microsoft.com/en-us/library/aa996048.aspx Grant Full Mailbox Rights to an Administrator on Exchange 2000/2003http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htmHow to Allow Mailbox Accesshttp://technet.microsoft.com/en-us/library/aa996343.aspxArun Kumar | MCSE - 2K3 + Messaging | ITIL-F V3

Thank you Arun,I checked the Send As permissions and no one had them. I ended up using pfDAVAdmin to check the permission on the calendar store for some of the affected users and found that the EVERYONE group had "Folder Visible" set. Looking at a non-affected user, they didnt have this permission. Removing the EVERYONE group off of the calendar remediated the issue. We are cross-referencing with other users who are experiencing this issue to validate the solution. I will let you know what I find out.Thank you for your response.

Thats great, Coolie.. keep updating us the result.Arun Kumar | MCSE - 2K3 + Messaging | ITIL-F V3

Hi, From your description, I notice that you are able to solve the issue after removing Visible permission of everyone group on the calendar folder. Regarding the mailbox permission structure in Exchange, I suggest you refer to following article: http://technet.microsoft.com/en-us/library/bb123975(EXCHG.65).aspx Please understand that if somebody is able to access others folder. The user may have following two types of permission: 1. The user has Full Mailbox Permission of the other user 2. The user has specific folder permission of the other user To check whether the user has Full Mailbox Permission of other user, we can use get-mailboxpermission command to check the permission of the target user. To check the specific folder permission, we can use PFDavAdmin tool to through Outlook directly. In addition, the Full Mailbox Permission can be inherited from Store level. For example, if a user has Receive As permission of a mailbox store, the use has Full Access Permission of all the mailboxes in the store. To check the Receive As permission, you can get Get-adpermission command. Mike

Thanks Mike,The article refers to Exchange 2000 and 2003 - Is this still relevant for 2007?

Hi, Based on my knowledge, I think that mailbox permission structure does not change in Exchange 2007. The changes which I know currently are in Exchange 2007, you need to change mailbox level permission by using set-mailboxpermission command. In Exchange 2003, we can change the mailbox permission in ADUC. To change folder level permission, you can use Outlook or PFDavAdmin tool. Please understand that the folder level permission is actually a hidden message of the folder. If you are able to access other users mailboxs folder, you either have permission to access the specific folder or have full mailbox permission of the other user. Mike