Users can create public folders willy nilly and I need to put a stop to it. When I look at the permissions for the root folder: [PS] C:\Windows\system32>Get-PublicFolder | Get-PublicFolderClientPermission Identity User AccessRights -------- ---- ------------ \ Default {PublishingAuthor} \ Anonymous {Reviewer} I'd like to modify the Default user to "None". I've tried modifying the permissions and they won't stick. Get-PublicFolder | Add-PublicFolderClientPermission -User "Default" -AccessRights "None" I was going to try using PFDaveAdmin but that tries to propogate all the way down the tree and I don't want to screw up current permissions. Anyone know how to midify the default user? Can I add a specific group to the root folder to deny access?David Jenkins

I've also tried removing. Get-PublicFolder | Get-PublicFolderClientPermission -User "Default" | Remove-PublicFolderClientPermission Remove-PublicFolderClientPermission : Failed to commit the change on object "000000001A447390AA6611CD9BC800AA002FC45A0300B8EFF359CDC69641BCD71F34D1A12DA30000 At line:1 char:106 + Get-PublicFolder | Get-PublicFolderClientPermission -User "Default" | Remove-PublicFolderClientPermission <<<< + CategoryInfo : NotSpecified: (0:Int32) [Remove-PublicFolderClientPermission], MapiAccessDeniedException + FullyQualifiedErrorId : 2D66E147,Microsoft.Exchange.Management.MapiTasks.RemovePublicFolderClientPermissionDavid Jenkins

Check adsiedit. 1.Start the ADSI Edit utility 2.Double-click Configuration Container. 3.Expand CN=Configuration, CN=Services, CN=Microsoft Exchange. Right-click your organizational name's container, and select Properties. 4..Select the Security tab. 5.Click Advanced. 6.On the Permissions tab, find the entry with a name of Everyone and a permission of "Create top level public folder." You shouldn't need to click deny just make sure allow is unchecked. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Thanks. I had just found it when you posted. http://www.petri.co.il/limit_creation_of_top-level_exchange_public_folders.htm David Jenkins

I don't have a server available to test this right now, but I think you may have more luck with Remove-PublicFolderClientPermission I'm not sure what happens when existing permissions are overwritten - do they get added to (in which case adding "None" will have no effect), or are they replaced? I honestly don't know.Outlook Web Access For PDA , OWA For WAP www.owa-pda.com email a@t leederbyshire d.0.t c.0.m

Already ran through that. See entry above. ADSI is the way to go. Stay away from PFDaveAdmin it will wipe your settings. David Jenkins

Hi James I am also facing the same problem, I want to block all users adding any content (Folder/files/post) in public folder without Exchange Administrator permits them.. I tried your above steps and unable to find the entry "Everyone with a permission of Create top level public folder", then I created the value manually and set allow but still same problem. Thanks..George-Canar

The fix above is only for the top level folder right. You have to use regular public folder security for subfolders. Use the PowerShell command 'Get-PublicFolderClientPermission'" and of course it's brother Set-....David Jenkins

Hi David / James I am talking about top level folder / Root folder permission only. I tried do the following... but didn't find the value "Create top level public folder" with Everyone. http://www.petri.co.il/limit_creation_of_top-level_exchange_public_folders.htm George-Canar