Hi, Bit of a confusing situation here... We had public folders that, when they were created by user X users Y couldn't move then (which is a copy and then delete... the copy worked, but not delete). The previous administrators had been giving individual users individual rights to folders when asked by the client, basically when there was a permission problem they would fix it by changing the permissions to that folder... Anyway, to make it simpler I created a group "Public Folder Group", mail enabled it, added all the appropriate user members and then used get-publicfolder - recursive and piped it through add-publicfolderclientpermissions to give that group 'owner' rights to all the folders... THEN users that couldn't move folders could now move folders made by other people... Not quite finished though, today I find out that users who have the specific 'publishing editor' access on a folder cannot move it, even though they are also a member of the group that is the owner.... funny thing is, if I remove their 'publishing editor' access, then they can move the folder. If I add it back they can't move it... I am sounding a bit naive I know... with NTFS permissions, things are cumulative, so i have assumed the same here... denies overrule everything... Is there a deny in the 'publishing editor' role that is overriding the group membership that is granting "owner" status? Does that sound right? I couldn't see one when I reviewed the permission sets in Outlook when one chooses 'publishing editor'... but maybe it's a deny on folder operations, to the folder itself, not the items the folder contains, if that makes sense? Thanks! BTW I know this isn't really a question, it's more of an 'ask for clarification'. I struggled to find much on this topic in the resources so I just wanted to clarify with someone who knew, and make sure I'm on the right track!

It should be the opposite of NTFS permissions - highest permission wins. If you set "Default" to owner, then everyone is owner. Doesn't matter what else you set. For example, you could have a group that has Reviewer permissions which everyone is a member of. Then you have an individual who is an owner. The owner rights win for that individual. It could be though that permissions have been changed elsewhere. I have seen people attempt to change the permissions on the Security tab, rather than the Client Permissions, which completely screw things up. It looks like something isn't right with the permissions on your public folders, and it may well be that you need to recreate them, moving the content between the folders. Messy, but if someone who didn't understand how the permissions worked has screwed things up, it may well be the only option. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources

On Thu, 16 Dec 2010 21:27:09 +0000, Sembee wrote: > > >It should be the opposite of NTFS permissions - highest permission wins. > >If you set "Default" to owner, then everyone is owner. Doesn't matter what else you set. > >For example, you could have a group that has Reviewer permissions which everyone is a member of. Then you have an individual who is an owner. The owner rights win for that individual. > >It could be though that permissions have been changed elsewhere. I have seen people attempt to change the permissions on the Security tab, rather than the Client Permissions, which completely screw things up. It looks like something isn't right with the permissions on your public folders, and it may well be that you need to recreate them, moving the content between the folders. Messy, but if someone who didn't understand how the permissions worked has screwed things up, it may well be the only option. Depending on the release of Exchange, PFDAVAdmin could reorder the ACL to use the MAPI order (allow,deny, allow,deny, allow,deny) instead of the NTFS order (deny, deny, deny, allow, allow, allow). --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

I ended up using the remove use from public folder recursive script to remove keys users from the ACL's of all the public folders... it was time consuming pressing "Y" to accept every removal but it had the desired result as now those users are able to do all things related to the Public Folder groups permissions... Thank you very much for replying!