I need to use vbscript or anyother method to change the anonymous and default permissions on a group of mailboxes... this code represents what i am doing in short, but it fails whenever i specify the anonymous object, or an object that already has permissions. I am running exchange 2007. Works great if you are not changing existing permissions, or changing anonymous or default. Thats where i need help. Why does it bomb on anonymous and default? Const CdoDefaultFolderCalendar = 0   Const CdoDefaultFolderInbox = 1   Const CdoDefaultFolderOutbox = 2   Const CdoDefaultFolderSentItems = 3   Const CdoDefaultFolderDeletedItems = 4   Const CdoDefaultFolderContacts = 5   Const CdoDefaultFolderJournal = 6   Const CdoDefaultFolderNotes = 7   Const CdoDefaultFolderTasks = 8   Const CdoDefaultFolderTotal = 9   Const ROLE_OWNER = &h5e3   Const ROLE_PUBLISH_EDITOR = &h4e3   Const ROLE_EDITOR = &h463   Const ROLE_PUBLISH_AUTHOR = &h49b   Const ROLE_AUTHOR = &h41b   Const ROLE_NONEDITING_AUTHOR = &h413   Const ROLE_REVIEWER = &h401   Const ROLE_CONTRIBUTOR = &h402   Const ROLE_NONE = &h400   Const SERVER_EXCHANGE = "SERVER NAME" Const UDefault = "ID_ACL_DEFAULT" Const UAnonymous = "ID_ACL_ANONYMOUS"           If WScript.Arguments.Count = 2 Then                         '   Change this to the display name of the user you want                           '   to give access.                            User_Reviewer = WScript.Arguments(1)                         '  Change this to the display name of the user whose                           '   calendar you want to give User_Reviewer delegate access to.   User_CalendarOwner = WScript.Arguments(0)                          '  Change server_name to the name of your Exchange server.                            strProfile = SERVER_EXCHANGE & vbLf & User_CalendarOwner                              '   Create a new MAPI session and log on.      Set oSession = CreateObject("MAPI.Session")   oSession.Logon , , False, True, , True, strProfile                                '   Create a MAPI object for User_Reviewer      Set oAddrBook = oSession.AddressLists("Global Address List")   Set oDelegate = oAddrBook.AddressEntries.Item(UAnonymous)                            '   Get the permission list on User_CalendarOwner's Calendar      WScript.Echo "Adding " & User_Reviewer & " to the Calendar permissions for " & User_CalendarOwner & " with Reviewer settings."   Set oCalendar = oSession.GetDefaultFolder(CdoDefaultFolderCalendar)   Set oACLObject = CreateObject("MSExchange.ACLObject")   oACLObject.CDOItem = oCalendar   Set oACEs = oACLObject.ACEs                              '   Add User_Reviewer to the permission list and save the result          Set oNewACE = CreateObject("MSExchange.ACE")       oNewACE.ID = odelegate.id oNewACE.Rights = ROLE_REVIEWER oACEs.Add oNewACE   oACLObject.Update   MsgBox oACEs.Count  'If NOT Err = 0 Then MsgBox Err oSession.Logoff                         '   Indicate the process is finished.      WScript.Echo "Completed adding " & User_Reviewer & " to Calendar permissions for " & User_CalendarOwner & "."   Else WScript.Echo "Incorrect arguments." & vbCrLf & "Usage:  scr_setCalReviewer <displayname_calowner> <displayname_reviewer>" End If I am going to have to do this by hand for 600 mailboxes if i cant figure it out. Not even sure why it is the way it is.Mac MacAnanny 12 Year AD and Exchange Design Engineer OSD Department of Defense Federal Contractor Microsoft Infrastructure Engineer.

I don't see where in your script that you update existing rights. I don't believe you can add an ACE for Anonymous or Default, or any existing account for that matter, if there's already one present. You must search through the ACEs and update the ones you want changed, not add new ones. That's the way I've successfully scripted permissions changes. In the future, when you say that it "bombs", you should post the error message you receive. Also, for future reference, you might get a better response to this category of question in the Exchange Development forum.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Sorry, about that. As in bombs, it just quits at the line of code where oACLObject.Update is. Ok, so what you are saying is instead of assigning a new ace, i should enumerate the ACEs and when the anonymous ACE is located, updated from there? Otherwise, this script is great.Mac MacAnanny 12 Year AD and Exchange Design Engineer OSD Department of Defense Federal Contractor Microsoft Infrastructure Engineer.

With what i have below, i was able cycle through Calendar Permissions, when the .ID matched Default or Anonymous, i set the .RIGHTS to reviewer. After the ACEs were enumerated, the .UPDATE set the permissions. '######## START SCRIPT ########### Const CdoDefaultFolderCalendar = 0   Const CdoDefaultFolderInbox = 1   Const CdoDefaultFolderOutbox = 2   Const CdoDefaultFolderSentItems = 3   Const CdoDefaultFolderDeletedItems = 4   Const CdoDefaultFolderContacts = 5   Const CdoDefaultFolderJournal = 6   Const CdoDefaultFolderNotes = 7   Const CdoDefaultFolderTasks = 8   Const CdoDefaultFolderTotal = 9   Const ROLE_OWNER = &h5e3   Const ROLE_PUBLISH_EDITOR = &h4e3   Const ROLE_EDITOR = &h463   Const ROLE_PUBLISH_AUTHOR = &h49b   Const ROLE_AUTHOR = &h41b   Const ROLE_NONEDITING_AUTHOR = &h413   Const ROLE_REVIEWER = &h401   Const ROLE_CONTRIBUTOR = &h402   Const ROLE_NONE = &h400   Const SERVER_EXCHANGE = "rsrcnex2" Const UDefault = "ID_ACL_DEFAULT" Const UAnonymous = "ID_ACL_ANONYMOUS" User = WScript.Arguments(0) Set oSession = CreateObject("MAPI.Session") strProfile = "rsrcnex2" & vbLf & User oSession.Logon , , False, True, , True, strProfile Set oCalendar = oSession.GetDefaultFolder(CdoDefaultFolderCalendar  ) Set oACLObject = CreateObject("MSExchange.ACLObject") oACLObject.CDOItem = oCalendar Set oACEs = oACLObject.ACEs For Each oACE in oACES WScript.Echo oACE.ID     If (oACE.ID = "ID_ACL_DEFAULT") OR (oACE.ID = "ID_ACL_ANONYMOUS") Then         If Not oACE.Rights = ROLE_REVIEWER then         WScript.Echo "Updating:  " & oACE.ID         oACE.Rights = ROLE_REVIEWER     End IF Else 'WScript.Echo "Listing:  " & oACE.ID & vbCr & oACE.Rights 'oACES.Delete oACE.ID End If Next Set oNewACE = CreateObject("MSExchange.ACE")   oNewACE.ID = "ID_ACL_DEFAULT" oNewACE.Rights = ROLE_AUTHOR oACLObject.Update '######## END SCRIPT ########### Mac MacAnanny 12 Year AD and Exchange Design Engineer OSD Department of Defense Federal Contractor Microsoft Infrastructure Engineer.

If I helped you, you're welcome to mark my post as helpful or answered.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

With what i have below, i was able cycle through Calendar Permissions, when the .ID matched Default or Anonymous, i set the .RIGHTS to reviewer. After the ACEs were enumerated, the .UPDATE set the permissions. '######## START SCRIPT ########### Const CdoDefaultFolderCalendar = 0   Const CdoDefaultFolderInbox = 1   Const CdoDefaultFolderOutbox = 2   Const CdoDefaultFolderSentItems = 3   Const CdoDefaultFolderDeletedItems = 4   Const CdoDefaultFolderContacts = 5   Const CdoDefaultFolderJournal = 6   Const CdoDefaultFolderNotes = 7   Const CdoDefaultFolderTasks = 8   Const CdoDefaultFolderTotal = 9   Const ROLE_OWNER = &h5e3   Const ROLE_PUBLISH_EDITOR = &h4e3   Const ROLE_EDITOR = &h463   Const ROLE_PUBLISH_AUTHOR = &h49b   Const ROLE_AUTHOR = &h41b   Const ROLE_NONEDITING_AUTHOR = &h413   Const ROLE_REVIEWER = &h401   Const ROLE_CONTRIBUTOR = &h402   Const ROLE_NONE = &h400   Const SERVER_EXCHANGE = "yourExchangeServer" Const UDefault = "ID_ACL_DEFAULT" Const UAnonymous = "ID_ACL_ANONYMOUS" User = WScript.Arguments(0) Set oSession = CreateObject("MAPI.Session") strProfile = SERVER_EXCHANGE & vbLf & User oSession.Logon , , False, True, , True, strProfile Set oCalendar = oSession.GetDefaultFolder(CdoDefaultFolderCalendar  ) Set oACLObject = CreateObject("MSExchange.ACLObject") oACLObject.CDOItem = oCalendar Set oACEs = oACLObject.ACEs For Each oACE in oACES WScript.Echo oACE.ID     If (oACE.ID = "ID_ACL_DEFAULT") OR (oACE.ID = "ID_ACL_ANONYMOUS") Then         If Not oACE.Rights = ROLE_REVIEWER then         WScript.Echo "Updating:  " & oACE.ID         oACE.Rights = ROLE_REVIEWER     End IF Else 'WScript.Echo "Listing:  " & oACE.ID & vbCr & oACE.Rights 'oACES.Delete oACE.ID End If Next Set oNewACE = CreateObject("MSExchange.ACE")   oNewACE.ID = "ID_ACL_DEFAULT" oNewACE.Rights = ROLE_AUTHOR oACLObject.Update '######## END SCRIPT ########### Mac MacAnanny 12 Year AD and Exchange Design Engineer OSD Department of Defense Federal Contractor Microsoft Infrastructure Engineer.

For anyone wanting to use this, a quick note, the ACE's have to first exist to be updated. I have yet to find a way to add Anonymous and Default back to the ACE list.Mac MacAnanny 12 Year AD and Exchange Design Engineer OSD Department of Defense Federal Contractor Microsoft Infrastructure Engineer.

You should be able to add an ACE if one does not already exist for the account in the way you originally posted. If an ACE exists for the account, you should modify it instead of adding a second one for the same account.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Ed that works. Thanks. I Figured it out, have to loop through existing ACEs and when the criteria matches, insert new values, then update the ACE. Mac MacAnanny 12 Year AD and Exchange Design Engineer OSD Department of Defense Federal Contractor Microsoft Infrastructure Engineer.