Exchange 2007 public folders
Hey all -
I have an Exchange 2007 SP1 new installation. I installed a mailbox role with a public folder store. This is needed to support the BES and MAC clients.
The default permissions for the public store are set so that any user has "publishing Author" access. I want to change it so that the default user has only "reviewer" permissions and cannot create folders.
PFDAVadmin won't allow you to make this change on the top folder. Is the only way to do this via ADSI Edit? Or is there a powershell command that can be used to do this?
Any ideas? thanks
August 19th, 2008 6:11pm
Hi,
Exchange 2007 has nice set of scripts to manage public folder, you can use ReplaceUserPermissionOnPFRecursive.ps1 to replace permission of everyone
Scripts for Managing Public Folders in the Exchange Management Shell
Free Windows Admin Tool Kit Click here and download it now
August 19th, 2008 6:46pm
Maybe I'm using the script incorrectly ... but you get an error when you reference the top level folder.
August 19th, 2008 6:58pm
Ok, I just teste PFDavAdmin and here is the way...
Right click on Root Public Folder & click on Propagate Folder AECs which will prompt you with below warning and click on in it.
Since there is no actual root folder to propagate permissions from, you must first create a DACL from which you can propagate ACEs. You will now be presented with a folder permissions dialog for that purpose
Set \Everyone permission to Reviewer & Click OK.
Select \Everyone square box and click OK which will add/replace all subfolders Default permission to Reviewer.
Hope this helps...
Free Windows Admin Tool Kit Click here and download it now
August 19th, 2008 7:59pm
that worked....thank you
August 19th, 2008 11:37pm
Dear customer:
I am very glad to see your issue has been resolved. Thanks for Amit Tanks great sharing.
You can configure public folder permissions for both administrators of Microsoft Exchange Server 2007 or for users of client programs such as Microsoft Office Outlook 2007. Public folder permissions consist of various access rights that specify the level of control a client user or administrator has over a public folder or public folder hierarchy.
For more information about public folder permission, you can refer to the following article:
Configuring Public Folder Permissions
http://technet.microsoft.com/en-us/library/bb310789(EXCHG.80).aspx
Hope you can benifit from it. If anything is unclear, please feel free to let me know.
Rock Wang - MSFT
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2008 5:54am
Its my pleasure to giving some contribution to Exchange community
Actually I tried yesterday to give permission with Add-PublicFolderClientPermission but it ended up with error and it seems that we can not grant permissions to Anonymous or Default users with this cmdlet, not sure if this erroris my environment specific.
Get-Publicfolder "\" -recurse -resultsize:unlimited | Add-PublicFolderClientPermission -AccessRights owner -User default
Error:
Add-PublicFolderClientPermission : You cannot grant 'FolderContact' access right to Anonymous or Default user.
Parameter name: AccessRights
August 20th, 2008 11:50am
Dear customer:
The user, Default, already has some of the permissions (ReadItems, CreateItems, EditOwnedItems, DeleteOwnedItems, FolderViible) specified to be added on the public folder \test. You cannot add a righ that the user already has. The current permission for Default is "ReadItems,CreateItems, EditOwnedItems, DeleteOwnedItems, FolderVisible".
Since access right owner also includes CreateItems, ReadItems and other rights. You cannot add a righ that the user already has.
You can try to add createsubfolders permission to user default, and check the effect.
Add-PublicFolderClientPermission -Identity "\test" -AccessRights createsubfolders -User default
Additionally, you can run the following command to verify the result:
Get-PublicFolderClientPermission -Identity "\Marketing\EastCoast" -User David
Hope it helps. If anything is unclear, please feel free to let me know.
Rock Wang - MSFT
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2008 3:29pm
There is two mistakes in ReplaceUserPermissionOnPFRecursive.ps1:1. Can not handles the PF names, where space is on the name, for example: "\Public Folder". Correction: replace the $TopPublicFolder to `"$TopPublicFolder`" in line 121 and line 125.2. If a user has no permission on a subfolder, the script do not add it, only existing permission change - missing 'else' clause on the 'if' statement in line 131. Correction: 135 else { 136 add-PublicFolderClientPermission -identity $_.identity -user $User -AccessRights $Permissions -server $_.OriginatingServer 137 }LajosBarf
August 4th, 2009 3:04pm