Hi Lynn,

Thanks for your reply. AccessRights for Test user below:

PS C:\Users\Administrator> Get-MailboxPermission support@domain.com | fl TEST,AccessRights

AccessRights : {FullAccess, ReadPermission}
AccessRights : {FullAccess, ExternalAccount, ReadPermission}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {ReadPermission}
AccessRights : {ReadPermission}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {ReadPermission}
AccessRights : {FullAccess, ReadPermission}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {ReadPermission}

In the same time: PS C:\Users\Administrator> Get-MailboxFolderPermission -Identity "support@domain.com:\Unsorted recovered" -user TEST

FolderName           User                 AccessRights
----------           ----                 ------------
Unsorted recovered   TEST           {Reviewer}

What should I do to disable deletion?

• Edited by IT Jericho Monday, June 15, 2015 9:43 PM

Hi,

Please check the permission on this shared mailbox for the test user.

Get-MailboxPermission support@domain.com | fl User,AccessRights

Best Regards.

HI,

No need to replace the user parameter with TEST in my command. Anyway, try this command (Just copy and paste)

Get-MailboxPermission support@domain.com User TEST | FL User, AccessRights

The reason of running this command to check is if the TEST user has full access permission on the support mailbox, TEST user can do any actions on this shared mailbox even the TEST user has no needed permission under Get-MailboxFolderPermission cmdlet.

Best Regards.

Hi Lynn. Thanks for clarification. The result of command below:

>Get-MailboxPermission support@domain.com -User TEST | FL User, AccessRights

User         : TEST@domain.com
AccessRights : {FullAccess}

Kind Regards,

Nick

Hi Lynn,

Thanks for your reply. AccessRights for Test user below:

PS C:\Users\Administrator> Get-MailboxPermission support@domain.com | fl TEST,AccessRights

AccessRights : {FullAccess, ReadPermission}
AccessRights : {FullAccess, ExternalAccount, ReadPermission}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {FullAccess}
AccessRights : {ReadPermission}
AccessRights : {ReadPermission}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {ReadPermission}
AccessRights : {FullAccess, ReadPermission}
AccessRights : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner}
AccessRights : {ReadPermission}

In the same time: PS C:\Users\Administrator> Get-MailboxFolderPermission -Identity "support@domain.com:\Unsorted recovered" -user TEST

FolderName           User                 AccessRights
----------           ----                 ------------
Unsorted recovered   TEST           {Reviewer}

What should I do to disable deletion?

• Edited by IT Jericho 9 hours 35 minutes ago

Hi guys,

I'm trying to apply granular permissions to one of our shared mailbox, but my setup not working. The purpose is to disable email deletion for specific user, however TEST user still able to delete any email from shared mailbox (tested on OWA)

I've used that article: http://msftexchange.org/granular-outlook-permissions/

So, what has been done:

PS C:\Users\Administrator> Add-MailboxFolderPermission "support@domain.com:\" -User TEST -AccessRights FolderVisible

FolderName           User                 AccessRights
----------           ----                 ------------
Top of Informatio... TEST           {FolderVisible}


PS C:\Users\Administrator> Get-MailboxFolderPermission -Identity "support@domain.com:\Unsorted recovered"

FolderName           User                 AccessRights
----------           ----                 ------------
Unsorted recovered   Default              {Reviewer}
Unsorted recovered   Anonymous            {None}
Unsorted recovered   Me        {Owner}
Unsorted recovered   TEST           {Reviewer}


PS C:\Users\Administrator> Get-MailboxFolderPermission -Identity "support@domain.com:\"

FolderName           User                 AccessRights
----------           ----                 ------------
Top of Informatio... Default              {None}
Top of Informatio... Anonymous            {None}
Top of Informatio... TEST           {FolderVisible}

Hope you can advise me the solution.

Hi,

According to the result, the TEST user has full access permission on the support mailbox.

Please use the following command to remove this permission then check if user 'TEST' can delete messages from shared mailbox.

Remove-MailboxPermission -Identity support@domain.com -User Test -AccessRights FullAccess -InheritanceType All

Best Regards.