I have set up a custom Role Group called Help Desk Test. The access required for it includes the Assigned Role of "Mail Recipients" however with this Role, it includes the ability to allow Full Mailbox access & Send as permissions. What we require is all the permissions associated with the "Mail Recipients" role but not allow the Help Desk to be able to set Full Mailbox or Send As permissions. Just wondering what the cmdlet to remove these would be. I think they may be in the extended rights or AD permissions however I am not sure of the exact cmdlets are for them. I have been trying to figure this our for ages now so any help would be greatly appreciated. Thankyou

Hi DLIAG, The ManagementRole "Mail recipients" does not give user permission to set "Send As". But it gives permission to manage "Full Mailbox Permission. To remove that do the following: "Active Directory Permissions" ManagementRole gives "Send As" permission. New-ManagementRole -Parent "Mail Recipients" -Name "Custom Mail Recipients" Remove-ManagementRoleEntry "Custom Mail Recipients\Add-MailboxPermission" Remove-ManagementRoleEntry "Custom Mail Recipients\Add-MailboxFolderPermission" Remove-ManagementRoleEntry "Custom Mail Recipients\Remove-MailboxPermission" Remove-ManagementRoleEntry "Custom Mail Recipients\Remove-MailboxFolderPermission" Adam Bokiniec

Thankyou Adam, tried this out & it worked beautifully. So which ManagementRole gives the set "Send As" permission. I guess once I find that out I could do the same as above to remove it also? Just one more question, do you know how these permissions could be removed in Exchange 2007? Donna

So which ManagementRole gives the set "Send As" permission. As I known there is no role group only have “Send AS” permission. If you want to grant or remove "Send As" permission, You could do it via this article. http://technet.microsoft.com/en-us/library/bb676368.aspx Understanding Management Roles RBAC is the new permissions model in Microsoft Exchange Server 2010. With RBAC, you don't need to modify and manage access control lists (ACLs), which was done in Exchange Server 2007. Understanding Exchange Access Control and Administrative Delegation Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi DLIAG, "Active Directory Permissions" ManagementRole give permission to "Add-ADPermission" and ""Remove-ADPermission" which is permissions to give users "Send-As" As previously to get rid of a singel "ManagementRoleEntry" do the following: New-ManagementRole -Parent "Active Directory Permissions" -Name "Custom Active Directory Permissions" Remove-ManagementRoleEntry "Custom Active Directory Permissions\Add-ADPermission" Remove-ManagementRoleEntry "Custom Active Directory Permissions\Remove-ADPermission" Adam Bokiniec