Lock down Public Folders
I'm trying to find the best way to lock down Public Folders.
I am working on segragating Exchange from a single company to multiple companies. The existing company uses Public Folders and is not willing to migrate to Sharepoint.
The new company must not be able to see or even open public folders if I can prevent it.David Jenkins
August 30th, 2011 3:28pm
What version of Exchange?Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2011 3:54pm
Sorry Exchange 2007.David Jenkins
August 30th, 2011 3:55pm
What you can do is divide the folders into separate root folders, and then you can configure properties on each of the root folders, particularly the "Folder Visible" right is one you are probably most interested. You'll probably want to group
users into two, one for each company, and maybe a couple more if you want "both" or "none" groups (the latter isn't strictly necessary). That setting probably is enough to achieve what you want, but if you want it to be really secure,
you'll need to propagate the permissions settings down the tree, and there isn't a great way to do that in Exchange 2007 that I'm aware of.
If you Google "Exchange 2007 propagate public folder" the first hit is this:
http://it-experts.dk/blogs/jjonsson/archive/2008/11/25/how-to-propagate-permissions-to-several-subfolders-of-a-exchange-2007-public-folder.aspx
There may be other solutions as well.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2011 4:03pm
PFDavAdmin might do the trick for recursive permissions.
I was hoping I could use ADSI and modify the permissions to the public folder. I'll give that a try first. Then I'll start the permissions route.
Thanks for the response.David Jenkins
August 30th, 2011 4:05pm
Permissions settings are certainly scriptable but it isn't for the faint of heart. ADSI is not the appropriate method, however, because the AD objects for the folders contain only minimal information mainly to support e-mail addressing.
When I last scripted public folder permisisons, I used Outlook VBA and CDO.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2011 4:13pm
I'm soooo close to getting my solution down.
I created a group and set it to "None" and applied to all folders with PFDAVADMIN.
I'm down to one last issue. Outlook is working as expected. OWA still shows the Public Folder.David Jenkins
August 30th, 2011 5:54pm
Never mind. It just took a second for OWA to see my changes.
David Jenkins
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2011 5:59pm