Modify Public Folder permissions for Default user.
Users can create public folders willy nilly and I need to put a stop to it.
When I look at the permissions for the root folder:
[PS] C:\Windows\system32>Get-PublicFolder | Get-PublicFolderClientPermission
Identity
User
AccessRights
--------
----
------------
\
Default
{PublishingAuthor}
\
Anonymous
{Reviewer}
I'd like to modify the Default user to "None". I've tried modifying the permissions and they won't stick.
Get-PublicFolder | Add-PublicFolderClientPermission -User "Default" -AccessRights "None"
I was going to try using PFDaveAdmin but that tries to propogate all the way down the tree and I don't want to screw up current permissions.
Anyone know how to midify the default user? Can I add a specific group to the root folder to deny access?David Jenkins
October 6th, 2011 11:15am
I've also tried removing.
Get-PublicFolder | Get-PublicFolderClientPermission -User "Default" | Remove-PublicFolderClientPermission
Remove-PublicFolderClientPermission : Failed to commit the change on object "000000001A447390AA6611CD9BC800AA002FC45A0300B8EFF359CDC69641BCD71F34D1A12DA30000
At line:1 char:106
+ Get-PublicFolder | Get-PublicFolderClientPermission -User "Default" | Remove-PublicFolderClientPermission <<<<
+ CategoryInfo : NotSpecified: (0:Int32) [Remove-PublicFolderClientPermission], MapiAccessDeniedException
+ FullyQualifiedErrorId : 2D66E147,Microsoft.Exchange.Management.MapiTasks.RemovePublicFolderClientPermissionDavid Jenkins
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2011 11:24am
Check adsiedit.
1.Start the ADSI Edit utility
2.Double-click Configuration Container.
3.Expand CN=Configuration, CN=Services, CN=Microsoft Exchange. Right-click your organizational name's container, and select Properties.
4..Select the Security tab.
5.Click Advanced.
6.On the Permissions tab, find the entry with a name of Everyone and a permission of "Create top level public folder." You shouldn't need to click deny just make sure allow is unchecked.
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
October 6th, 2011 11:29am
Thanks. I had just found it when you posted.
http://www.petri.co.il/limit_creation_of_top-level_exchange_public_folders.htm
David Jenkins
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2011 11:29am
I don't have a server available to test this right now, but I think you may have more luck with
Remove-PublicFolderClientPermission
I'm not sure what happens when existing permissions are overwritten - do they get added to (in which case adding "None" will have no effect), or are they replaced? I honestly don't know.Outlook Web Access For PDA , OWA For WAP
www.owa-pda.com
email a@t leederbyshire d.0.t c.0.m
October 6th, 2011 11:31am
Already ran through that. See entry above. ADSI is the way to go. Stay away from PFDaveAdmin it will wipe your settings.
David Jenkins
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2011 11:32am
Hi James
I am also facing the same problem, I want to block all users adding any content (Folder/files/post) in public folder without Exchange Administrator permits them..
I tried your above steps and unable to find the entry "Everyone with a permission of Create top level public folder", then I created the value manually and set allow
but still same problem.
Thanks..George-Canar
December 7th, 2011 9:27am
The fix above is only for the top level folder right.
You have to use regular public folder security for subfolders.
Use the PowerShell command 'Get-PublicFolderClientPermission'" and of course it's brother Set-....David Jenkins
Free Windows Admin Tool Kit Click here and download it now
December 7th, 2011 9:30am
Hi David / James
I am talking about top level folder / Root folder permission only.
I tried do the following... but didn't find the value "Create top level public folder" with Everyone.
http://www.petri.co.il/limit_creation_of_top-level_exchange_public_folders.htm
George-Canar
December 8th, 2011 1:47am