Alternate title: Is there any way to make exceptions to “Full Mailbox Access” or otherwise keep a hand-selected set of folders private from Delegates in Outlook 2010 / Exchange 2007? Situation: CEO has a new Admin coming onboard. Both are using Outlook 2010 on the same Exchange 2007 Server. He has an extensive existing filing system, (mostly for emails and contacts) in Outlook that he is not going to change, and he wants the Admin to be able to use it the same way as he does, so that she can find and file things the same way he does. However (and this is the tricky part)… The CEO would like to keep a small handful of hand-picked folders private / invisible from the Admin. The rule he is trying to enforce is simple: “unless I explicitly say a folder is private, my Admin can see and use it.” He is not adverse to moving those folders to a different place in his mailbox, if that helps, but he would really like to keep it in the same Outlook account, for convenience’s sake. I’ve done some pretty extensive testing and research on this, and as far as I can tell, the options appear to be as follows for delegation – here’s what I tried and why neither works: 1. Using Outlook Delegation, without any changes on the Exchange side, I can set up the Admin as the CEO’s delegate, but I then the CEO needs to explicitly allow the Admin access to each individual folder that he wants her to be able to see/manage (basically the inverse of the desired rule). This isn’t practical, because: o The CEO has well over a hundred folders, and any time he takes on a new client or partner, there will be a new one, and he’ll never remember to set the permissions. This will likely lead to duplicate folders. o I did not see any way to: 1. Create a default policy to ensure that any new folders created in the CEO’s account contain the Admin with the right privileges, or; 2. Make folders inherit permissions from a parent folder (and then allow exceptions one by one); 3. Mass apply permissions to every folder in the Outlook as a potential starting point. o Any of these three would probably be a major step in the right direction. 2. Provide the Admin with “Full Access Permission” in Exchange. This worked like a charm, except for the privacy part. “Full Access Permission” appears to be just that, and with no exceptions. o I have been unable to locate any information that leads me to believe this can be selectively overridden at the Exchange folder level as described above. o Testing showed that any permissions set in Outlook are overridden by the FAP permission in Exchange, even if the Admin is explicitly added to a folder with “none” privileges in Outlook. If anyone has any suggestions I would very greatly appreciate it. Thanks!

I believe you can use pfdavadmin to set permissions in bulk. From there the executive could go in and set permissions to none on folders they aren't to access.

Hi miller, Per your description, your needs seems could be achieved by custom scripts. Per my known, we could easily mange the mailbox folders permission through the tool pfdavadmin, it is a good method to do it. But, maybe we need manually configure the permission for the mailbox. If we use the exchange 2010, we could use the add-mailboxfolderpermission to achieve the target through soem scripts; for exchange 2007 maybe it seems more complex to achieve the target through the scripts. I would sugest that you could post it on the development to get some more help. Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.