Permissions on Mailboxes
Hi all,
I would like to control the permissions users have on their mailboxes, so that users won't be able to give other users permissions on their mailbox folders or set delegates. on the other hand i would like that our security staff will be able to do it for all mailboxes. this way we will have control over which user can access which mailbox.
Is it possible to implement it? how?
Thanks in advance.
December 16th, 2007 10:28am
How many users are there ? By default users have full control to their mailboxes and they generally give access to others.
Why do you want to do this ?
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2007 6:15pm
Let's say there are about 200 users. our organization policy is that sharing isn't allowed and we would like to enforce it. exceptions will get aspecial authorization and will be implemented by the administrators.
thanks.
December 17th, 2007 9:30pm
Try using ADMODIFY to make changes to the exchange attributes for your 200 users. Amend the right to modify mailboxes permissions. From an admin point of view, depending on how your env is set-up, you may not need to do anything if your admin account isa member of the rights groups such as domain admin etc....which will have rights to grant others to mailboxes. So users will request via helpdesl or something.
You may want to test this first on 3/4 accounts before hand.
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2007 11:25pm
You can use the following from the command shell: Add-mailboxpermission -identity "person's_mailbox_you_want_to_give_access" -userwhogetstheaccess -Accessright Fullaccess -InheritanceType all
you need "person's_mailbox" in "" the user you are giving the access to will not need the "" around their name
the specific rights you give will change the -Accessright "portion"
December 18th, 2007 12:23am
Let's look at the following scenario:
1. create a mailbox for user1
2. deny user1 from changing permissions on his own mailbox using shell:
add-mailboxpermission -identity user1 -user user1 -accessright changepermission -deny
3. user1 logs on to his mailbox using outlook.
4. user1 can STILL change the permissions on the mailbox folders.
How can i prevent user1from changing the permissions on folders in his mailbox?
Thank you for you answers.
Free Windows Admin Tool Kit Click here and download it now
December 18th, 2007 11:39pm