Briefly: "Configuring MS Exchange 2013 with" common "mailbox and clients without personal accounts."
Details:
1.1. MS Active Directory 2008 R2 + MS Exchange 2013 SP1 Ru Standart + Outlook 2013
1.2. Shop, three employees: administrator, cashier, director. Each has its own mailbox, resp .: MailAdmin, MailCash, MailDir.
1.3. It is necessary to have a common box MailShop and give access to it:
- Read - cashier
- Read / create / send - administrator
- Read / send / delete - Director.
1.4. User boxes (MailAdmin, MailCash, MailDir) should not be, or deny access to them - to remove duplicate emails.
1.5. When you send out of the box MailShop - address of the sender should be: "MailShop on behalf MailAdmin."
The Question:
2.1 Is it possible to implement such a scheme on the MS Exchange 2013?
2.2. Completely or only partially?
2.3. What you need to do?
2.4. How it all configured in Outlook?
That tried to do:
3.1. Started a public box MailShop (tried both shared mailbox and as a regular box)
3.2. Gave him full access through Exchange ECP: admin, cashier, director.
What to do next? :
3.2.1. As in this case the right to issue a granulated (1.3)?
3.2.1. How do I prevent access to personal mailboxes (1.4)?
Thanks
Hi,
I don't know if I clearly understand you question. But I will try my best to help you.
1.1. MS Active Directory 2008 R2 + MS Exchange 2013 SP1 Ru Standart + Outlook 2013
Exchange 2013 prerequisites
https://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx
1.2. Shop, three employees: administrator, cashier, director. Each has its own mailbox, resp .: MailAdmin, MailCash, MailDir.
Not a big problem.
1.3: It is necessary to have a common box MailShop and give access to it.
We can use Add-MailboxPermission cmdlet to add permissions to a mailbox.
Valid permissions include:
- FullAccess
- ExternalAccount
- DeleteItem
- ReadPermission
- ChangePermission
- ChangeOwner
1.4. User boxes (MailAdmin, MailCash, MailDir) should not be, or deny access to them - to remove duplicate emails.
I cannot understand this clearly. What do you mean by preventing access to personal mailboxes?
When we use Add-MailboxPermission to add permissions to a mailbox, the Deny switch specifies whether to deny permissions to the user on the mailbox.
1.5. When you send out of the box MailShop - address of the sender should be: "MailShop on behalf MailAdmin."
Send as permission: This permission allows delegates to use the mailbox to send messages. After this permission is assigned to a delegate, any message that the delegate sends from the mailbox will appear to have been sent by the mailbox owner.
More information about Manage Permissions for Recipients
https://technet.microsoft.com/en-us/library/jj919240(v=exchg.150).aspx
Best Regards.
1.4. User boxes (MailAdmin, MailCash, MailDir) should not be, or deny access to them - to remove duplicate emails.
I cannot understand this clearly. What do you mean by preventing access to personal mailboxes?
When we use Add-MailboxPermission to add permissions to a mailbox, the Deny switch specifies whether to deny permissions to the user on the mailbox.
Thank you for the response.
Maybe I'm wrong to formulate questions in English, please excuse me.
According to section 1.4. "User boxes .."
Really want to prevent the users access to their own mailboxes, or at least hide folders in the mailbox and make use of only the shared mailbox.
It is necessary to ensure that employees who work in shifts kept the letter box in shared mailbox, because personal box will not be available the next person on the shift.
lready
done:
1.4.1. Limited access to the common box "MailShop" an account MailAdmin@domain without providing FullAccess or SendAs
Add-MailboxFolderPermission -Identity MailShop -User MailAdmin@domain -AccessRights ("ReadItems", "CreateItems", "EditOwnedItems", "FolderVisible")
1.4.2. Question. How to make sure that all messages sent under an account MailAdmin@domain sent on behalf of "MailStore"?
So far, every time it is necessary to choose it manually.
1.4.3. Configured to sent / deleted emails from the box "MailShop" on behalf of MailAdmin@domain saved in the box "MailShop"
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Preferences] "DelegateSentItemsStyle"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options\General] "DelegateWastebasketStyle"=dword:00000004
1.4.5. Question.
Since access to own mailbox "MailAdmin" to disable the account MailAdmin@domain can not be - how to disable or hide the access to folders mailbox?
Something like
$accessList = "FullAccess", "SendAs", "ExternalAccount", "DeleteItem", "ReadPermission", "ChangePermission", "ChangeOwner" Remove-MailboxPermission -Identity MailAdmin -User "NT AUTHORITY\SELF" -AccessRights $accesList Add-MailboxPermission -Identity MailAdmin -User MailAdmin@domain -AccessRights $accessList -Deny
does not work.
Where is the object Exchange mailbox (in Active Directory, the ACL does not affect the security settings, but "send as") to be able to play with his list of security ACL?
Should be possible to make the MailAdmin@domain to a shared mailbox "MailShop" without giving him FullAccess?
- Edited by Anton V. Kotlyarenko 19 hours 47 minutes ago
1.4. User boxes (MailAdmin, MailCash, MailDir) should not be, or deny access to them - to remove duplicate emails.
I cannot understand this clearly. What do you mean by preventing access to personal mailboxes?
When we use Add-MailboxPermission to add permissions to a mailbox, the Deny switch specifies whether to deny permissions to the user on the mailbox.
Thank you for the response.
Maybe I'm wrong to formulate questions in English, please excuse me.
According to section 1.4. "User boxes .."
Really want to prevent the users access to their own mailboxes, or at least hide folders in the mailbox and make use of only the shared mailbox.
It is necessary to ensure that employees who work in shifts kept the letter box in shared mailbox, because personal box will not be available the next person on the shift.
lready
done:
1.4.1. Limited access to the common box "MailShop" an account MailAdmin@domain without providing FullAccess or SendAs
Add-MailboxFolderPermission -Identity MailShop -User MailAdmin@domain -AccessRights ("ReadItems", "CreateItems", "EditOwnedItems", "FolderVisible")
1.4.2. Question. How to make sure that all messages sent under an account MailAdmin@domain sent on behalf of "MailStore"?
So far, every time it is necessary to choose it manually.
1.4.3. Configured to sent / deleted emails from the box "MailShop" on behalf of MailAdmin@domain saved in the box "MailShop"
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Preferences] "DelegateSentItemsStyle"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options\General] "DelegateWastebasketStyle"=dword:00000004
1.4.5. Question.
Since access to own mailbox "MailAdmin" to disable the account MailAdmin@domain can not be - how to disable or hide the access to folders mailbox?
Something like
$accessList = "FullAccess", "SendAs", "ExternalAccount", "DeleteItem", "ReadPermission", "ChangePermission", "ChangeOwner" Remove-MailboxPermission -Identity MailAdmin -User "NT AUTHORITY\SELF" -AccessRights $accesList Add-MailboxPermission -Identity MailAdmin -User MailAdmin@domain -AccessRights $accessList -Deny
does not work.
Where is the object Exchange mailbox (in Active Directory, the ACL does not affect the security settings, but "send as") to be able to play with his list of security ACL?
Should be possible to make the MailAdmin@domain to a shared mailbox "MailShop" without giving him FullAccess?
- Edited by Anton V. Kotlyarenko Friday, April 10, 2015 11:38 AM
1.4. User boxes (MailAdmin, MailCash, MailDir) should not be, or deny access to them - to remove duplicate emails.
I cannot understand this clearly. What do you mean by preventing access to personal mailboxes?
When we use Add-MailboxPermission to add permissions to a mailbox, the Deny switch specifies whether to deny permissions to the user on the mailbox.
Thank you for the response.
Maybe I'm wrong to formulate questions in English, please excuse me.
According to section 1.4. "User boxes .."
Really want to prevent the users access to their own mailboxes, or at least hide folders in the mailbox and make use of only the shared mailbox.
It is necessary to ensure that employees who work in shifts kept the letter box in shared mailbox, because personal box will not be available the next person on the shift.
lready
done:
1.4.1. Limited access to the common box "MailShop" an account MailAdmin@domain without providing FullAccess or SendAs
Add-MailboxFolderPermission -Identity MailShop -User MailAdmin@domain -AccessRights ("ReadItems", "CreateItems", "EditOwnedItems", "FolderVisible")
1.4.2. Question. How to make sure that all messages sent under an account MailAdmin@domain sent on behalf of "MailStore"?
So far, every time it is necessary to choose it manually.
1.4.3. Configured to sent / deleted emails from the box "MailShop" on behalf of MailAdmin@domain saved in the box "MailShop"
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Preferences] "DelegateSentItemsStyle"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options\General] "DelegateWastebasketStyle"=dword:00000004
1.4.5. Question.
Since access to own mailbox "MailAdmin" to disable the account MailAdmin@domain can not be - how to disable or hide the access to folders mailbox?
Something like
$accessList = "FullAccess", "SendAs", "ExternalAccount", "DeleteItem", "ReadPermission", "ChangePermission", "ChangeOwner" Remove-MailboxPermission -Identity MailAdmin -User "NT AUTHORITY\SELF" -AccessRights $accesList Add-MailboxPermission -Identity MailAdmin -User MailAdmin@domain -AccessRights $accessList -Deny
does not work.
Where is the object Exchange mailbox (in Active Directory, the ACL does not affect the security settings, but "send as") to be able to play with his list of security ACL?
Should be possible to make the MailAdmin@domain to a shared mailbox "MailShop" without giving him FullAccess?
- Edited by Anton V. Kotlyarenko Friday, April 10, 2015 11:38 AM
Hello Anton,
I'd create a single mailbox MailShop and provide access to it for every user.
The only limitation is that each user has full access to this mailbox (no differencxe in access rights for users).
Set the journaling on Exchange server to save accidentally deleted messages or have alook at this:
Good luck.
Victor