Announcement

Collapse
No announcement yet.

Exchange Delegation for mailbox calendar

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange Delegation for mailbox calendar

    Hi Guys,
    we have a 'helpdesk admin' group that looks after the daily I.T. support matters. These guys are a member of local admin on all the workstations across the domain. I have delegated rights on A.D., to facilitate creation/management of domain user accounts.
    Currently they have 'view only admin' access on the exchange administrative group. I need this group to be able to access/manage calendar for all users across our domain (creating/deleting meetings for users). However, I don't want them to be able to access their mailboxes, i.e., read/write/delete emails. How can I achieve this? Any help is highly appreciated. BTW, our domain is on windows 2000 (native) with exchange 2003.

  • #2
    Re: Exchange Delegation for mailbox calendar

    I don't think there's an easy way to do this. You might try:

    1. Create a Distribution Groupfor the helpdesk admins, add all the helpdesk admins to this group.

    2. Have all the users share their Outlook calendars with the helpdesk admin group as Editors.

    Comment


    • #3
      Re: Exchange Delegation for mailbox calendar

      Thanks for your reply, but is this the only way to do it? This will create havoc for all staff members. Plus there is a lot of manual work involved in that. Is there a simpler way or a way to automate this?

      Comment


      • #4
        Re: Exchange Delegation for mailbox calendar

        IDK. I couldn't find another way. Delegation in ESM doesn't let you get that granular (as far as I know). ADUC mailbox rights doesn't allow you to get that granular either (as far as I know). I tired using a third party utility to try and "breakdown" the ADUC Full Mailbox permission into it's granular rights but didn't have any luck

        Comment


        • #5
          Re: Exchange Delegation for mailbox calendar

          Short answer is that you cannot do this at the server level.
          If you were to grant the permission on the calendar folder level (which is possible to do in bulk) there is nothing that you can do to enforce it. A user could come along and remove that permission. You could put it back, and they can just remove it again.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Exchange Delegation for mailbox calendar

            OK, so I either need to do it manually on all mailboxes or give 'helpkdesk' group exchange admin permission to modify the mailbox rights. Now, here is my question if I give them admin rights to mailbox:
            - How do I prevent them to interfere with mailbox permissions for all managers and domain admins?

            Comment


            • #7
              Re: Exchange Delegation for mailbox calendar

              You basically have two options. Neither of which mean Exchange Admin rights.

              a. Set the permissions on each mailbox individually (ie not using inheritance)
              b. Adjust the mailboxes of all of the users who should not have access. However that will mean turning off inheritance, which can have other consequences.

              Exchange simply does not have the level of granular control that you require.

              You could put the users who they shouldn't have access to in to their own Storage Group (if running Enterprise edition) and then grant whatever permissions are required at the storage group level of the other users.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Exchange Delegation for mailbox calendar

                what would happen if I isolate users (that needs to be managed) in a different storage group and grant 'Change Permission' authority to helpdesk users on that storage group. What exactly will 'Change Permission' authority do?

                Comment

                Working...
                X