none
Any means of making a second mailbox have proper Sent Items support without granting Full Access?

    Question

  • Hello, I am trying to set up some shared mailboxes for our organization, which is running Exchange 2010 SP1 with Outlook 2010 clients. Some users should have Owner or full access, while others should have only Reviewer level access (i.e. they can see but not delete any mail in the mailbox). However, some of both groups need to have the ability to send items as that mailbox, and have those items properly become stored in that mailboxes "Sent Items" folder. 

    While I can get this functionality to work on a machine with the requisite registry edit (DeletegateSentItems), it would appear that the user needs to be set up under EMC as a member under both "Manage Send As Permission" as well as "Manage Full Access Permission" for the functionality to work. If a user is just a member of the former they can still send mail as the shared mailbox but the mail goes into their personal Sent Items rather than the shared mailbox's folder of the same. 

    This presents a problem. Operating as such, this would mean that you could not have a user have only Reviewer access yet also have the ability to send mail. More worrisome though is that any user who has the "Full Access" permission assigned through EMC can also edit the security settings of the mailbox. 

    Thus, is there any way to make it so that at the very least a user can send a message as a second mailbox, have it go into that mailbox's Sent Items folder, and *not* be included under the Full Access list in EMC for the mailbox?
    Wednesday, April 11, 2012 8:54 PM

Answers

  • I believe I may have figured it out.  Using the EMS I ran the following:

    Add-MailboxFolderPermission “MailboxName:\Sent Items” -User DOMAIN\GroupName -AccessRights “ReadItems,CreateItems,FolderVisible

    I have other groups that apply other permissions to all mailbox folders, such as one that adds the PublishingEditor role and another that adds just Reviewer.  All users are a member of one of those two groups, as well as a third group with the permissions just as defined above.  In this configuration the members of the PublishingEditor group have full access to the mailbox, and when sending mail as the mailbox it goes in the proper place.  With the second group with just Reviewer access they cannot change or delete anything, but they too can send mail and have it show up in the Sent Items on the second mailbox.  More importantly, they also cannot delete them.  The only downside I have found is that when a user tries to delete out of the Sent Items they don't get the "You do not have permissions" error; it just doesn't work.  A pretty small downside, in my opinion at least.  Thus, I think to get the functionality of having sent items go into a second mailbox's Sent Items folder you only need to have those three rights to just that folder, and not Full Access as defined on the mailbox itself.

    • Marked as answer by Tony Mitera Friday, April 20, 2012 4:48 PM
    Friday, April 20, 2012 4:48 PM

All replies

  • Hi Tony,

    Per my knowledge, there isn't any way can do as your required.

    Because when you want emails go to shared mailbox's sent item folder, you need to open the shared mailbox to send email (this need full access permission). when you use send as permission, you are trying to send email from your mailbox, you cannot make it goes to shared mailbox's sent item folder automatically.

    The workaround on this issue is that you can use Outlook rule to copy emails to shared mailbox, and use one Outlook rule in shared mailbox to move emails to Send Item folder.

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Friday, April 13, 2012 6:00 AM
    Moderator
  • I believe I may have figured it out.  Using the EMS I ran the following:

    Add-MailboxFolderPermission “MailboxName:\Sent Items” -User DOMAIN\GroupName -AccessRights “ReadItems,CreateItems,FolderVisible

    I have other groups that apply other permissions to all mailbox folders, such as one that adds the PublishingEditor role and another that adds just Reviewer.  All users are a member of one of those two groups, as well as a third group with the permissions just as defined above.  In this configuration the members of the PublishingEditor group have full access to the mailbox, and when sending mail as the mailbox it goes in the proper place.  With the second group with just Reviewer access they cannot change or delete anything, but they too can send mail and have it show up in the Sent Items on the second mailbox.  More importantly, they also cannot delete them.  The only downside I have found is that when a user tries to delete out of the Sent Items they don't get the "You do not have permissions" error; it just doesn't work.  A pretty small downside, in my opinion at least.  Thus, I think to get the functionality of having sent items go into a second mailbox's Sent Items folder you only need to have those three rights to just that folder, and not Full Access as defined on the mailbox itself.

    • Marked as answer by Tony Mitera Friday, April 20, 2012 4:48 PM
    Friday, April 20, 2012 4:48 PM