locked
Allow only 1 group to book a resource mailbox RRS feed

  • Question

  • Hello

    We're using Exchange2007, and we want to configure a resource so that it can be booked by 1 group only.
    I've already configured it via OWA > "permissions for resourceplanning" and verified via powershell

    RequestOutOfPolicy                  : {DOMAIN.LOCAL\testgroup}
    AllRequestOutOfPolicy               : False
    BookInPolicy                        : {DOMAIN.LOCAL\testgroup}
    AllBookInPolicy                     : False
    RequestInPolicy                     : {DOMAIN.LOCAL\testgroup}
    AllRequestInPolicy                  : False
    AddAdditionalResponse               : False

    As you can see I even configured it for all 3.
    After applying other users (not member of this group) still are able to book the resource.

    Does anyone know what setting might be wrong?

    I already expaned the group "testgroup" --> user isn't in it, but still can book the resource.

    Monday, September 12, 2011 2:29 PM

Answers

  • Change that to no higher than "Reviewer".  If you're using the Auto-Accept feature, the users don't need and should not have permission to create items on that calendar. The booking agent will put the items on the calendar, based on appointment requests received in the Inbox and according to the policy settings for that resource and resource availability.

    Using the Rooms button does a direct booking (the user is placing the appointment directly onto the calendar, rather than emailing an appointment request to the room mailbox).  This bypassed the booking agent, and all of the policy settings.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    • Marked as answer by dgoossens Thursday, September 15, 2011 11:05 AM
    Tuesday, September 13, 2011 10:45 AM

All replies

  • Is the user booking the resource through the booking agent (by inviting it as a resource), or are they doing direct booking?  I

    Does the user have any delegeted permissions to the calendar folder of that resource mailbox?


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Monday, September 12, 2011 2:34 PM
  • The user which normally shouldn't be able to book is booking it via the Rooms button.
    I see that I did forget to mention that it's a room mailbox :-)

    When I open the calender properties in outlook (opened the room mbx), I have Default > "Custom permissions" > "create items" and  "edit own" is enabled.

     

    Tuesday, September 13, 2011 6:40 AM
  • Change that to no higher than "Reviewer".  If you're using the Auto-Accept feature, the users don't need and should not have permission to create items on that calendar. The booking agent will put the items on the calendar, based on appointment requests received in the Inbox and according to the policy settings for that resource and resource availability.

    Using the Rooms button does a direct booking (the user is placing the appointment directly onto the calendar, rather than emailing an appointment request to the room mailbox).  This bypassed the booking agent, and all of the policy settings.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    • Marked as answer by dgoossens Thursday, September 15, 2011 11:05 AM
    Tuesday, September 13, 2011 10:45 AM
  • Hi,

    Your configuration is incorrect:

    ResourceDelegates                   : {}
    RequestOutOfPolicy                  : {}
    AllRequestOutOfPolicy               : False
    BookInPolicy                        : {DOMAIN.LOCAL\testgroup}
    AllBookInPolicy                     : False
    RequestInPolicy                     : {}
    AllRequestInPolicy                  : FAlse

    I would suggest you enable the AD account of this Resource mailbox and then set up the resource Scheduling Permissions in OWA/Option. It will help avoiding confusion.

    For more information, see http://support.microsoft.com/kb/2005631 


    Fiona
    Wednesday, September 14, 2011 7:25 AM
    Moderator
  • Hello,

    I already tried it by configuring only the first option you can set via the resource settings in OWA, which should be sufficient.

    I tried again, so my settings are now :

    AutomateProcessing                  : AutoAccept
    AllowConflicts                      : False
    BookingWindowInDays                 : 1080
    MaximumDurationInMinutes            : 1440
    AllowRecurringMeetings              : True
    EnforceSchedulingHorizon            : False
    ScheduleOnlyDuringWorkHours         : False
    ConflictPercentageAllowed           : 0
    MaximumConflictInstances            : 0
    ForwardRequestsToDelegates          : True
    DeleteAttachments                   : True
    DeleteComments                      : True
    RemovePrivateProperty               : True
    DeleteSubject                       : True
    DisableReminders                    : True
    AddOrganizerToSubject               : True
    DeleteNonCalendarItems              : True
    TentativePendingApproval            : True
    EnableResponseDetails               : True
    OrganizerInfo                       : True
    ResourceDelegates                   : {}
    RequestOutOfPolicy                  :
    AllRequestOutOfPolicy               : False
    BookInPolicy                        : {DOMAIN.LOCAL/TESTGROUP}
    AllBookInPolicy                     : False
    RequestInPolicy                     :
    AllRequestInPolicy                  : False
    AddAdditionalResponse               : False
    AdditionalResponse                  : <DIV><FONT size=2 face=Tahoma></FONT></DIV>
    RemoveOldMeetingMessages            : True
    AddNewRequestsTentatively           : True
    ProcessExternalMeetingMessages      : False
    DefaultReminderTime                 : 15
    RemoveForwardedMeetingNotifications : False

     

     

    The result is the same however, I can still book the resource with a user that isn't in the testgroup

    Wednesday, September 14, 2011 1:19 PM
  • Have you gone back and changed the default permissions on the calendar?

      As long as the default is to allow creating new items on that calendar, you aren't going to be able to prevent people from direct booking that resource, regardless of what your calendar processing settings are.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, September 14, 2011 1:23 PM
  • Hello

    Tnx a lot both for your help!!

    Mjolinor, it seems I looked over your previous post :-)
    I've changed the settings, and it seems to be ok now when I try to book with a testaccount.
    I didn't know about the bypass of the calendar permissions in outlook.

    Thursday, September 15, 2011 11:04 AM
  • Hello,

    I did find another problem with this resource mailbox afterwards.

    The resource mbx was still behaving very strange (no receipts, booked in own calendar, but not in resource calendar, etc.)

    What I didn't mention in my first post was that this mbx is a migrated mailbox from exchange 2000.

    There seems to be a problem for migrated mailboxes, that are converted to a resource mailbox in exchange 2007.
    What I need to do, was create a new resource mailbox, and need to export/import the calendar into it.

    Friday, September 23, 2011 8:52 AM