none
Granular Permissions on a Shared Mailbox RRS feed

  • Question

  • I've created a Shared mailbox in our Exchange environment.    The managers don't want everyone to have the ability to delete messages in that box, but they want everyone to be able to read.  

    During the setup of a Shared mailbox you grant Full Access permissions to the box in order for it to be added to people's outlook.   However as the name implies it gives them complete control.    Is there a way for me to be more granular about it?

     

    Friday, December 2, 2011 8:28 PM

Answers

  • Would I still create the mailbox with powershell using the -shared parameter?   

     


    Hehe. Good question. A shared mailbox is kinda funny isnt it? Its nothing more than a regular mailbox with a disabled AD account for the most part.

    Try this. For an existing shared mailbox, remove the full mailbox perm for a user, then grant them simply delegate perms ( you may want to wait a few hours after removing the full mbx perms) then test to see if the delegate perms work as expected.

     

    If so, great! If not, create a new mailbox, not as a shared mailbox, but regular, then add the delegate perm, then disable the AD account and test.

     

     

    Friday, December 2, 2011 8:47 PM
    Moderator

All replies

  • Dont grant full mailbox access.

    Delegate by individual folder ( give them reviewer permissions for example).

    Users can then manually add it to their Outlook profiles or open the shared folders ad hoc.

     

    Friday, December 2, 2011 8:36 PM
    Moderator
  • Would I still create the mailbox with powershell using the -shared parameter?   

     

    Friday, December 2, 2011 8:38 PM
  • Would I still create the mailbox with powershell using the -shared parameter?   

     


    Hehe. Good question. A shared mailbox is kinda funny isnt it? Its nothing more than a regular mailbox with a disabled AD account for the most part.

    Try this. For an existing shared mailbox, remove the full mailbox perm for a user, then grant them simply delegate perms ( you may want to wait a few hours after removing the full mbx perms) then test to see if the delegate perms work as expected.

     

    If so, great! If not, create a new mailbox, not as a shared mailbox, but regular, then add the delegate perm, then disable the AD account and test.

     

     

    Friday, December 2, 2011 8:47 PM
    Moderator
  • Hi John,

    Any udpate for your issue?

    Regards!

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com

    Gavin

    TechNet Community Support

    Monday, December 19, 2011 10:06 AM
  • Hi John

    I know this is an old question, but I just finished a blog post about this :-)

    http://msftexchange.org/granular-outlook-permissions

    BR
    Steen


    Thursday, February 13, 2014 8:28 AM