How to propagate a folder's permissions for delegates to all subfolders, including future new subfolders

I have assigned permissions on a user's Inbox folder so that another user has access to it with editor rights,  and this works fine. The problem is that when the mailbox owner creates a new subfolder under his Inbox, the delegated user does not see it. The owner has to manually assign rights for each such new folder. Is there a way to configure Exchange / Outlook to assign permissions for a folder and all its sub-folders in one operation, including also any future subfolder that could be created by the owner ?

Environment: Exchange 2003 server with Outlook 2003 clients.


Who is Participating?
jabolfanConnect With a Mentor Commented:
Be sure to read the article and understand the time to needed for the rights to propogate to the IS (2 hours)
Here how to give a user global access to an email box
1- Select the Exchange Advanced tab
2- Select Mailbox rights
3- If SELF is not present add SELF to the ACL and give it: Read, Full (if warranted) and Associated external account. If you don't want Full you will need to tweak the settings, but the mailbox is going to be disabled so there is really no reason not to give full access.
4- Add the user who needs access to the account and give that person: Read and Full only.
5- Select OK and close.
6- (Optional) Use Replication Monitor to force and verify the replication to all DC's, or wait for system specified replication.
7- Either create a profile in Outlook to open the about to be disabled user's mailbox, or add the mailbox to the other user list of additional mailboxes to open.
8- Verify that you can open the mailbox and navagiate through all items.

Did you try assigning the permissions at the (root) or inbox level ... the folder permissions should propagate downward. When you set the delegates, you only have the option to choose access to the default folders.

Try setting the permissions by right clicking the inbox and go to the permissions tab.

Jabolfan - Maybe I'm missing something here but I'm unsure why you are listed the resolution above -

You shouldn't add the SELF account to an account that is enabled ... You should use the SELF account if you wanted to have the mail-enabled account still receive email while the actual account is disabled - Microsoft recommends you remove this right if an account is enabled.

When a Windows account is disabled, it is important to note that the msExchMasterAccountSid attribute must be set and if it isn't, one of the issues that occurs is the generation of a non-delivery report. The easiest way to avoid these non-delivery reports is to add the SELF account to the mailbox rights of the disabled user account and set the SELF account with the Read, Full Mailbox Access and Associated External Account rights.

You should note that only one account can have the Associated External Account right. Also, it is important to remove this right if you re-enable the account because no enabled account should have this right listed.

He was simply stating that he was trying to set subfolder level delegates, which can be resolved from the root, inbox, or subfolder level permissions tab.

Thanks for the clarifications, I had multiple windows open and copies and pasted into the wrong window.
you are correct.
I agree that the delegating is the best way to approach this. But if a user creates a subfolder off the root you will need to assign rights directly on that object. If given the rights at the ADUC mailbox level, the additional user can have full access regardles of the placement of the folder.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.