robhribar
asked on
Mailbox permissions that will allow some users to delete emails and prohibit others in a departmental mailbox.
I have multiple users accessing email from a common mailbox. I want all users to be able to read and reply to the messages but I only want the supervisor to be able to delete them, nobody else. I have it all set up where everyone can see the messages but no matter what I try everyone still has permission to delete the emails.
ASKER
It's on an Exchange Server...I guess I should have put that in the question...and they're each checking the mailbox from their own desktop computer...
Well where is the common mailbox configured?
You need to go the outlook where the common mailbox is configured and then add delegates and give AUTHOR and Editor permissions respectively.
Regards,
Prasad
You need to go the outlook where the common mailbox is configured and then add delegates and give AUTHOR and Editor permissions respectively.
Regards,
Prasad
Yes , Users can access the common mailbox from their own desktop computer only.
The delegation should be done on common mailbox where it is configured.
Regards,
Prasad
The delegation should be done on common mailbox where it is configured.
Regards,
Prasad
ASKER
So I have to go to each computer and every user account that accesses this mailbox and set up delegates? That is the only way to control read / delete permissions for a community mailbox is via the sneaker-net?
And if they understand how to turn off the delegates?
There is no way to do this through the Exchange Administrator or through mailbox rights?
And if they understand how to turn off the delegates?
There is no way to do this through the Exchange Administrator or through mailbox rights?
You don't need to go to each computer.
You only need to do it on the computer where the common mailbox is configured.
Regards,
Prasad
You only need to do it on the computer where the common mailbox is configured.
Regards,
Prasad
ASKER
Your comments make no sense to me... It's an Exchange mailbox, therefore the mailbox resides on the Exchange server...which nobody has physical access to.
None of these people are even in the same building as this server...they all have a network connection and check it using Microsoft Outlook....there are 5 people who check the mail in this mailbox...I want all of them (each on their own seperate computer in seperate buildings) to be able to read mail but only the supervisor to be able to delete it... If I configure it on her computer it has no effect on the other people.
Or am I missing something here?
None of these people are even in the same building as this server...they all have a network connection and check it using Microsoft Outlook....there are 5 people who check the mail in this mailbox...I want all of them (each on their own seperate computer in seperate buildings) to be able to read mail but only the supervisor to be able to delete it... If I configure it on her computer it has no effect on the other people.
Or am I missing something here?
Is this still an issue robhribar?
If so, I will get someone to look at it for you,
If not, I will recommend what to do with it in 4 days
-red
EE Cleanup Volunteer
If so, I will get someone to look at it for you,
If not, I will recommend what to do with it in 4 days
-red
EE Cleanup Volunteer
ASKER
It is still an issue.
Re-stating the problem...
Multiple people will be accessing the same Exchange mailbox from totally different computers at different physical locations...I want to allow only one of them permission to delete emails, the others should only be able to view them. Maybe I didn't explain that clear enough in the beginning.
Re-stating the problem...
Multiple people will be accessing the same Exchange mailbox from totally different computers at different physical locations...I want to allow only one of them permission to delete emails, the others should only be able to view them. Maybe I didn't explain that clear enough in the beginning.
No problems,
This question lapsed into my inbox and I have to clean it up.
I noticed that this isnt a majorly complicated issue, and thought if you still want it solved, i could probably show you how to do that
SO, to have a resource mailbox (which I am assuming you already know how to set up, and connect your users to) with limited permissions for some users, you need to set that on the individual folders themselves (ie., you cant do this through ADUC).
1. Create a distribution group in ADUC for the users that you want to have read only access (and obviously add those users to that group)
2. Log on (from any machine) to the resource mailbox
3. Right click on the folders you want read-only and go permissions
4. Go to the permissions tab > click add > add your new distribution group
5. Set the permissions there to be what you want them to be - ie., delete none, edit none.
The one caveat is that you will not be able to give them "full mailbox access" through ADUC.
Which may mean you cannot do this the way you want to - if you give them full mailbox access, they can delete whatever they like, irrespective of folder permissions. If you don't give them full mailbox access, but give them folder permissions instead, they will only be able to access the inbox by going file > open > other users folder > %resource mailbox% - Inbox
What may be a better solution is to mail enable a read only public folder. Get that folder to forward on to the mailbox. Then set permissions so that the read-only users have read-only access to the public folder, and the full access user is the only one that has full mailbox access to the actual mailbox.
If you can explain more about what you are trying to achieve, I might have more ideas
-red
This question lapsed into my inbox and I have to clean it up.
I noticed that this isnt a majorly complicated issue, and thought if you still want it solved, i could probably show you how to do that
SO, to have a resource mailbox (which I am assuming you already know how to set up, and connect your users to) with limited permissions for some users, you need to set that on the individual folders themselves (ie., you cant do this through ADUC).
1. Create a distribution group in ADUC for the users that you want to have read only access (and obviously add those users to that group)
2. Log on (from any machine) to the resource mailbox
3. Right click on the folders you want read-only and go permissions
4. Go to the permissions tab > click add > add your new distribution group
5. Set the permissions there to be what you want them to be - ie., delete none, edit none.
The one caveat is that you will not be able to give them "full mailbox access" through ADUC.
Which may mean you cannot do this the way you want to - if you give them full mailbox access, they can delete whatever they like, irrespective of folder permissions. If you don't give them full mailbox access, but give them folder permissions instead, they will only be able to access the inbox by going file > open > other users folder > %resource mailbox% - Inbox
What may be a better solution is to mail enable a read only public folder. Get that folder to forward on to the mailbox. Then set permissions so that the read-only users have read-only access to the public folder, and the full access user is the only one that has full mailbox access to the actual mailbox.
If you can explain more about what you are trying to achieve, I might have more ideas
-red
ASKER
Well there are 5 people in the dept. and one of them is a supervisor. I want them all to be able to access and read the email that comes into that mailbox. But the email address is also on our website so if somebody emails in a complaint on one of the people in that dept. (which happens) I don't want them to be able to delete it before their supervisor reads it. Sometimes they use Outlook Web Access to read email via the internet but most often its a direct connection on our network. So basically I just needed to figure out how to set individual permissions on a mailbox and I thought I could do it through ADUC (though after what you said I see I can't.)
I'll try your suggestion above and see what happens.
Thanks and I'll update this with the results (though it may be a week or more before I get it done and figure out who can still do what in the mailbox.)
I'll try your suggestion above and see what happens.
Thanks and I'll update this with the results (though it may be a week or more before I get it done and figure out who can still do what in the mailbox.)
Another thing you could do is enable journaling, it will record all emails coming in and out.
You could also try increasing the deleted item rentention time, but this is somewhat hit and miss.
What may be better is putting the fear of god into your users - increase deleted item retention time and tell them all deleted mails go to a special holding box for processing. If someone tests the theory, you can restore the email for them with exmerge.
Other than that, there isnt much you can do. Outlook and exchange assumes that you will want your users to have full control of their mailbox - all the time
-red
You could also try increasing the deleted item rentention time, but this is somewhat hit and miss.
What may be better is putting the fear of god into your users - increase deleted item retention time and tell them all deleted mails go to a special holding box for processing. If someone tests the theory, you can restore the email for them with exmerge.
Other than that, there isnt much you can do. Outlook and exchange assumes that you will want your users to have full control of their mailbox - all the time
-red
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For supervisor give Editor permissions so that he can delete the items as well.
Regards,
Prasad