Solved

Mailbox permissions that will allow some users to delete emails and prohibit others in a departmental mailbox.

Posted on 2006-06-30
13
246 Views
Last Modified: 2008-02-01
I have multiple users accessing email from a common mailbox. I want all users to be able to read and reply to  the messages but I only want the supervisor to be able to delete them, nobody else. I have it all set up where everyone can see the messages but no matter what I try everyone still has permission to delete the emails.
0
Comment
Question by:robhribar
  • 5
  • 4
  • 4
13 Comments
 
LVL 3

Expert Comment

by:ppuro
ID: 17019681
In outlook go to tools--options--delegates---add the user and give AUTHOR permissions to  the user for whom you just want them to read and write but not delete items.

For supervisor give Editor permissions so that he can delete the items as well.


Regards,

Prasad
0
 

Author Comment

by:robhribar
ID: 17021147
It's on an Exchange Server...I guess I should have put that in the question...and they're each checking the mailbox from their own desktop computer...
0
 
LVL 3

Expert Comment

by:ppuro
ID: 17021379
Well where is the common mailbox configured?

You need to go the outlook where the common mailbox is configured and then add delegates and give AUTHOR and Editor permissions respectively.


Regards,

Prasad
0
 
LVL 3

Expert Comment

by:ppuro
ID: 17021390
Yes , Users can access the common mailbox from their own desktop computer only.

The delegation should be done on common mailbox where it is configured.

Regards,

Prasad
0
 

Author Comment

by:robhribar
ID: 17031217
So I have to go to each computer and every user account that accesses this mailbox and set up delegates? That is the only way to control read / delete permissions for a community mailbox is via the sneaker-net?

And if they understand how to turn off the delegates?

There is no way to do this through the Exchange Administrator or through mailbox rights?
0
 
LVL 3

Expert Comment

by:ppuro
ID: 17035504
You don't need to go to each computer.

You only need to do it on the computer where the common mailbox is configured.

Regards,

Prasad
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 

Author Comment

by:robhribar
ID: 17042529
Your comments make no sense to me... It's an Exchange mailbox, therefore the mailbox resides on the Exchange server...which nobody has physical access to.

None of these people are even in the same building as this server...they all have a network connection and check it using Microsoft Outlook....there are 5 people who check the mail in this mailbox...I want all of them (each on their own seperate computer in seperate buildings) to be able to read mail but only the supervisor to be able to delete it... If I configure it on her computer it has no effect on the other people.

Or am I missing something here?
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17285156
Is this still an issue robhribar?

If so, I will get someone to look at it for you,

If not, I will recommend what to do with it in 4 days

-red
EE Cleanup Volunteer
0
 

Author Comment

by:robhribar
ID: 17288575
It is still an issue.

Re-stating the problem...
Multiple people will be accessing the same Exchange mailbox from totally different computers at different physical locations...I want to allow only one of them permission to delete emails, the others should only be able to view them. Maybe I didn't explain that clear enough in the beginning.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17292194
No problems,

This question lapsed into my inbox and I have to clean it up.

I noticed that this isnt a majorly complicated issue, and thought if you still want it solved, i could probably show you how to do that

SO, to have a resource mailbox (which I am assuming you already know how to set up, and connect your users to) with limited permissions for some users, you need to set that on the individual folders themselves (ie., you cant do this through ADUC).

1. Create a distribution group in ADUC for the users that you want to have read only access (and obviously add those users to that group)
2. Log on (from any machine) to the resource mailbox
3. Right click on the folders you want read-only and go permissions
4. Go to the permissions tab > click add > add your new distribution group
5. Set the permissions there to be what you want them to be - ie., delete none, edit none.

The one caveat is that you will not be able to give them "full mailbox access" through ADUC.

Which may mean you cannot do this the way you want to - if you give them full mailbox access, they can delete whatever they like, irrespective of folder permissions.   If you don't give them full mailbox access, but give them folder permissions instead, they will only be able to access the inbox by going file > open > other users folder > %resource mailbox% - Inbox


What may be a better solution is to mail enable a read only public folder.  Get that folder to forward on to the mailbox.  Then set permissions so that the read-only users have read-only access to the public folder, and the full access user is the only one that has full mailbox access to the actual mailbox.

If you can explain more about what you are trying to achieve, I might have more ideas

-red
0
 

Author Comment

by:robhribar
ID: 17295820
Well there are 5 people in the dept. and one of them is a supervisor. I want them all to be able to access and read the email that comes into that mailbox. But the email address is also on our website so if somebody emails in a complaint on one of the people in that dept. (which happens) I don't want them to be able to delete it before their supervisor reads it. Sometimes they use Outlook Web Access to read email via the internet but most often its a direct connection on our network. So basically I just needed to figure out how to set individual permissions on a mailbox and I thought I could do it through ADUC (though after what you said I see I can't.)

I'll try your suggestion above and see what happens.

Thanks and I'll update this with the results (though it may be a week or more before I get it done and figure out who can still do what in the mailbox.)
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17299444
Another thing you could do is enable journaling, it will record all emails coming in and out.

You could also try increasing the deleted item rentention time, but this is somewhat hit and miss.

What may be better is putting the fear of god into your users - increase deleted item retention time and tell them all deleted mails go to a special holding box for processing.  If someone tests the theory, you can restore the email for them with exmerge.

Other than that, there isnt much you can do.  Outlook and exchange assumes that you will want your users to have full control of their mailbox - all the time

-red
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 250 total points
ID: 17398539
I just had another thought as well.

Create another mailbox, give no-one but yourself permission to is, and forward a copy of all emails that go to the first box to it.

At any point in time you will always be able to see what came in, because you have another full copy

-red
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now