Exchange 2003 Conference Room Issue

We have a security group in AD configured with Author permissions on our conference room calendars.  We initially had users invite our conference room calendar objects as Resources within their local Outlook appointments to book the resources.  We also configured the conference rooms to automatically accept appointments if there were no conflicts and if the user was a member of the appropriate group.

The Problems:    
With these permissions, the members have the ability to open conference room calendars through their Outlook 2007 client, create new appointments on those calendars, and invite users to join those appointments as the conference room (instead of themselves)  e.g. Sally Anderson receives an invitation from Conference Room #2 instead of from the meeting organizer.  This creates issues because if the user responds, that response goes to the unmonitored calendar inbox.

The other issue related to this is that if users actually book the conference room as a resource from their personal calendar and include any attachments, those attachments are then viewable by anyone in the company.  The default permission on our calendars is currently set to reviewer on the calendar items so that people can view free/busy status of conference rooms; unfortunately, inherent with those permissions, is the ability to open the attachments (employee reviews, sensitive documents, anything thats attached)

Is there a way to prevent users from inviting attendees as the conference room as well as keep people from attaching documents to these conference room meetings?
Who is Participating?
You cannot make private the default for all appointments, it needs to be set on a per appointment basis.
I don't think there is a way you can stop users from sending the invite from the resource if they permissions to the resource.
If you wanted to have a way of allowing users to check availability, then you could use a direct URL to the calendar folder on an intranet, but that is about it.

Exchange 2007 makes this so much easier.

It needs to be either/or.
You either set the users with author settings and allow direct booking by accessing the folder, or you use the auto accept system. Do not try and mix, as you will have the problems you have seen.

You don't need reviewer rights to be able to see the free/busy information. That should be published to the server automatically. Reviewer gives you the permission to see the content.

One way of blocking others from seeing the content of the meeting is to use the Private button. They should then just see that the time is unavailable without the content.

xchangeadminAuthor Commented:
Hi Simon

The Private button is great; it is definitely a step in the direction of what theyre looking for (can a calendar be set to treat all appointments as private?).  However, is there a way to prevent this group of users from inviting attendees to appointments from the conference room calendar?  I understand what youre saying in respect to picking one way of booking but users will be users and if they CAN invite users from the conf calendar, invariably there will be someone who does.

As far as the free/busy viewing for all the rest of the users, thats not working if I remove the Reviewer permission from the default account.  If I drop that to none, then a basic user cant see anything on the calendar at all.

xchangeadminAuthor Commented:
Hi Mestha

Thanks for your input on this issue.  The private feature should help us limp by until we are able to get a later version of Exchange in place.

Points are all yours
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.