We have a security group in AD configured with Author permissions on our conference room calendars. We initially had users invite our conference room calendar objects as Resources within their local Outlook appointments to book the resources. We also configured the conference rooms to automatically accept appointments if there were no conflicts and if the user was a member of the appropriate group.
With these permissions, the members have the ability to open conference room calendars through their Outlook 2007 client, create new appointments on those calendars, and invite users to join those appointments as the conference room (instead of themselves) e.g. Sally Anderson receives an invitation from Conference Room #2 instead of from the meeting organizer. This creates issues because if the user responds, that response goes to the unmonitored calendar inbox.
The other issue related to this is that if users actually book the conference room as a resource from their personal calendar and include any attachments, those attachments are then viewable by anyone in the company. The default permission on our calendars is currently set to reviewer on the calendar items so that people can view free/busy status of conference rooms; unfortunately, inherent with those permissions, is the ability to open the attachments (employee reviews, sensitive documents, anything thats attached)
Is there a way to prevent users from inviting attendees as the conference room as well as keep people from attaching documents to these conference room meetings?