[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Block Calendar Sharing/Viewing on Exchange 2010 and Outlook 2007

Posted on 2010-09-10
25
Medium Priority
?
3,788 Views
Last Modified: 2012-08-14
Dear Experts,

It has come to my attention that some users are viewing other users calendar without their permission.

Now I have to secure all the VP's and Executives calendars.

How do I prevent that from happening, I tried going to Calendar, Properties, Permission and set it to None but that did not work.

Is there a choice to do it from the server it self, and just give rights to the users they choose to.

I have Exchange 2010 and I am using Outlook 2007

Thanks for all your help

WilsonJ
0
Comment
Question by:WilsonJ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
  • 6
  • +2
25 Comments
 
LVL 32

Expert Comment

by:endital1097
ID: 33647101
from outlook
tools - options- calendar options -free/busy options
set the default value to None
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33647108
you don't have a lot of options it is either

1. Permissions were given from where you specified
2. The user has full mailbox access to the other's mailbox
3. the user has the password of the other user
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33647129
you'll want to go into ad users and computers
tool - view advanced
go to the properties of a vp and the security tab
look for any account/group that has receive as permission
you'll want to remove anyone that doesn't belong
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 10

Expert Comment

by:dhruvarajp
ID: 33647177
if you are talking about accessing the calender ? then it would not happen they have shared themselves or admin has done for them

..
however if you are talking about availibility info.. you know when you go to cal and create a meeting and see .. who all is available.. all see .. when someone is available or not.. this can not disabled
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33647227
I am trying to think along these lines. What do you think jim.

Get-mailbox -vpname |Remove-MailboxFolderPermission -User mail@domain.com

The issue is this will remove access for -vpname for mail@domain.com
and we need to cycle through the whole AD instead of doing it 1 by 1 using mail@domain.com
 
http://blogs.msdn.com/b/pepeedu/archive/2010/09/08/exchange-2010-adding-mailbox-calendar-permissions-using-powershell.aspx
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33647599
wilsonj - can you test my post above and see if it removes permission for mail@domain.com from -vpname calendar.
you can test it with your own account and then try to go to calendar of -vpname

thanks
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33647697
you need to know the access writes to remove so i would run something like the following

$perms = Get-mailboxpermission vp | where { $_.IsInherited -eq $false -and $_.User.ToString().Contains("DOMAIN\") }
foreach($p in $perms) { $user = $p.user.tostring().substring($p.user.tostring().indexof("\")); remove-mailboxpermission vp -user $user -accessrights fullaccess }

there may be an easier way, but i have not had time to test anything else
0
 

Author Comment

by:WilsonJ
ID: 33649447
Thank you for all your input,
i was doing further test and find out that from my Outlook when i go to My Calendar if i click on "Open a Shared Calendar" I can open any user calendar in the domain using my user id which has no admin rights, i dont think this is right there most be a setting to stop sharing everybodies calendar.
endital1097: i tried changing the default value to none and it didn't work. on your second post i checked all the permissions and none of the users or vp's belong to an admin  group or have admin rights to each others.
Akhater: 1) Permission were never given to any of those users accesing the vp's calendar 2) Users do not have full mailbox access to each others mail boxes. 3) Users do not have or need passwords to view the calendars.
sunnyc7: I tried to run the script but i must be making a mistake because I am getting a syntax error. for argument sake and to make sure i am typing everything correctly lets define.
Username= alpha and  VP Username= beta and mail@domain.com is the e-mail addres of alpha correct???
here is the syntax you typed
Get-mailbox -vpname |Remove-MailboxFolderPermission -User mail@domain.com
This is what i entered in the shell.
Get-mailbox -beta |Remove-MailboxFolderPermission -alpha a.lpha@company-name.us
Here is the error I am getting.

[PS] C:\Windows\system32>Get-mailbox beta |Remove-MailboxFolderPermission -alpha a.lpha@company-name.us
A positional parameter cannot be found that accepts argument 'a.lpha@company-name.us'.
    + CategoryInfo          : InvalidArgument: (:) [Remove-MailboxFolderPermission], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Remove-MailboxFolderPermission
 
 
Thanks for all your help
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33649468
vp = alpha
user who should not be watchinv VP = beta - email address beta@domain.com

Get-mailbox -alpha |Remove-MailboxFolderPermission -user beta@domain.com
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33649479
"i was doing further test and find out that from my Outlook when i go to My Calendar if i click on "Open a Shared Calendar" I can open any user calendar in the domain using my user id which has no admin rights, i dont think this is right there most be a setting to stop sharing everybodies calendar."

by default no one can open calendars unless explicit right was given something is wrong with your permissions
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33649481
i got something else

 ForEach($f in (Get-Mailbox) ) { $fname = "vp:\Calendar");
Remove-MailboxFolderPermission $fname -User $f }
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33649492
you may want to run it with the -ErrorAction SilentlyContinue

ForEach($f in (Get-Mailbox) ) { $fname = "vp:\Calendar"); Remove-MailboxFolderPermission $fname -User $f  -ErrorAction SilentlyContinue}
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33649500
yeah i was thinking about that and was tied-up with this one >>

> get-mailbox will output VP's mailbox too. Will that disable access to vp's calendar to the VP ?
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33649525
no, the mapi folder permissions don't apply to mailbox owner
0
 

Author Comment

by:WilsonJ
ID: 33649955
sunnyc7:
I tried runing the new command and got the follwing error.
[PS] C:\Windows\system32>Get-mailbox -alpha |Remove-MailboxFolderPermission -user b.eta@company-name.us
The operation couldn't be performed because object '-alpha' couldn't be found on 'DC.domain.com'.
    + CategoryInfo          : NotSpecified: (:) [Get-Mailbox], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 6C517B40,Microsoft.Exchange.Management.RecipientTasks.GetMailbox
I dont understand why it says it can not find the user in the DC they are all there. what am i doing wrong i'm typing it exactly as i should. :(
endital1097:
I ran this line below and it executed fine, using my user against another domain user and i can stll view their calendar. when i go to open shared calendar.
ForEach($f in (Get-Mailbox) ) { $fname = "vp:\Calendar"); Remove-MailboxFolderPermission $fname -User $f  -ErrorAction SilentlyContinue}  
Thanks
 
0
 

Author Comment

by:WilsonJ
ID: 33649988
Akhater,
I don't know what else to check as far as permissions, no one has acces to anybodies mailbox, and none of the user in question are part of an admin group or has explicit rights to other users.
:(
Any ideas??
Thanks
0
 
LVL 32

Accepted Solution

by:
endital1097 earned 2000 total points
ID: 33649992
run the following
get-mailboxpermission otheruser | where { $_.isinherited -eq $false }

do you belong to any groups listed with fullaccess
0
 

Author Comment

by:WilsonJ
ID: 33650229
endital1097:
Wow i think i have given myself full rights in the past. i tested with another user and it seems to be blocked. I have to try with the actual users in question but will have to wait until later to make sure they are blocked as well.
Here are the results when i ran that command.

[PS] C:\Windows\system32>get-mailboxpermission User | where { $_.isinherited -eq $false }
Identity             User                 AccessRights                                                IsInherited Deny
--------             ----                 ------------                                                ----------- ----
zzzzz.com/zzzzz/A... NT AUTHORITY\SELF    {FullAccess, ReadPermission}                                False       False

[PS] C:\Windows\system32>get-mailboxpermission VP | where { $_.isinherited -eq $false }
Identity             User                 AccessRights                                                IsInherited Deny
--------             ----                 ------------                                                ----------- ----
rwusa.com/zzzzz/A... NT AUTHORITY\SELF    {FullAccess, ReadPermission}                                False       False
zzzzz.com/zzzzz/A... zzzzz\administrator  {FullAccess}                                                False       False
zzzzz.com/zzzzz/A... zzzzz\username        {FullAccess}                                                False       False

[PS] C:\Windows\system32>get-mailboxpermission username   | where { $_.isinherited -eq $false }
Identity             User                 AccessRights                                                IsInherited Deny
--------             ----                 ------------                                                ----------- ----
rwusa.com/zzzzz/W... NT AUTHORITY\SELF    {FullAccess, ReadPermission}                                False       False
zzzzz.com/zzzzz/W... zzzzz\administrator  {FullAccess}                                                False       False
zzzzz.com/zzzzz/W... zzzzz\username     {FullAccess}                                                False       False

0
 
LVL 32

Expert Comment

by:endital1097
ID: 33650243
let us know if you need anything more
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33662260
Thanks for the points wilsonJ > but I think endital deservers 100% of the credit on this one.
0
 

Author Comment

by:WilsonJ
ID: 33662514
How do I change it, do i have to ask moderator.
 
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33662560
From your end - you should be able to allocate endital's post as the answer and uncheck mine.
Otherwise - click on request attention link on top.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33662580
thanks everyone :)
0
 

Author Closing Comment

by:WilsonJ
ID: 33781790
Sorry for the delay it completely skipped my mind, i thought i had already re-assigned the points.
Thanks a lot.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question