It's been a while since I've jumped into GPO's or the like, but I was made aware of a security issue in my organization. What's happening is it seems I have some users out there that when they open a shared calendar, they can see everything on the users calendar fully. As far as I can tell, these users are all my HR users, and seems to all be members of a few groups.
If I open a shared calendar, I see free/busy info, but nothing else. So my question, where can I see calendar permissions for exchange users? Note, I'm currently running my domain in mixed mode, as I have recently added two 2008 DC's and my old 2003's are still hanging around for a short time. The 2008 controllers are the FSMO master.