Exchange 2010 - Shared/Room/Equipment Mailboxes - Permissions Best Practices
Posted on 2011-09-07
I am in need of some assistance in regards to permissions and best practices for Exchange. We have recently migrated from Novell Groupwise 8.02 to Microsoft Exchange 2010 SP1. During this conversion what was previously called "Proxy" rights were converted to "Delegate Access" rights. What I have been finding is that none of these rights converted very well, and most if not all of them do not work as they should. I have users who used to have Proxy (or Delegate) rights to a shared mailbox that cannot open the mailbox, or cannot open the calendar. I also have other users who had Proxy rights who are now getting CC'ed on every appointment made with a shared resource (i.e. Conference Rooms).
In order to fix this problem I am under the assumption that I will be starting over from a permissions standpoint. I have learned very quickly that I do NOT want to use the Delegate Access feature as it is presented in the Outlook client, as it is a very cumbersome way to manage permissions to mailboxes.
The first problem I am having is finding the powershell commands to show who the current delegates are so I can delete them. If I have to, I guess I will, but I do not feel like setting up an Outlook profile for every single shared resource, and setting a password for every single shared resource, so I can go in and manually remove all of the delegates from every single shared resource.
The second problem I am having is I have no idea the proper way to assign rights without using the Delegate Access permission. For example, I would like to give the receptionists rights to add/remove and review calendar appointments without giving them access to assign delegate access to others.
The third problem I am having is figuring out how to assign these rights to security groups instead of directly to users, thus making these permissions easier to manage going forward.
Any help with any of these problems is greatly appreciated.