Solved

PowerShell/Exchange - Access to Shared mailbox but without allowing mail deletion

Posted on 2013-05-20
2
664 Views
Last Modified: 2013-05-20
Dear Experts,

Could you please advise is there some method to set for a user who has access to Shared mailbox, that would be able to read mails only without deletion?

In PowerShell the syntax for giving access to a shared mailbox is the follow one, but this does not contain some read only kind of possibility:
Add-MailboxPermission "TestMailbox" -User IT\R.Smith -AccessRights fullaccess -InheritanceType all

I am aware of another syntax too:
Add-MailboxPermission -Identity "TestMailbox" -User IT\R.Smith -AccessRights ReadPermission
but this is some other permission related as tested and sure still allows the mail deletion, inspite of sounding to some read kind of permission

thanks,
0
Comment
Question by:csehz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39180853
The only reliable way I know of is to do it in the mailbox itself.
Therefore you will take away the Full Mailbox Access, then add permissions to the top of the tree and the sub folders. If you grant the permission to a group, then it will be easy to add and remove permissions in the future.

http://exchange.sembee.info/outlook/sharing-non-default-folders.asp

If you need to grant permissions to a tree, then use exfolders to help propagate the permissions down the tree.

You can also add the permissions with EMS using add-mailboxfolderpermissions, but that still will not do the full tree.

Simon.
0
 
LVL 1

Author Closing Comment

by:csehz
ID: 39180982
Thanks it has been tested now, it works exactly as you wrote
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question