Solved

Restrict write permission on self

Posted on 2014-04-25
7
303 Views
Last Modified: 2014-05-15
Hello
I'm trying to restrict permission on a mailbox account so that it can not write to it's own contact list.
I want the account to able to only read it's own contact list

Where do I set the permissions?
0
Comment
Question by:Bes4dmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 

Expert Comment

by:FF-ExEx
ID: 40022465
This is not possible at least not on the users own mailbox because well he is the owner of that mailbox.

Depending on the goal you might want to think about using shared or ressource mailboxes where you can set delegated access.

Generally spoken permission are set using the Exchange powershell - Add-ADPermission for instant would be one of the used cmdlets.
0
 
LVL 1

Author Comment

by:Bes4dmin
ID: 40023008
Perhaps you're right even though I believe it's possible. I tried setting permissions on the mailbox in the information store top and the contacts folder beneath it with add-adpermission command but with no luck.

Maybe if I set permissions right on the AD user or using ADSI Edit.. suggestion?

The goal is to use this mailbox as a shared contact list only. Users will add this mailbox to their iPhones and only sync the contacts. We don't want the users to be able to add/change or delete contacts hence the permission restriction we are trying to accomplish.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 40058847
You will not be able to restrict the user from adding to their local contacts but you could try a Public Folder setup for this.

I have 2 possible sources to assist you in setting it up:

http://ct-miramar.com/blog/2011/07/18/create-public-contacts-folder-in-exchange-2010/

Have a look at this one as well if you run into any issues: http://www.outlookforums.com/threads/87792-create-a-contacts-list-on-exchange-2010/

Hope this helps
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 1

Author Comment

by:Bes4dmin
ID: 40060135
Thanks HendrikWiese for your reply and the links. I probably should have mention the reason I want to resctrict the permisisons on the accounts own folders.

The goal is to have a shared contact list on the mobile devices using activesync. But I don't want the users being able to write or delete the contacts thus the permission restriction.
The Public Folder solution works as long as we use it within Outlook only. As far as I know you can't "activesync" a PB.
0
 
LVL 21

Accepted Solution

by:
Hendrik Wiese earned 500 total points
ID: 40061167
You will be able to sync the public folders.

Have a look at the following link: http://www.tomshardware.com/forum/56603-36-sync-mobile-exchange-public-folders

Hendrik
0
 
LVL 1

Author Closing Comment

by:Bes4dmin
ID: 40067160
Even though I wasn't looking for a solution that includes third party software your link contained what seem to be the only option to accomplish what I want
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question