Solved

Restrict write permission on self

Posted on 2014-04-25
7
287 Views
Last Modified: 2014-05-15
Hello
I'm trying to restrict permission on a mailbox account so that it can not write to it's own contact list.
I want the account to able to only read it's own contact list

Where do I set the permissions?
0
Comment
Question by:Bes4dmin
  • 3
  • 2
7 Comments
 

Expert Comment

by:FF-ExEx
ID: 40022465
This is not possible at least not on the users own mailbox because well he is the owner of that mailbox.

Depending on the goal you might want to think about using shared or ressource mailboxes where you can set delegated access.

Generally spoken permission are set using the Exchange powershell - Add-ADPermission for instant would be one of the used cmdlets.
0
 
LVL 1

Author Comment

by:Bes4dmin
ID: 40023008
Perhaps you're right even though I believe it's possible. I tried setting permissions on the mailbox in the information store top and the contacts folder beneath it with add-adpermission command but with no luck.

Maybe if I set permissions right on the AD user or using ADSI Edit.. suggestion?

The goal is to use this mailbox as a shared contact list only. Users will add this mailbox to their iPhones and only sync the contacts. We don't want the users to be able to add/change or delete contacts hence the permission restriction we are trying to accomplish.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 40058847
You will not be able to restrict the user from adding to their local contacts but you could try a Public Folder setup for this.

I have 2 possible sources to assist you in setting it up:

http://ct-miramar.com/blog/2011/07/18/create-public-contacts-folder-in-exchange-2010/

Have a look at this one as well if you run into any issues: http://www.outlookforums.com/threads/87792-create-a-contacts-list-on-exchange-2010/

Hope this helps
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:Bes4dmin
ID: 40060135
Thanks HendrikWiese for your reply and the links. I probably should have mention the reason I want to resctrict the permisisons on the accounts own folders.

The goal is to have a shared contact list on the mobile devices using activesync. But I don't want the users being able to write or delete the contacts thus the permission restriction.
The Public Folder solution works as long as we use it within Outlook only. As far as I know you can't "activesync" a PB.
0
 
LVL 21

Accepted Solution

by:
Hendrik Wiese earned 500 total points
ID: 40061167
You will be able to sync the public folders.

Have a look at the following link: http://www.tomshardware.com/forum/56603-36-sync-mobile-exchange-public-folders

Hendrik
0
 
LVL 1

Author Closing Comment

by:Bes4dmin
ID: 40067160
Even though I wasn't looking for a solution that includes third party software your link contained what seem to be the only option to accomplish what I want
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question