Solved

Restrict write permission on self

Posted on 2014-04-25
7
291 Views
Last Modified: 2014-05-15
Hello
I'm trying to restrict permission on a mailbox account so that it can not write to it's own contact list.
I want the account to able to only read it's own contact list

Where do I set the permissions?
0
Comment
Question by:Bes4dmin
  • 3
  • 2
7 Comments
 

Expert Comment

by:FF-ExEx
ID: 40022465
This is not possible at least not on the users own mailbox because well he is the owner of that mailbox.

Depending on the goal you might want to think about using shared or ressource mailboxes where you can set delegated access.

Generally spoken permission are set using the Exchange powershell - Add-ADPermission for instant would be one of the used cmdlets.
0
 
LVL 1

Author Comment

by:Bes4dmin
ID: 40023008
Perhaps you're right even though I believe it's possible. I tried setting permissions on the mailbox in the information store top and the contacts folder beneath it with add-adpermission command but with no luck.

Maybe if I set permissions right on the AD user or using ADSI Edit.. suggestion?

The goal is to use this mailbox as a shared contact list only. Users will add this mailbox to their iPhones and only sync the contacts. We don't want the users to be able to add/change or delete contacts hence the permission restriction we are trying to accomplish.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 40058847
You will not be able to restrict the user from adding to their local contacts but you could try a Public Folder setup for this.

I have 2 possible sources to assist you in setting it up:

http://ct-miramar.com/blog/2011/07/18/create-public-contacts-folder-in-exchange-2010/

Have a look at this one as well if you run into any issues: http://www.outlookforums.com/threads/87792-create-a-contacts-list-on-exchange-2010/

Hope this helps
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:Bes4dmin
ID: 40060135
Thanks HendrikWiese for your reply and the links. I probably should have mention the reason I want to resctrict the permisisons on the accounts own folders.

The goal is to have a shared contact list on the mobile devices using activesync. But I don't want the users being able to write or delete the contacts thus the permission restriction.
The Public Folder solution works as long as we use it within Outlook only. As far as I know you can't "activesync" a PB.
0
 
LVL 21

Accepted Solution

by:
Hendrik Wiese earned 500 total points
ID: 40061167
You will be able to sync the public folders.

Have a look at the following link: http://www.tomshardware.com/forum/56603-36-sync-mobile-exchange-public-folders

Hendrik
0
 
LVL 1

Author Closing Comment

by:Bes4dmin
ID: 40067160
Even though I wasn't looking for a solution that includes third party software your link contained what seem to be the only option to accomplish what I want
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
how to add IIS SMTP to handle application/Scanner relays into office 365.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question