Solved

Exchange 2010 Calendar, domain admins can see all users appointments not just Free/Busy

Posted on 2015-01-23
4
450 Views
Last Modified: 2015-01-27
We are running Exchange 2010 on Server 2008 R2.

Domain admins have the ability to see too much information on users calendars, we need to ensure that only Free/Busy information is known for Key company directors and managers.

I checked a Directors account:
Get-MailboxFolderPermission –identity Users@Company.com:\calendar | FL
PowerShell Screen GrabFull Access Permissions to account
Is there anywhere else i can check and restrict what the domain admins can see?

Thanks,
0
Comment
Question by:ncomper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40566480
Have you checked the users Active Directory account? Do the domain admins have permissions from the domain level on all accounts to view this information?

Just go to the User in ADUC, properties>Security> Advanced check to ensure that domain admins do not have full control over the user account.

Will.
0
 
LVL 5

Author Comment

by:ncomper
ID: 40566496
Thanks Will,
    They do have full permissions, don't suppose you know what needs to be removed to make sure we can still maintain the accounts but restrict the information visible.

Thanks,
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40566512
Use you the Exchange Role Base Access Contorl to control permissions within Exchange. If in your hierarchy have domain admins with full permissions this is being applied to all user accounts and also newly created accounts.

I would create a test account, remove the permissions from the account for domain admins and see what are you able to see with that account. Once you have the permissions ironed out on the test account you can remove it from the hierarchy in the domain.

Will.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 40572491
This was a setting linked to outlook on a laptop that was off site. Above checks are all relevant and were very useful
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Outlook contact memory 2 18
query all mailbox rules 5 26
public folder mailbox full 7 14
Exchange 2013 - Recommended Event Log size? 4 17
What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question