Exchange 2010 Remove Delete Rights from the Calendar for the mailbox owner

I received a request to remove from a specific user the ability to delete items from a their Calendar.  Yes, understand this is not a normal modification.  

I have tried these PS commands in the EMS


[PS] C:\Windows\system32>add-MailboxFolderPermission -Identity test2@domain:\Calendar -User "test2@domain" -
AccessRights NoneditingAuthor


RunspaceId   : 85fe2d65-1f9e-4bf3-be8d-03967201
FolderName   : Calendar
User         : Test account
AccessRights : {NonEditingAuthor}
Identity     : Test account
IsValid      : True

Set-MailboxFolderPermission -Identity test2@domain:\Calendar -User "test2@domain" -AccessRights NoneditingAuthor


I can verify that the proper right in the ACL has been set but when I access the calendar using Outlook, the Delete rights are still present.  I did wait until after the OAB replicated before I tested

[PS] C:\Windows\system32>Get-MailboxFolderPermission -Identity test2@domain:\calendar |fl


RunspaceId   : 85fe2d65-1f9e-4bf3-be8d-03967201
FolderName   : Calendar
User         : Default
AccessRights : {NonEditingAuthor}
Identity     : Default
IsValid      : True

RunspaceId   : 85fe2d65-1f9e-4bf3-be8d-03967201
FolderName   : Calendar
User         : Anonymous
AccessRights : {None}
Identity     : Anonymous
IsValid      : True

RunspaceId   : 85fe2d65-1f9e-4bf3-be8d-03967201
FolderName   : Calendar
User         : Test account
AccessRights : {NonEditingAuthor}
Identity     : Test account
IsValid      : True
JC2010ceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
The highest privilege wins when you are talking about NTFS security, Deny trumps Full Access. However the user already has Full Access over their mailbox so placing a lower level of access at the folder level will not take precedence over the Full Access this user will already have being the owner of the mailbox.

You cannot stop a user from Deleting anything from the mailbox (as an operation). However you can enable Legal Hold's on mailboxes so that the data that they delete is stored in a hidden folder.

Aside from that you cannot accomplish what you are looking to do.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.