Restrict Meeting Room Access to a Grouip

I have been trying to restrict scheduling of meetings to a room called TestRoom to only members of the group ACL_TestRoom( universal security group-email enabled). There are three users in ACL_TestRoom group: User1, User2, and User3.  User 4 and User 5 are test users created to test scheduling of the room to see if it is restricted.

What I 've done from start:

- Created room TestRoom
- Created ACL_TestRoom univeral security group
- Added User1, User2, and User3 to group ACL_TestRoom
- email enabled ACL_TestRoom
- Added ACL_TestRoom group to TestRoom-> Properties-> Resources In-Policy Requests in "Specify users who are allowed to submit in-policy meeting requests that will be automatically approved"  

If I log on as User4 which is not a member of ACL_TestRoom group, I am still able to reserve the room and invite users 1-3. I also don't get a notification stating that the scheduling was   approved or rejected for that matter. But the meeting does show up on the calendar. From articles, I 've read this is supposed to work but it is not.


I have also tried setting up  Properties->Mail Flow Settings->Message Delivery Restrictions to "only senders in the following list" and add ACL_TestRoom but when I try to schedule room I get  an email error which is what I expected but it still schedules the room and sends the email to the other users(1-3) that I invited.

Any ideas on what to try next, or am i doing somthing wrong?
jesus ramirezAsked:
Who is Participating?
 
FOXConnect With a Mentor Active Directory/Exchange EngineerCommented:
Jesus,
If you want to lock the Test Room down to only the group ACL_TestRoom you need to put that group in the BookInPolicy

Open your exchange management Shell
This is the command for properly setting it up so that anyone else other than users in the ACL_TestRoom will get a rejection:

Set-CalendarProcessing 'TestRoom' -AutomateProcessing 'AutoAccept'  -BookInPolicy 'ACL_TestRoom'  -AllBookInPolicy $False
0
 
jesus ramirezAuthor Commented:
Can the BookInPolicy  option be set via the properties GUI interface?
0
 
jesus ramirezAuthor Commented:
What is the effect of setting TestRoom-> Properties-> Resources In-Policy Requests in "Specify users who are allowed to submit in-policy meeting requests that will be automatically approved"  to allow selected group ACL_TestRoom?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
jesus ramirezAuthor Commented:
FOX,

I ran the command:

Set-CalendarProcessing 'TestRoom' -AutomateProcessing 'AutoAccept'  -BookInPolicy 'ACL_TestRoom'  -AllBookInPolicy $False

Now this is what happens:

If I try to book the room for a meeting as user 4 or user 5 which are not in the ACL_TestRoom group. I do get a declined email message but the room is still booked and user1, user2, and user3 (invitees) get the request and are able to accept the meeting.
0
 
FOXActive Directory/Exchange EngineerCommented:
Please run Get-CalendarProcessing 'TestRoom' | fl

Paste your results here so I can see what you have set wrong
0
 
FOXActive Directory/Exchange EngineerCommented:
Jesus- The below is a perfect read for you.  You want scenario #4(Scroll down).  Make sure those are your settings.  
Get-CalendarProcessing 'Test Room' | fl                                               <<will return your results

If you need help with the settings let me know.

ref link: https://itpro.outsidesys.com/2017/11/06/exchange-configuring-the-resource-booking-attendant-with-powershell/
0
 
jesus ramirezAuthor Commented:
Here is the result:

C:\Windows\System32>Get-CalendarProcessing 'TestRoom' | fl

RunspaceId                          : a0a98292-5555-4590-9760-65c6cd4051b2
AutomateProcessing                  : AutoAccept
AllowConflicts                      : False
BookingWindowInDays                 : 180
MaximumDurationInMinutes            : 1440
AllowRecurringMeetings              : True
EnforceSchedulingHorizon            : True
ScheduleOnlyDuringWorkHours         : False
ConflictPercentageAllowed           : 0
MaximumConflictInstances            : 0
ForwardRequestsToDelegates          : True
DeleteAttachments                   : True
DeleteComments                      : True
RemovePrivateProperty               : True
DeleteSubject                       : True
AddOrganizerToSubject               : True
DeleteNonCalendarItems              : True
TentativePendingApproval            : True
EnableResponseDetails               : True
OrganizerInfo                       : True
ResourceDelegates                   : {}
RequestOutOfPolicy                  : {}
AllRequestOutOfPolicy               : False
BookInPolicy                        : {server.net/Users/ACL_TestRoom}
AllBookInPolicy                     : False
RequestInPolicy                     : {}
AllRequestInPolicy                  : False
AddAdditionalResponse               : False
AdditionalResponse                  :
RemoveOldMeetingMessages            : True
AddNewRequestsTentatively           : True
ProcessExternalMeetingMessages      : False
RemoveForwardedMeetingNotifications : False
MailboxOwnerId                      : server.net/Users/Test Room
Identity                            : server.net/Users/Test Room
IsValid                             : True
0
 
FOXActive Directory/Exchange EngineerCommented:
Jesus,
As a test run this command then do another booking with a user that is not in the bookinpolicy

Set-CalendarProcessing 'TestRoom' -AllRequestOutOfPolicy  0


ref link: https://community.spiceworks.com/topic/1119670-conflicting-bookings-being-accepted-in-resource-mailbox-calendar-exchange-2013
0
 
jesus ramirezAuthor Commented:
Isn't the property below AllRequestOutOfPolicy already set to 0 since it's false.

AllRequestOutOfPolicy               : False
0
 
FOXActive Directory/Exchange EngineerCommented:
I would believe so myself.  I was suggesting you do it as a test.
Today I created a room mailbox with the exact same settings I suggested to you, the same settings that you have in the screenshot you sent me and anyone out of the bookinpolicy group received a rejection and the entry did not end up in the room mailbox.  

Question, those other settings you did, have you removed them?
'I have also tried setting up  Properties->Mail Flow Settings->Message Delivery Restrictions to "only senders in the following list" and add ACL_TestRoom but when I try to schedule room I get  an email error which is what I expected but it still schedules the room and sends the email to the other users(1-3) that I invited.'  <<Remove these settings
0
 
jesus ramirezAuthor Commented:
I am not sure what was going on but I updated the server and it seems to be working now.
0
 
jesus ramirezAuthor Commented:
Thank you for all your help
0
 
FOXActive Directory/Exchange EngineerCommented:
Nice.....When you say updated the server....Did it need patches?
0
 
jesus ramirezAuthor Commented:
Yes. I don't think it had been updated for over 2 years, so I asked the IT manager if I could update it and he said to do so.
0
 
jesus ramirezAuthor Commented:
HOw do i close a question. I don't see where to close it.
0
 
FOXActive Directory/Exchange EngineerCommented:
EE user did not know how to award points and close the question
0
All Courses

From novice to tech pro — start learning today.