1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Restricting access on Exchange folders

Discussion in 'Software' started by Leehaa, May 15, 2008.

  1. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91
    We have a user who needs access to one of the email folders on our exchange server.
    He also needs to be able to share his calendar with users on our domain.

    He is external to the company and, should literally just be able to access the one folder, be blocked from all public folders.
    Also, he has a MAC.

    We figure that the best way would be to create him an internet email account on our exchange server (please tell if you can think of any other set-up) so that he can login to that and access the relevant folder...

    What I'm not sure of is how to lock it down so that he is only able to view the relevant folder, and none of the others in the public folders (which I think all people need full access to by default)

    Anyone got any ideas? Would it by some kind of GPO in AD, or would it be more simple than that?

    He he...I know what exam I'm going to be studying for next, rather than 290! :biggrin

    Thanks in advance!
     
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  2. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    His access is via OWA (outlook web access) id imagine.

    The public folders should just be a case of checking the permissions, the 2 to look for are default and anonymous.
    If they are set correctly (ie the "folder visible" box unticked) then he would need to be specifically added for him to view and then on to amending/deleting stuff.

    The calender thing, 2 things you could do, one open his account in outlook (as the main account, not a subfulder in someone elses account), and go into tools, options, delegates, then add the relevant people to what is needed, they in turn use the file - open other users folder to view it.

    Or you could create him a public calender for him, then set permissions as appropriate.

    Remember you can do all this in a normal outlook profile before trying it in OWA.

    I personally would just get someone to forward all relevant emails to him, much easier for me and my department ;)
     
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal
  3. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91
    Yes - sorry!

    This is where it gets complicated :blink - they are all visible as standard. For specific reasons ...i'm not sure the exact reasons (first week in the job), it needs to be left that all folders are visible (in terms of default and annonymous), but then access is restricted as appropriate...

    (Just edited that - hope it makes a bit more sense!)
     
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  4. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    You could make a replica of the public folder on another exchange server (in another routing group) and set the permissions for him on that replica, locking it all down and leave the original copy and permissions intact for internal users to use.
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  5. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91

    Good idea thanks! Quite a lot to do for just one person, but having done a bit of research i'm not sure how else to get around it...
     
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  6. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    Is the folder content static? if it is you could make a folder in the guys mailbox and copy in the data.
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  7. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91
    Unfortunately not. Shared between 3 or 4 people with a lot of data being moved around...
     
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  8. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    If you're using public folders I take it you have Exchange 2003?

    I don't know anything about 2003 but a little about 2007.

    The way I'd do it is to create another group in AD and put him in it. Give his public folder the appropriate access permissions through this new group, and then add his group to all the other folders with deny permissions.

    This is of course quite a lot of work if you have a lot of users with public folders, but you might be able to script it.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685

Share This Page

Loading...