This article describes common scenarios that arise in the context of managing permissions on Microsoft Exchange Server. While the article was written for earlier versions of Microsoft Exchange, the information applies to all versions of Exchange server, however, the exact path to the user accounts will vary.
How to view shared subfolders in an Exchange mailbox explains in detail how to configure permissions to folders using Outlook. It includes a video tutorial.
Microsoft Exchange Server Public Folder DAV-based Administration Tool allows the admin to change permissions on the mailboxes on the Exchange server. It works with all mailbox folders.
Viewing Permissions | Folder Permissions | User Reply Address | Tools | Set All Calendars to Reviewer | More Information
Viewing Permissions
If you don’t see permissions on objects in the Exchange Administrator program (4.0 – 5.5), choose Tools | Options, switch to the Permissions tab, then check the box for Show Permissions pages for all objects.
Folder Permissions
Existing folders do not automatically propagate permission changes to child folders. However, new folders do inherit permissions from their parents. Also, using the Exchange Administrator program, you can propagate settings to child folders.
If you are not the administrator and need to manage folder permissions, ask the administrator to set up some distribution lists that you can use for setting permissions on the folders. You will need to have permission to edit the DL. Then, when someone new needs to be added, you’ll just change the DL — adding and removing members through Outlook — not the permissions on each folder.
Also see:
- XCLN: How to Create Public Folders and Set Default Properties on All Subsequently Created Folders
- XADM: Propagating Permissions to All Public Folder Subfolders
- XADM: Using PFADMIN to Remove Public Folder Permissions
- XADM You Cannot Add a Distribution Group to Permissions of a Public Folder in Exchange 2000 — If you want to use a distribution group, you need AD in native mode.
- XADM White Paper – Public Folder Permissions in a Mixed-Mode Microsoft Exchange Organization
- Using a Security Group to Create Public Folder Permissions
- Working with Store Permissions in Microsoft Exchange 2000 and 2003
User Reply Address
Several scenarios:
- You want a user to be able to reply to messages sent to a public folder with the folder’s address.
- You want a user to be able to reply with another mailbox’s address — without the user’s own address appearing anywhere on the reply.
- You want to be able to send using the return address of a distribution list in the Global Address List (GAL).
The solution is the same in all cases: You must grant Send As permission on the folder or mailbox using the Exchange Administrator program or Active Directory. Send As is granted via accounts and groups, not mailboxes and Exchange distribution lists. If you want a user to send with a folder’s address, the folder must not be hidden.
Once the user has Send As permission, they can use View | From Field in Outlook to display the From box and either click From to choose from the Address Book or type in the name of the public folder or other mailbox. If the public folder is hidden from the GAL, the user should go to the folder’s Properties page and add the folder’s address to their own address book.
See:
- HOW TO Grant Send As and Send on Behalf Permissions in Exchange 2000 Server
- XADM How to Grant a User Send As Rights in Exchange Server 5.5 and Exchange 2000
Tools
Access Security Manager controls and verifies Exchange/Outlook mailbox and public folder access rights and permissions. ASM enables you to audit and update users' permissions in line with approved security policy and practices, e.g. when an employee changes roles within or leaves the company. Recent updates allow you to dump the permissions into a database for more granular auditing. ASM is used by some of the largest banks is US, Europe and Japan to assist with security management | |
Use U-BTech's ADDelegates to manage recipient and mailbox folder permissions. Delegate control, including the "Deliver meeting requests" setting, outlook folder permissions, Free/Busy options for controlling the time, subject and location details are now at your Active Directory MMC. | |
Controls and verifies Exchange Mailbox and public folder access rights and permissions. Manager then enables you to audit and update users' permissions in line with approved security policy and practices, e.g. when an employee changes roles within or leaves the company. | |
Interrogates the contents of the live Exchange email stores, looking into personal folders, mailboxes and subfolders, local and central PST files, and deleted items to ensure all relevant messages and attachments are discovered. | |
Assign permissions on multiple Exchange public folders and system folders and users can modify mailbox permissions in addition to public folder permissions, company-wide. It works with Exchange 5.5, 2000 and 2003; and, for reporting, you can print out current permissions on single or groups of folders. Version 2. | |
ExFolders is a port of PFDAVAdmin to Exchange 2010 but must be run from an Exchange 2010 server. Used to manage folder permissions on Exchange 2010 or Exchange 2007 (but not older versions). | |
Symprex Folder Permissions Manager allows administrators to centrally manage all permissions on mailbox folders and public folders on Exchange 5.5, 2000 and 2003. Folder permissions can be listed and changed manually, or using templates with permissions settings created using the built-in wizard. Permissions can be applied to any number of mailboxes and folders at the click of a button. | |
Web application for viewing and modifying folder permissions. For Exchange 2000. Free. | |
Tool from the Exchange 2000 Resource Kit to change permissions and replication settings for a folder and its subfolders. Does not work with any version of Exchange after Exchange 2000 SP1. Also see: | |
Free tool from Microsoft for managing permissions on public and mailbox folders, including all the way down to the item level. Requires .NET Framework. For use with Exchange 2000 Server, Exchage Server 2003 and Exchange Server 2007. | |
Tool from the Exchange Server Resource Kit for generating a file with information about public folder permissions and replicas. See XADM Error Message Opening Address Book When Running the Pfinfo.exe Utility. | |
View folder permissions and other properties. Export folder properties and permissions to a text file or relational database for analysis. Send customized messages to folder owners. Manage orphaned public folder client permissions. | |
Allows you to set default permissions on individual folders within mailboxes throughout your organization or on groups of mailboxes. Free. |
Set All Calendars to Reviewer
Many organizations want people to not only see each other’s free/busy times but also get appointment details. Therefore, they want to enforce a policy of using Reviewer as the default permission on each user’s Calendar folder. This is not a capability built into Outlook, but you can perform this task with some of the tools above.
If you want to experiment, you could also create a custom application using CDO and the ACL Component from the Platform SDK to manage permissions; a version of Acl.dll compiled for Windows NT/2000 is available from Microsoft’s FTP site (this site is not always responsive). If you need a Windows 95/98 version, you’ll have to compile the C++ source yourself. More information:
- Sue Mosher’s pre-conference Workshop from Microsoft Exchange Conference 99 — The PowerPoint presentation for Segment 5 (324kb) includes details on the ACL model. The source code (473kb) includes a sample Outlook 2000 VBA project that runs on Windows NT only.
More Information
- XADM Changes to Primary Windows NT Account on Mailbox Do Not Take Effect — How to make your permissions changes take effect right away
- XADM Send As Rights Granted to Local Administrators — fixed in Exchange 2000 SP2
- MAPI based permission roles for public folders in Exchange 2000
Articles that may interest you:
Last reviewed on Dec 3, 2011
Hot Topics