Main Contents

Set global permissions on Exchange mailbox folders

June 16, 2008

I recently had a request to grant view-only permissions for all calendars in an Exchange organization. Usually in small businesses this request comes in as simply granting administrator access to all mailboxes for the CEO or something similar, but in this case it was just calendars. This could be done by going to every user’s mailbox, right-clicking the folder and going to the permissions tab, but that could take years for large organizations. I needed a way to do this centrally. I did some research and figured out this could be done with scripting, but I also came across a gui that saved me a bunch of time. I found the original docs at hellomate.typepad.com but you can’t download the app from them anymore, so I’m posting it here. You need acl.dll and setperm.zip. The docs for setperm are in the zipfile, but it goes like this:

  • Start from a computer logged in with administrator access to all mailboxes. Outlook needs to be installed. This should also work from the Exchange server.
  • Copy acl.dll to windows\system32 and from there run ‘regsvr32 acl.dll’. You should get a successful dll registration.
  • Run ’setperm /mailbox:[mailboxname]\[servername]‘ where [mailboxname] is an Exchange user and [servername] is the exchange mailbox server. (This can be any user, does not have to be an admin, and will have no impact on the results. Supposedly you can use a template mailbox you have set up with appropriate permissions, but that wouldn’t work for me.)
  • Check the folders to set, select your user to grant permissions to (or use the Default role), and select the target mailboxes.

This solution isn’t perfect for a few reasons: users can still remove people from having access and new users won’t inherit these permissions as default. This is where a script would be handy and then you could schedule it to run every night, for example. If the need arises I may do that someday.

Filed under: Microsoft, Windows |

1 Comment

  1. Mike Archambault October 22, 2008 @ 6:55 am

    It’s better and much easier to do the same with a new vesrion of scriplogic’s security explorer for exchange.

    This solution is one of the greatest way to manage, backup and search exhange permissions including mailbox permissions and public folder permissions like calendars, contacts, inbox and etc