Exchange Online - Set FOLDER permissions recursively in shared mailbox

Similar Messages

• Exchange Online Protection (standalone) permissions are not working as expected

  Exchange Online Protection (standalone)  permissions are not working as expected.
  we provided access to Hygiene Management to some members and they not able to access EOP site.
  This is standalone EOP.
  ksrugi

  Hi,
  what roles did you have assigned to them and what error message do you get?
  Greetings
  Christian
  Christian Groebner MVP Forefront

• Set folder permissions by Powershell

  Hello there.
  I'm trying to set permissions to a shared folder by Powershell.
  I used the following script:
  $Acl = Get-Acl "C:\MySharedFolder"
  $Ar = New-Object system.security.accesscontrol.filesystemaccessrule("username","FullControl","Allow")
  $Acl.SetAccessRule($Ar)
  Set-Acl "C:\MySharedFolder" $Acl
  So, what it happens is:
  1. The permission doesn't work;
  2. This permission appears in the "Security" tab of the folder as "Special permissions".
  Do I need to do something else?
  Is there a special way to set permissions to shared folders?
  Thanks in advance.
  Regards
  Lucas Gustavo

  The FileSystemAccessRule constructor that you're using is creating an ACE that only applies to the folder (there are no inheritance and propagation flags set). Changing the line that creates your ACE to the following should fix the issue:
  $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule ("username","FullControl","ContainerInherit, ObjectInherit", "None", "Allow")
  If you do a lot of access control stuff interactively (or if you would like to be able to use Desired State Configuration to configure access control), I've got a module that helps make doing this stuff more "PowerShelly" (ish?):
  PowerShell Access Control module
  Creating that ACE would look like this:
  New-AccessControlEntry -Principal UserName -FolderRights FullControl
  You could also simplify your code above to one of the following examples:
  # This uses the native Get-Acl and Set-Acl
  $Acl = Get-Acl "C:\MySharedFolder"
  $Acl | Add-AccessControlEntry -Principal UserName -FolderRights FullControl
  $Acl | Set-Acl
  # Or this example lets the module get and set the security descriptor:
  Add-AccessControlEntry -Path C:\MySharedFolder -Principal UserName -FolderRights FullControl
  My favorite function, though, is Get-AccessControlEntry:

• Set Forwarding Address on a Shared Mailbox

  I am going to use Powershell to set the forwarding address on a Shared Mailbox. I need to allow a user who does not have Full Access to this mailbox and is not an Administrator to do this. I think I need to use RBAC to achieve this but I am not
  too sure on the details. Is it possible to set the scope to a specific mailbox and permission? Can any one suggest what is required?
  Kevin Gallagher

  Hi Kevin,
  In your case, you can use the New-ManagementScope cmdlet with the RecipientRestrictionFilter parameter to limit the scope to an individual user.
  For more information, please refer to the Recipient Filter Scopes part in the following article.
  Understanding Management Role Scopes
  http://technet.microsoft.com/en-us/library/dd335146(v=exchg.141).aspx#Recipient
  What's more, if you just need to grant one user the permission to set the forwarding address for a specified shared mailbox, you need to create a custom management role.
  Here is an article about custom management role using RBAC for your reference.
  Create a Custom Admin Role for Exchange using RBAC
  http://blogs.technet.com/b/nepapfe/archive/2014/02/05/create-a-custom-admin-role-for-exchange-using-rbac.aspx
  Hope this can be helpful.
  Best regards,
  Amy Wang
  TechNet Community Support

• Granular Permissions on a Shared Mailbox

  I've created a Shared mailbox in our Exchange environment.    The managers don't want everyone to have the ability to delete messages in that box, but they want everyone to be able to read.  
  During the setup of a Shared mailbox you grant Full Access permissions to the box in order for it to be added to people's outlook.   However as the name implies it gives them complete control.    Is there a way for me to be more
  granular about it?

  Hi John,
  Any udpate for your issue?
  Regards!
  TechNet Subscriber Support
  in forum
  If you have any feedback on our support, please contact
  [email protected]
  Gavin
  TechNet Community Support

• Exchange 2003 + Outlook 2010 hangs if deleted shared mailbox exists into profile

  Environment - Exchange 2003 + Outlook 2010 published via Citrix
  We recently did the cleanup of shared mailboxes which are no longer needed. However post our activity we found that many users are reporting that their Outlook is hanging for a long time during startup and it continues while working on outlook. Upon investigation
  we found that their Outlook profile was having 1 or 2 shared mailboxes listed which were deleted from organization. As soon these shared mailboxes were removed from profile the Outlook started working fine.
  Is this know issue of Outlook and if any hotfix available for same, I have already checked the 'download shared folder' option which isn't selected.
  Absar

  Hi,
  Maybe the issue is related to the default behavior in Outlook.
  How about try the following:
  http://support.microsoft.com/kb/982697
  Best regards,
  Rex Zhang
  TechNet Community Support

• Exchange 2013 - Out of office unavailable when shared mailboxes added in

  Good Morning all,
  I have a strange issue with our MS Exchange 2013 environment concerning out of office.
  When certain users try and access the OOO it gives them the below error message:
  "Out
  Of Office cannot be display because the server is currently unavailable"
  As I mentioned, this is not affecting all users, here comes the strange part(I think so anyway)
  The users in question have a shared mailbox added, if I remove the mailbox VIA ECP / Outlook client, out of office begins to work, once I add the mailbox back in, everything works, until the next day or some sort of refresh takes place and then OOO becomes
  unavailable again.
  Any help would be greatly appreciated.
  Thanks,
  San.

  Did you recently installed windows update?
  If yes, then check this, see if it applies by uninstalling the update.
  http://windowsitpro.com/blog/update-causes-outlook-2013-fail-open-archive-mailboxes
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Have to keep setting folder permissions on folders within a shared folder

  My husband and I both have iMacs and had problems with permissions being set to read only for everyone but him on his iMac. The problem is within a shared folder named Butterflies on his iMac. In a previous question I posted I was told to set ACLs using terminal for all files and folders in the Butterflies folder which is within the documents folder on his computer.
  This worked at the time but now the same problem is cropping up. He tried to run the same command on his computer (he is logged in as administrator) and the message comes up "unable to reset permissions" for each file in the Butterflies folder. We upgraded both computers to OS X 10.5.7 when it came out a while back but this started happening just yesterday. Is this some problem requiring an update we haven't installed yet?
  Thanks in advance...
  Kim

  The important thing to remember with inherited ACLs is that new files must be newly created or copied into the folder hierarchy for them to properly inherit the new permissions. If you make a new folder on your Desktop, and then move it into your sharing folder by drag and drop, it won't inherit the ACL properly and will still be read-only for others. It you have existing files that you want in the share folder, hold down the option key while dragging them in. That will make new copies of them, and then you can delete the originals.
  Also note that some apps (like Apple's TextEdit) will ignore the ACL if you try to directly save their files in the ACL folder. Save TextEdit files in a temporary location first, and then copy them in to the sharing folder.
  Also, be aware that most backup programs will strip off ACLs from the backups if the ACLs were inherited from a parent folder. Apple's Disk Utility, Time Machine, Finder, etc all have this problem. If you use SuperDuper or Carbon Copy Cloner to make backups then you can be sure that all your inherited ACLs are being copied properly.
  I know these ACL limitations are irritating. I use inherited ACLs to share files between my wife's and my user accounts, and these limitations sure irritate me. I think that ACLs are poorly implemented in OS X. I hope and wish that ACL handling will be improved in future OS X releases.

• Power shell script to list all files and folder permissions recursively

  Hi All,
  I am looking for a powershell script to perform the following operations.
  1) To list the folder and file permissions(Allow,Deny both) recursively in a given folder.
  2) List out all the files and folders which are having the deny permission or having only the read access (or) only the write access. Basically the folder should have Read,Execute,Write permissions. Else we have to flag that file/folder name.
  I had written a batch script for the same which does this task using icacls.exe output, but this script takes lot of time to recursively parse all the files ( ~1 lakh files).
  Please help me with the powershell script for the same.
  Thanks
  Sambasiva

  Try this module: http://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7b83
  After importing the module, you can run something like this:
  dir c:\folder -recurse | Get-AccessControlEntry
  That output can be exported to a CSV for later viewing. You can also provide some parameters to Get-AccessControlEntry to limit the results:
  dir c:\folder -recurse | Get-AccessControlEntry -FileRights Write
  dir c:\folder -recurse | Get-AccessControlEntry -AceType AccessDenied
  dir c:\folder -recurse | Get-AccessControlEntry -AceType AccessAllowed -FileRights Write

• Setting Folder Permissions on a Network Hard Drive

  I have an iomega network hard drive (500gb) connected by ethernet directly to my airport extreme. I am the administrator for this home network and have full access to airport settings. I want to set permissions for individual folders on that drive so some users can read and write to them, and some users can only read them. All users need some read/write access to the drive, so I can't simply lock the entire drive. When I open the information screen for a folder on this drive, the "locked" check box will not stay checked, and I have no drop-down options in the permissions area. How do I set permissions for folders on this network drive?

  Just giving it a Push;
  Same Problem here

• Setting access permissions on a shared drive

  I am in a classroom setting with 12 Mac Pro's, running 10.5.8. I have added a second internal drive, and would like to create seperate folders for each student's data. We are on a network, and the students log on to the domain on these Mac's.
  I am trying to figure out a way to give "Suzy" access to "Suzy's Folder" and "Billy" access to "Billy's Folder", but keep them from accessing each others folders. I also need for the teacher "Frank" to have access to "Suzy's Folder" and "Billy's Folder" for grading purposes, as well as the local and domain administrator.
  Is there a way to do this?

  First make a new group, called "teachers" or something similar. Put Frank and the admin group in this new group.
  Then set up Suzy's folder like this:
  Owner: Suzy - can read and write
  Group: teachers - can read only (or can read and write if you wish)
  Others: no access
  Set up the other students' folders the same way.

• Shared Mailbox Showing Under Contacts Tab

  Hi All,
  Our environment is a Hybrid environment.
  For some time now, some of the shared mailboxes have been showing under "Contacts" Tab instead of "Shared"tab in exchange online.
  When we check these shared mailboxes in AD, it shows that they are on cloud but on portal they seem to be listed as Contacts.
  Any help getting this back on track ad getting these shared mailboxes back to working again?
  Thanks!!
  Nishant

  Hey Wroach,
  Welcome to the BlackBerry® Support Community Forums.
  To better assist you, if you go into your Contacts and select the Contact lists (the three lines in the bottom left), do these contacts show up under the contact list for the email account in question? 
  Thanks.
  -HB
  Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!

• What is the behavior of items in an Exchange Online Inactive mailbox that were under a Litigation Hold for a set period of time.

  I am specifically asking what happens to the items in an Inactive Mailbox that was placed on Litigation Hold prior to Deletion when the Litigation Hold has say a '6 mo.' Retention Period assigned.
  Do any of those items 'expire' out of the mailbox?  Do only the items in the 'Admin' folders of the Deleted Items get removed, or none?
  I am not asking about recoverability of that mailbox, more of what the behavior is specifically when the Litigation Hold is set to expire after a certain amount of time.

  There is no expiration, check the blog post here:
  http://blogs.technet.com/b/exchange/archive/2013/03/21/preserve-mailbox-data-for-ediscovery-using-inactive-mailboxes-in-exchange-online.aspx
  All content in an inactive mailbox is on hold until you remove the hold from the mailbox.

• Exchange 2010 Shared mailbox permissions gone

  In Exchange2010, I created a shared mailbox yesterday, then granted several groups and individuals "full access permissions" to the Shared mailbox.
  When I arrived at work this morning and looked at the permissions, all the permissions  I had assigned were gone, except for a single individual. 
  I re-applied the same permissions and checked them an hour later and they were gone again.  I thought it may be related to the groups, so I selected several individuals and gave them Full Access Permissions to the Shared Mailbox.  I checked
  that some time later to discover that several individuals were missing again..  
  What might cause this to happen

  Hi,
  As Willard suggested, please check if these problematic mailboxes are members of Domain Admins or Enterprise Admins. Domain Admins and Enterprise Admins are assigned the explicit Deny permissions for Send As and Receive as on the main Exchange Organization
  object in AD. If you want to grant them full access permission, you need to remove the explicit Deny permissions.
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• One shared mailbox with multiple distribution groups connected and the sent items folder - how to configure?

  Hi!
  I have been struggling for a while now with the following issue.
  For starters:
  We are using exchange 2010 in combination with outlook 2013 on client computers.
  Cause of the limitations concerning the number of mailboxes in outlook im looking for a solution to receive and reply 
  to multiple aliasses. So i did the following:
  1. Configured one shared mailbox.
  2. Configured multiple distribution groups
  3.  made the shared mailbox a member of the distribution groups
  4. Configured full access and send as permissions for myself on the shared mailbox ( testing )
  5. Gave send as permissions to the shared mailbox in Active directory. 
  6.  Logged in to OWA to setup rules for the shared mailbox.
  I now receive emails from all connected distribution groups in the shared mailbox and also in the right folder.
  I do however have to select the proper from address when i reply to an email. 
  the email sent by the main SMTP of the shared mailbox is placed into the sent folder of the shared mailbox. 
  I setup the senddelagate blabla in register.....
  When i sent an email as one of the connected distribution groups it fails to put the sent item in the sent items folder of the shared mailbox. The email is sent using the proper address but placed in the sent folder of my main account. 
  I want this emails to end up in the sent items folder of the shared mailbox. Or even better, in a sent items folder for each of the addresses. 
  Any suggestions ? 
  Thanks in advance!

  Hi,
  As what
  Rajkumar says, sending as a shared mailbox(full access permission) will put the email in the sent item of shared mailbox. But it cannot be located in the “sent item” of a distribution group. Because
  it is a distribution group instead of a enabled user mailbox.
  According to your further description, I understand that the reason why you configure that is some users reached the
  limitation about the number of Exchange accounts you can include in the same Outlook profile. Is it rights? If I misunderstand, please point it out.
  By default, user can only add 10 Exchange accounts to the same profile. You can customize the limit to the number Exchange accounts in the same profile using the following registry data:
  Key: HKEY_CURRENT_USER\software\policies\Microsoft\exchange
  DWORD: MaxNumExchange
  Value: integer value starting at 1 (default = 10 if DWORD is missing)
  http://blogs.technet.com/b/outlooking/archive/2012/12/24/clarification-on-outlook-2010-and-additional-exchange-account-supportability.aspx
  Hope it helps.
  Thanks,
  Winnie Liang
  TechNet Community Support