Restricting access on Exchange folders

[Leehaa]

We have a user who needs access to one of the email folders on our exchange server.
He also needs to be able to share his calendar with users on our domain.

He is external to the company and, should literally just be able to access the one folder, be blocked from all public folders.
Also, he has a MAC.

We figure that the best way would be to create him an internet email account on our exchange server (please tell if you can think of any other set-up) so that he can login to that and access the relevant folder...

What I'm not sure of is how to lock it down so that he is only able to view the relevant folder, and none of the others in the public folders (which I think all people need full access to by default)

Anyone got any ideas? Would it by some kind of GPO in AD, or would it be more simple than that?

He he...I know what exam I'm going to be studying for next, rather than 290!

Thanks in advance!

[kevicho]

Quote:

Originally Posted by Leehaa

We have a user who needs access to one of the email folders on our exchange server.
He also needs to be able to share his calendar with users on our domain.

He is external to the company and, should literally just be able to access the one folder, be blocked from all public folders.
Also, he has a MAC.

We figure that the best way would be to create him an internet email account on our exchange server (please tell if you can think of any other set-up) so that he can login to that and access the relevant folder...

What I'm not sure of is how to lock it down so that he is only able to view the relevant folder, and none of the others in the public folders (which I think all people need full access to by default)

Anyone got any ideas? Would it by some kind of GPO in AD, or would it be more simple than that?

He he...I know what exam I'm going to be studying for next, rather than 290!

Thanks in advance!

His access is via OWA (outlook web access) id imagine.

The public folders should just be a case of checking the permissions, the 2 to look for are default and anonymous.
If they are set correctly (ie the "folder visible" box unticked) then he would need to be specifically added for him to view and then on to amending/deleting stuff.

The calender thing, 2 things you could do, one open his account in outlook (as the main account, not a subfulder in someone elses account), and go into tools, options, delegates, then add the relevant people to what is needed, they in turn use the file - open other users folder to view it.

Or you could create him a public calender for him, then set permissions as appropriate.

Remember you can do all this in a normal outlook profile before trying it in OWA.

I personally would just get someone to forward all relevant emails to him, much easier for me and my department ;)

[Leehaa]

Quote:

Originally Posted by kevicho

His access is via OWA (outlook web access) id imagine

Yes - sorry!

Quote:

Originally Posted by kevicho

The public folders should just be a case of checking the permissions, the 2 to look for are default and anonymous.
If they are set correctly (ie the "folder visible" box unticked) then he would need to be specifically added for him to view and then on to amending/deleting stuff

This is where it gets complicated - they are all visible as standard. For specific reasons ...i'm not sure the exact reasons (first week in the job), it needs to be left that all folders are visible (in terms of default and annonymous), but then access is restricted as appropriate...

(Just edited that - hope it makes a bit more sense!)

[NightWalker]

Quote:

Originally Posted by Leehaa

Yes - sorry!



This is where it gets complicated - they are all visible as standard. For specific reasons ...i'm not sure the exact reasons (first week in the job), it needs to be left that all folders are visible (in terms of default and annonymous), but then access is restricted as appropriate...

(Just edited that - hope it makes a bit more sense!)

You could make a replica of the public folder on another exchange server (in another routing group) and set the permissions for him on that replica, locking it all down and leave the original copy and permissions intact for internal users to use.

[Leehaa]

Quote:

Originally Posted by NightWalker

You could make a replica of the public folder on another exchange server (in another routing group) and set the permissions for him on that replica, locking it all down and leave the original copy and permissions intact for internal users to use.

Good idea thanks! Quite a lot to do for just one person, but having done a bit of research i'm not sure how else to get around it...

[NightWalker]

Quote:

Originally Posted by Leehaa

Good idea thanks! Quite a lot to do for just one person, but having done a bit of research i'm not sure how else to get around it...

Is the folder content static? if it is you could make a folder in the guys mailbox and copy in the data.

[Leehaa]

Quote:

Originally Posted by NightWalker

Is the folder content static? if it is you could make a folder in the guys mailbox and copy in the data.

Unfortunately not. Shared between 3 or 4 people with a lot of data being moved around...

[nugget]

If you're using public folders I take it you have Exchange 2003?

I don't know anything about 2003 but a little about 2007.

The way I'd do it is to create another group in AD and put him in it. Give his public folder the appropriate access permissions through this new group, and then add his group to all the other folders with deny permissions.

This is of course quite a lot of work if you have a lot of users with public folders, but you might be able to script it.