Deny public folder access from Active Directory

Hi,

I have a situation where I have various user accounts that share one
mailbox. One master user account is created that has an e-mail account
and other users users are created that do not have an e-mail account
but have permissions to access the master user account mailbox. This
works fine but seems to have one problem. When I try to deny access to
public folders, I can only choose users from the address list to deny
access. Obviously these secondary users do not have an address in the
list and I cannot therefore choose them to deny access. I have created
a group within AD and set deny permissions on the properties of the
public folders for that group in exchange but to no avail.
Server 2003 and Exchange 2003

Any ideas? regards Mark

0
kazmarski (4)
12/14/2004 12:36:16 PM
exchange.admin 57650 articles. 1 followers. Follow

7 Replies
390 Views

Similar Articles

[PageSpeed] 18

On 14 Dec 2004 04:36:16 -0800, "Kaz" <kazmarski@hotmail.com> wrote:

>Hi,
>
>I have a situation where I have various user accounts that share one
>mailbox. One master user account is created that has an e-mail account
>and other users users are created that do not have an e-mail account
>but have permissions to access the master user account mailbox. This
>works fine but seems to have one problem. When I try to deny access to
>public folders, I can only choose users from the address list to deny
>access. Obviously these secondary users do not have an address in the
>list and I cannot therefore choose them to deny access. I have created
>a group within AD and set deny permissions on the properties of the
>public folders for that group in exchange but to no avail.
>Server 2003 and Exchange 2003
>
>Any ideas? regards Mark

Taking it back a step, why have you got multiple users logging onto
one mailbox using their own accounts?
If you connect User A to Mailbox A then their permissions are those
applied to User A. If they then open Mailbox B they will be allowed
access to Mailbox B but not the resources (public folders in your
case) that Mailbox B is entitled to.
I'd take a moment to review what you're doing with your environment.
0
mark7219 (5666)
12/14/2004 1:08:19 PM
We run childrens homes in a terminal services environment. there are
many users at the home that need to acces resources that are primarily
one account. ie I map My Documents to a shared folder so when users log
on, in their My Documents they can all see the same resources and see
any changes/additions that are made. They also need to see all e-mails
that are going through that one account. Therefore, I have made
accounts in the format of userA, userB, userC etc. When thay log on
with their user name, they can all see the same info and have acces to
one e-mail account which is userA. it all works well apart from the
permissions for public folders for userb, userC etc
Does that help?
Mark

0
kazmarski (4)
12/14/2004 1:40:07 PM
On 14 Dec 2004 05:40:07 -0800, "Kaz" <kazmarski@hotmail.com> wrote:

>We run childrens homes in a terminal services environment. there are
>many users at the home that need to acces resources that are primarily
>one account. ie I map My Documents to a shared folder so when users log
>on, in their My Documents they can all see the same resources and see
>any changes/additions that are made. They also need to see all e-mails
>that are going through that one account. Therefore, I have made
>accounts in the format of userA, userB, userC etc. When thay log on
>with their user name, they can all see the same info and have acces to
>one e-mail account which is userA. it all works well apart from the
>permissions for public folders for userb, userC etc
>Does that help?
>Mark

So then UserA logs onto a session and connects to the common mailbox
by entering the mailbox credentials again (or similar method with
saved passwords etc.) You are therefore connecting to Exchange purely
as the common mailbox and have no way of saying that a connection from
session x using account and password y isn't actually user z so
shouldn't actually be granted access to the public folder, even though
the permissions for the account grant it.
You will indeed need to look at what you're doing with mail accounts.
0
mark7219 (5666)
12/14/2004 2:22:27 PM
Thanks for the reply Mark, but I think you are overcomplicating things,
let me try and explain it again.

UserA has an AD account and has a mail account in exchange. A standard
mail account nothing special created when UserA account was created.
UserB, UserC has no e-mail account, but has permission to access UserA
exchange account mailbox. UserB, UserC has their Outlook configured
just as usual but the mailbox is UserA. Everything is just normal.

I have public folders for various things which I want to hide from
certain users, but I cannot choose to hide these from UserA or UserB
because they are not in the exchange distribution list. Hence, can I
deny access from AD as they are in AD.

Regards

Mark

0
kazmarski (4)
12/14/2004 2:51:45 PM
On 14 Dec 2004 06:51:45 -0800, "Kaz" <kazmarski@hotmail.com> wrote:

>Thanks for the reply Mark, but I think you are overcomplicating things,
>let me try and explain it again.
>
>UserA has an AD account and has a mail account in exchange. A standard
>mail account nothing special created when UserA account was created.
>UserB, UserC has no e-mail account, but has permission to access UserA
>exchange account mailbox. UserB, UserC has their Outlook configured
>just as usual but the mailbox is UserA. Everything is just normal.

I'd got that.
>
>I have public folders for various things which I want to hide from
>certain users, but I cannot choose to hide these from UserA or UserB
>because they are not in the exchange distribution list. Hence, can I
>deny access from AD as they are in AD.

Permissions for client access to public folders can only be assigned
to the account you are using via MAPI. User B and C are using the
credentials for User A to access the public folders so you are stuck
at that point.
>
>Regards
>
>Mark

0
mark7219 (5666)
12/14/2004 3:43:01 PM
In other words, when assigning permissions to Public Folders, you can only 
choose items from the GAL.  Does that make more sense?  Basically, in your 
situation, you would have to mail-enable the other user accounts, then you 
could assign them permissions to the PF's.

-- 
Ben Winzenz
Exchange MVP


"Mark Arnold [MVP]" <mark@mvps.org> wrote in message 
news:692ur0lj4k00di8c8oqi2mopf79mrkcjof@4ax.com...
> On 14 Dec 2004 06:51:45 -0800, "Kaz" <kazmarski@hotmail.com> wrote:
>
>>Thanks for the reply Mark, but I think you are overcomplicating things,
>>let me try and explain it again.
>>
>>UserA has an AD account and has a mail account in exchange. A standard
>>mail account nothing special created when UserA account was created.
>>UserB, UserC has no e-mail account, but has permission to access UserA
>>exchange account mailbox. UserB, UserC has their Outlook configured
>>just as usual but the mailbox is UserA. Everything is just normal.
>
> I'd got that.
>>
>>I have public folders for various things which I want to hide from
>>certain users, but I cannot choose to hide these from UserA or UserB
>>because they are not in the exchange distribution list. Hence, can I
>>deny access from AD as they are in AD.
>
> Permissions for client access to public folders can only be assigned
> to the account you are using via MAPI. User B and C are using the
> credentials for User A to access the public folders so you are stuck
> at that point.
>>
>>Regards
>>
>>Mark
> 


0
Ben
12/14/2004 3:51:19 PM
Thanks for all that. I had hoped there would be another option.
Thanks again
Mark

0
kazmarski (4)
12/15/2004 9:56:51 AM
Reply:

Similar Artilces:

Exch.2003 Public Folder Replication
I am seeting the following events on my Exchange 2003 servers. They are running on Veritas Cluster 4.1. I have looked up every KB article that references these errors and none of them have provided a solution. I am completely stuck... Event Type: Information Event Source: MSExchangeTransport Event Category: Categorizer Event ID: 9013 Date: 8/20/2004 Time: 11:36:28 AM User: N/A Computer: EAHQ-MB6 Description: A message from 'smtp:PublicFolderStoreEAHQ- MB4@ea.com' could not be delivered because the sender ...

browse for folder code
I am using this code to browse for a folder (just folders no files) in Access 2007. It works great, I just want one extra feature: - to supply a starting folder I found one example on stephen lebans site http://www.lebans.com/callbackbrowser.htm but it required the code to exist in the code behind the form. I use this on about 10 forms so would prefer something that I could place in just one module. Does anyone have a better solution? Thanks in advance, Mark -------------------------------- Option Compare Database Option Explicit Private Type BROWSEINFO hOwner As Long...

Merging mail folders?
I just got a new computer and I imported mail from Eudora, which established my personal folders. Then, I set up my account to recieve mail, but it created a new root directory and a new inbox. Now all the new mail I get goes to this new directory. How can I merge the two, or at least assure all new mail goes to the main inbox? Is the mail account on an LDAP server? "Carlito" <Carlito@discussions.microsoft.com> wrote in message news:DA068FB8-5877-49DC-B878-00DDF307BA3E@microsoft.com... >I just got a new computer and I imported mail from Eudora, which >establish...

relay denied
i am continuing to get delivery failure notices that state "Relaying denied. IP name lookup failed" i can't send emails to anyone. is there a quick fix to this? Where ever you're sending mail from does not allow relaying. Are you at work or some other location trying to use your personal email account maybe? CT >-----Original Message----- >i am continuing to get delivery failure notices that >state "Relaying denied. IP name lookup failed" > >i can't send emails to anyone. is there a quick fix to >this? >. > The IP Lookup...

public database wont remount after restore
I have restored our server at work, all went well but the exchange server. After I restore the data to the public database file, it will not remount. I have not yet done the private folder as I don't want to get both stuck unmounted. Any Ideas?? Hi, "Slim" <i@i.com> schrieb im Newsbeitrag news:O9yPRNI$EHA.1400@TK2MSFTNGP11.phx.gbl... >I have restored our server at work, all went well but the exchange server. > After I restore the data to the public database file, it will not remount. > > I have not yet done the private folder as I don't want to get bo...

Error Accessing SQL DATA #2
When editing a return invoice, I am getting "Error Accessing SQL DATA" It apears that the edited data is being posted but the error is still being presented. What can be causing this? ...

Moving Emails to a Public Folder
Hi, I have Exchange 2003 automatically forwarding anything sent to several email addresses to one public folder. The problem is that these items appear in the public folder with the "Posted To:" field, but not the "To:" field, so we don't know which email address it was sent to (without looking in the headers). When you reply, the original email in the body still only references the public folder "Posted To:" field, and not the email address it was originally sent to. Is there a way to change this behavior so the "To:" field is displayed? If not,...

Connecting Access to SQL
Hi everyone, I have a question about connecting access front end to SQL back end. Has anyone done that? Is it efficent? If it is efficent and does it help me with access issue with WAN (wide area network)? Thank you very much. Igor It is very common. It can be made efficient. It does not work very well over a WAN. Get Mary Chipman's book. -- Joe Fallon Access MVP "Igor" <anonymous@discussions.microsoft.com> wrote in message news:11d8201c3f62e$01b8c280$a301280a@phx.gbl... > Hi everyone, > I have a question about connecting access front end to SQL > back en...

access to disabled user mailbox
we have a disabled user.Our new manager want to access this disbled user's mailbox. I tried different way to access his mailbox but no lucky. Could anybody help me. 1. enabled user acount, use exmerge to extract mail from his mailbox. failed. 2 .try to open his mailbox in outlook, failed. error is : the information store can not be opened. 3. reset his password, try to OWA to his mailbox, failed, no error, server doesn't accept that user name and password. Thanks a lot. once you re-enable the account, that can take some time to take effect... -- Susan Conkey [MVP] "st...

Access Violation (MFC42D.DLL)
Hi. I got some working source from another computer, but when i run it on mine, i get this runtime error: Unhandled exception in xxx.exe (MFC42D.DLL): 0xC0000005: Access Violation. Could anyone tell me what that means? thanks a lot Oliver ...

Generating CAD dwgs from Access
Hello, Weak in AutoCad, zero experience w/ SQL, and a beginner with VB. I'm hoping to generate CAD drawings from Access using VB. Here's what I'm trying to achieve between Access (2003) & AutoCad (2008). 1. Open a "Loop Diagram" form in Access. Loop# filter is initialized as blank. 2. Select & filter 1 or more loop#s via the form. 3. Each loop# involves 1 or more records. Each record would have a tag, junction box#, template ID, cable#s, etc. 4. The form has both "Create Current Loop" and "Create All Loops" buttons. The former...

Can I deny SMTP to a group or user?
Hi, I need to know if there is a way to deny SMTP sending of email to group or individual user, while still allowing them to receive external email and internal email. My client only wants to stop them sending external mail for security reasons. I have thought about a POP3 solution, but if I can keep all in Exchange it would be better. Hope you can help, Terry - Bucket On Thu, 16 Jun 2005 10:59:05 -0700, Bucket <Bucket@discussions.microsoft.com> wrote: >Hi, I need to know if there is a way to deny SMTP sending of email to group >or individual user, while still allowing th...

Help with Web view of Folders.....
Hi: I'd like to allow others to view one of my mail folders. I know how to share the folder. The problem is if I allow other to share/view the folder, when they look at an email it may (depending on their settings) show up as read in my folder. I use read/unread as a way of keeping track of things that I have to act on so I don't want others to change the read status. I was thinking that if I allowed 'read only' access to a folder, emails wouldn't show up as read but that doesn't appear to work (unless I"m doing something wrong). I'm wondering if l...

transferring folders
I have finnally bit the bullet and set up wlm on my desktopand as of now I might reverse that decision. I was using bell mail and i had at least 10 individual folders that i sent saved files to. my question is how do I transferr those files to wlm if I set up the names of the people folders. Regards, -- mrhlee What do you mean by "bell mail"? We need to know how you accessed your email before... by webmail, using Outlook Express, etc. -- Dave N. MS-MVP (Mail) Windows 7 Ultimate http://download.live.com/wlmail "fshngmgc" <fshngmgc@discussi...

Setting rules and alerts to run automatically on Spam folder?
I am attempting to undo a filter error that places valid email into the Spam folder. If I manually run the Rules and Alerts in the Spam folder, it will move the "spam" messages back to the Inbox. Is there a way to make the rule automatically run from a folder other than the Inbox? Hi Stu, [....] > Is there a way to make the rule automatically run from a folder other > than the Inbox? No. You could use another SpamFilter program (not Outlook spam filters) with more functions or have at first a look on this site for some further information about the Outlook Junk filte...

OWA Question
We use Public Folders on our exchange server in order to have a central place to post info like programs, pricelists, telephone lists, etc. We have some external users who wish to use Outlook Web Access (OWA) in order to be able to view their mail. Because they're not in the USA, dialup is not an option for them. Because they're satellite connected, they cannot use VPN. The problem with it that we've seen is Public Folders (and forms), which are really 2 problems. First: The folders display fine. The contents of them, the dates, etc. show up exactly like they should. The it...

Access application on clients without Access
Hi. I have an application made in Access 2003. Now one of my clients are migrating from Office 2003 to Office 2007, and they can not afford to buy Office versions with Access included to all the users. I know it's possible to publish "thin" Access application files, but I'm not sure how I do it. From Access 2003, I need to publish "thin" Access application files that will work on clients running Office 2007. Ant hints or links to resources appreciated. Kind regards Mr. Smith Try this one from Microsoft: http://www.microsoft.com/downloads/details.aspx...

access to http://servername/help/default.aspx is denied: HTTP Error 401.2
On the productive CRM installation the help button on top right of each form, does not show the requested help, but an error message, that access is denied. http://servername/help/default.aspx HTTP Error 401.2 - Unauthorized: Access is denied CRM Server is installed on 64-bit Windows server 2008 R2. For the rest there are no access denied errors on the crm itself. On our development installation on a 32-bit windows server 2003 there is no such problem. Who can give me a hint? Patrik Vogel Is the "Help" Virtual Directory under the CRM website using CRMAppPool? how about...

Access denied
I am constantly getting the 'access denied' message when trying to access a folder. I have tried to add to the 'send to' folder but it will not let me in! Is there any way of turning off ALL such restrictions - I am the only user of the computer - I do not need all this so-called protection! Many thanks -- D Smith On 7/8/2010 4:17 AM, D wrote: > I am constantly getting the 'access denied' message when trying to access a > folder. > I have tried to add to the 'send to' folder but it will not let me in! > Is there any way of turning o...

mail enable public folder programmatically (scripting)
I'm trying to find a way of mail enabling public folders (on an exchange 2003 tree) with a script. Is there someone who has experience with this. So far I have only heard that it should be possible (even with LDAP) from Microsoft, but I have not found any indication on how to do this. I have tried browsing the public folder tree with LDAP but don't see public folders until I have mail enabled them. Thanks for your time... Osgiliath wrote: > *I'm trying to find a way of mail enabling public folders (on an > exchange 2003 > tree) with a script. Is there someone who h...

Problem with a Public Store.
Hi all, We have a pub1.edb file but we don�t have pub1.stm file and we want to export the data from pub1.edb to a .pst file, how can we do it ?. Thanks a lot in advance. only way to do this really is via Outlook...File, Import/Export, export to a pst file...you can do top-level folders, and include subfolders... -- Susan Conkey [MVP] "Charlie" <sistemas@aspro-ocio.es> wrote in message news:ei0gaU17FHA.1140@tk2msftngp13.phx.gbl... > Hi all, > > We have a pub1.edb file but we don�t have pub1.stm file and we want to > export the data from pub1.edb to a .ps...

Sync Problem and Folders now missing
I have a user that is now missing folders and the only issue that I have seen is a Sync Issue: 9:11:02 Terminated in error 9:11:02 [80040119-100A0103-0-610] 9:11:02 Microsoft Office Outlook Offline Folders 9:11:02 For more information on this failure, click the URL below: 9:11:02 http://www.microsoft.com/support/prodredirect/outlook2000_us.asp?err=80040119-100a0103-0-610 9:11:02 Microsoft Exchange offline address book Any suggestions, the link is not helpful. I'm having the same issue/error message, though I'm not currently aware of any missing folders. In addition to th...

Public Folder Replication problem #5
2000AD wi 2000 EXCH (latest SP). I just installed Exchange 2K3 to migrate from 2K. Tried replicating the public folder, but nothing on the new server. Follwed the instructions on MS to perform the replication, and setting up the replication for the folders. Problem is, is that the replication messages are being sent to the new exchange, but they are not being rec'd, they are being queued on the old server. I've checked the message tracking, and event viewer, but nothing rec'd on the new server. Then I checked the Routing group connector, and it's using an ISP smart host...

open Switchboard from after validating user access level
In my tblEmpID, I have created field EmpID,EmpPassword,EmpRole. Once login form verifies the user by checking EmpId and password, I want to check that if EmpRole = AdminLevel then open “Switchboard” or else open “frmTrackingV2” I was trying to write a code for this condition but not having success so far. Here is my code for Login form which works fine(thanks to Access forum) Private Sub cmdLogin_Click() On Error GoTo Err_cmdLogin_Click Dim rs As DAO.Recordset ‘Dim rs1 As DAO.Recordset Dim strUser As String Dim strPassword As String txtUserNm.SetFocus strUser = txtUserNm txt...

Access Denied on .pst
I've ran into a bit of a problem this morning on a .pst file of mine. The user accesses the .pst from another computer since the .pst file is on the server. When I attempt to add the .pst file for the delivery location, I get access is denied. When I go to the server (under administrator) and right click the file and go to security settings, I get access is denied. I'm also being told it's read only when I run scanpst.exe. Even the icon on the file is messed up. Is the pst file corrupt? any thoughts? Thanks, Angela It's very possible that the file is corrupt; storing...