Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, March 8, 2017 3:49 PM
Hello,
We are running Exchange 2013 on-premise, I am trying to create a user mailbox that is read-only. I want to be able to receive messages in this mailbox while also preventing any user from being able to delete any messages in the Inbox?
Is this possible?
I know that one way to do this is to create a in-place eDiscovery hold, but this still allows a user accessing the mailbox in OWA or Outlook to delete the message.
I want to be able to prevent the user accessing the mailbox to delete messages, kind of like a read-only mailbox that can still receive new messages.
Can this be done? Anyone have any suggestions?
Thank you.
All replies (16)
Wednesday, March 8, 2017 5:04 PM ✅Answered
So probably the best option then is to create a shared mailbox, and then assign a user access to this mailbox with AccessRights being Reviewer.
The only issue here is, if the user wants to access this shared mailbox through webmail, how can they?
They wont be able to open shared mailbox unless they have Fullaccess permission
If you grant users Readpermission using (Add-mailboxpermission), they wont be able to open the mailbox via OWA as an additional mailbox
However, there is one work around
The users who need to have access to the shared mailbox > will have to map inbox folder as additional folder (Like shared folder access) in there personal mailbox. So it would be a folder to folder access. The users can add shared folders in OWA and Outlook
MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/
Wednesday, March 8, 2017 5:42 PM ✅Answered
Use add-mailboxfolderpermission
set is used to modify the existing permission
MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/
Wednesday, March 8, 2017 4:00 PM
Hi
Try this:
Set-MailboxFolderPermission –Identity <‘[email protected]:Inbox’> -User [email protected] –AccessRights Reviewer
Wednesday, March 8, 2017 4:27 PM
Hi Joerg,
Our user mailbox is "[email protected]", and the user that would be logging into the mailbox over OWA (webmail) would be "[email protected]", so would your command work in this case?
Wednesday, March 8, 2017 4:31 PM
Is that going to be a shared mailbox or a user mailbox?
MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/
Wednesday, March 8, 2017 4:32 PM
It is the users mailbox, that means the users owns it, and you cant Limit his rights. Thats by design. you can use a Workaround and assign to John.Doe the Mailbox of toni.test. Then disable that the useres get their email address from exchange address policy and assign to toni.test the smtp address of johndoe and vice versus. on the Mailbox of toni.test (with the emailaddress of John Doe) you assign the Folder permission that i mentioned in my previous post.
Wednesday, March 8, 2017 4:37 PM
It is not going to be possible. The user himself will be the owner of the mailbox. Even though you set the "NT AUTHORITY\SELF" (Using add-mailboxpermission cmd) permission to read only > It would not work as by default he is considered to be the owner
or set the top of information store permission to reviewer (Using add-mailboxfolderpermission cmd)
So I don't think this is possible
MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/
Wednesday, March 8, 2017 4:53 PM
So probably the best option then is to create a shared mailbox, and then assign a user access to this mailbox with AccessRights being Reviewer.
The only issue here is, if the user wants to access this shared mailbox through webmail, how can they?
Wednesday, March 8, 2017 4:59 PM
They can open it from webmail. Click on the user Name and a new menu opens. there you can choose: open another Mailbox.
Wednesday, March 8, 2017 5:00 PM
I am going to try this now following your original recommendations Joerg.
Wednesday, March 8, 2017 5:13 PM
I used to do this for shared mailbox in Exchange 2007, haven't tried it in Exchange 2010 recently. Though it is for shared mailbox, not for user mailbox which others explained that it has Self permission etc...
How to: Setup Read Only Mailbox in Exchange 2003/2007 - https://exchangeshare.wordpress.com/2009/07/07/how-to-setup-read-only-mailbox-in-exchange-20032007/
Amit Tank | Blog: exchangeshare.wordpress.com
Wednesday, March 8, 2017 5:38 PM
I created my shared mailbox called [email protected] and a user mailbox called [email protected].
I tried to give the user mailbox Reviewer access to the shared mailbox but it did not work, I got an error of "There is no existing permission entry found for user: [email protected]
My command was:
Set-MailboxFolderPermission -Identity [email protected] -User [email protected] -AccessRights Reviewer
Am i missing something?
I would then login to OWA and map the Inbox folder as pointed out by Akabe.
Wednesday, March 8, 2017 6:12 PM
Thanks Akabe,
The command applied this time.
Now I have a shared mailbox and a dummy test user. The test user has Reviewer rights on the "Top of Information Store" folder on the shared mailbox.
When I login to webmail, trying to open the mailbox fails as you pointed out.
I tried to add it by right clicking and selecting "Add Shared folder" and specifying the shared mailbox, it adds it to the list but I cannot access it. I get an error, You don't have permissions to perform this action.
Any ideas? I am trying to add the Inbox of the shared mailbox to the test user, who has "Reviewer" rights to the "Top of the Information Store" FolderName.
Wednesday, March 8, 2017 6:23 PM
I figured it out, I needed to specifically give permissions to Inbox as well as per these instructions: http://practical365.com/exchange-server/grant-read-access-exchange-mailbox/
This works great now, thank you guys!!
Wednesday, March 8, 2017 6:24 PM
No problem:)
shared folder permission works in a different way
1. You need to give the user on the root folder/Parent folder. In this case it would be the Top of information store
- Add-mailboxfolderpermission [email protected]:\ -user [email protected] -accessrights Reviewer
2. Then the user would need permission on the folder/sub folders inside the top of info store
Add-mailboxfolderpermission [email protected]:\Inbox -user [email protected] -accessrights Reviewer
MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/
Wednesday, March 8, 2017 6:44 PM
Great good to know.
You welcome and have a good one
MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/