Master Exchange 2007

powershell, automation & more…

Managing Public Folder Client Access Permissions – Exchange 2007 MSH / EMC (Exchange Management Shell)

Posted by shauncroucher on September 6, 2009


There are a number of ways to add permissions to public folders using the MSH (Exchange Management Shell).

Some of the common and useful commands for client permissions are as follows:

Add-PublicFolderClientPermissions -Identity <PublicFolder> -User “Username” -AccessRights <Right>

The rights for public folders can be explicit rights such as “ReadItems” or “CreateItems” or ‘roles’ such as Owner, Contributor etc, which have a set of rights.

Add-PublicFolderClientPermission -Identity “Company Contacts” -AccessRights PublishingEditor -User Steve

This will add the PublishingEditor ‘role’ to Steve, so he is able to create and delete all items that he creates, and can delete all content items regardless of ownership (but cannot delete folders he does not own). He cannot change permissions on folders that he has not created.

There is also a Remove-PublicFolderClientPermissions that will remove any permissions you wish in the same manner as above.

This is fine on a folder by folder basis but what if we want to give permissions to All users or permissions for a specific user but recursively for a whole bunch of public folders. Well, that is where the AddUsersToPFRecursive.ps1 script comes in!

So, with this we specify the -TopPublicFolder and specify the username and we can add the specified rights recursivley to all public folders beneath. Useful if want the same permission structure on all public folders.

**    Note, if the Top level PF has a space, you must place the name in ‘ ‘ inside the ” “. So -TopPublicFolder “‘\My Computer'”    **

**    Note, that you need to put the \ at the beginning of the path to represent the beginning of the public folder structure     **

AddUsersToPFRecursive.ps1 -TopPublicFolder “MyCompany” -User “Steve” -Permission “PublishingEditor”

AddUsersToPFRecursive.ps1 -TopPublicFolder “MyCompany” -User “Default” -Permission “PublishingEditor” (the Default user permissions apply to all users that are not explicitly defined)

AddUsersToPFRecursive.ps1 -TopPublicFolder “MyCompany” -User “Default” -Permission “None” (the Default user permissions apply to all users that are not explicitly defined)

AddUsersToPFRecursive.ps1 -TopPublicFolder “MyCompany” -User “Mr.ManagingDirector” -Permission “Owner”

There are a number of other scripts with similar recursive powers, the names are pretty self explanatory, but review in more detail by following links below.

ReplaceUserWithUserOnPFRecursive.ps1
ReplaceUserPermissionOnPFRecursive.ps1
RemoveUserFromPFRecursive.ps1

http://technet.microsoft.com/en-us/library/bb310789.aspx – Configuring Public Folder Permissions
http://technet.microsoft.com/en-us/library/aa998834.aspx – How to Add Permissions for Client Users to Access Public Folder Content
http://technet.microsoft.com/en-us/library/aa997966.aspx – Scripts for Managing Public Folders in the Exchange Management Shell

Shaun

Advertisements

3 Responses to “Managing Public Folder Client Access Permissions – Exchange 2007 MSH / EMC (Exchange Management Shell)”

  1. Andy said

    As the public folder I’m changing the perms on has a space I needed to use
    “‘\My Company'”
    For some reason it didn’t work with out the \

    • shauncroucher said

      Hi Andy,

      Thanks very much for visiting my blog,

      I have updated the article to include these findings, I managed to replicate the behaviour you describe in my lab!

      Shaun

  2. Patrick said

    Very good article. The only thing is that on line 3, there is an “s” at the end that doesn’t belong.

    Add-PublicFolderClientPermissions

    should just be:

    Add-PublicFolderClientPermission

    I was confused since line 5 doesn’t have the “s” at the end.

    Great article, though!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: