Microsoft Exchange Server 2010 : Managing Public Folder Settings (part 1) - Setting Client Permissions

6/18/2014 4:20:42 AM

You should actively manage public folders. If you don't, you won't get optimal performance, and users might encounter problems when reading from or posting to the folders. Each folder in a public folder tree has its own settings, and each time a folder is created, you should review and modify the following settings:

Replication, messaging limits, deleted item retention, and quotas
Client and Send As permissions

You might also want to designate folder administrators and propagate the changes you've made.Don't forget that in the Public Folder Management Console you can view or set a public folder's e-mail–related properties by using the related Properties dialog box. As discussed previously in the "Mail-Enabling Public Folders" section, the related procedures are similar to those for mailbox users.

Controlling Folder Replication, Messaging Limits, Quotas, and Deleted Item Retention

Public folders inherit the replication, messaging limit, quota, and deleted item retention settings of the public folder database. The best way to control these settings for public folders is to set the appropriate options for the entire public folder database rather than for individual public folders. That said, the Exchange Management Shell includes the Set-PublicFolder cmdlet for configuring these options for individual public folders.

Example 1 provides the syntax and usage for this cmdlet. To override database settings for replication, messaging limits, quota, deleted item retention settings, or any combination thereof, you must first set the related "Use" parameter to $false as shown in the first usage example, and then set any desired default values as shown in the second usage example.

Example 1. Using Set-PublicFolder to set limits

Syntax

Set-PublicFolder -Identity PublicFolderIdentity
[-AgeLimit LimitKB] [-DomainController DCName]
[-LocalReplicaAgeLimit Limit]
[-HiddenFromAddressListsEnabled <$true|$false>]
[-IssueWarningQuota Limit]


[-LocalReplicaAgeLimit TimeSpan]
[-MaxItemSize Limit]
[-Name Name]
[-PerUserReadStateEnabled <$true|$false>]
[-ProhibitPostQuota Limit]
[-Replicas DatabaseID1, DatabaseID2, ...]
[-ReplicationSchedule Schedule]
[-RetainDeletedItemsFor NumberDays]
[-Server Server]
[-UseDatabaseAgeDefaults <$true|$false>]
[-UseDatabaseQuotaDefaults <$true|$false>]
[-UseDatabaseReplicationSchedule <$true|$false>]
[-UseDatabaseRetentionDefaults <$true|$false>]


Usage

Set-PublicFolder -Identity "\Projects"
 -UseDatabaseRetentionDefaults $false

Set-PublicFolder -Identity "\Projects"
 -RetainDeletedItemsFor 120

You can also configure these values using the Public Folder Management Console. When you display a public folder's Properties dialog box by double-clicking the public folder in the console's main pane, you can use the options on the Replication and Limits tabs to set related values. To override default settings for the related public folder database, use the following techniques:

On the Replication tab, clear the Use Public Folder Database Replication Schedule check box and then specify the replication schedule.
On the Limits tab, clear the Use Database Quota Defaults check box and then specify quota values.
On the Limits tab, clear the Use Database Retention Defaults check box and then set the retention value.
On the Limits tab, clear the Use Database Age Defaults check box and then set the age limit for replicas.

You can restore the default settings for the related public folder database simply by selecting the related check box or check boxes on the Replication tab, the Limits tab, or both. The default setting on the Replication tab is to use the public folder replication schedule. The default settings on the Limits tab are to use database quota defaults, database retention defaults, and database age defaults.

Setting Client Permissions

You use client permissions to specify which users can access a particular public folder. By default, all users (except those accessing the folder anonymously over the Web) have permission to access the folder, read items in the folder, create items in the folder, and edit and delete items they've created. Anyone accessing the folder anonymously can create items but has no other permissions for viewing or editing items.

To change permissions for anonymous and authenticated users, you need to set a new permission level for the special users Anonymous and Default, respectively. Initially, anonymous users have the role of Contributor and authenticated users have the role of Author. These and other client-permission levels are defined as follows:

Owner Grants all permissions in the folder. Users with this role can create, read, modify, and delete all items in the folder. They can create subfolders and change permissions on folders as well.
Publishing Editor Grants permission to create, read, modify, and delete all items in the folder. Users with this role can create subfolders as well.
Editor Grants permission to create, read, modify, and delete all items in the folder.
Publishing Author Grants permission to create and read items in the folder, to modify and delete items the user created, and to create subfolders.
Author Grants permission to create and read items in the folder, as well as to modify and delete items that the user created.
Nonediting Author Grants permission to create and read items in the folder.
Reviewer Grants read-only permission.
Contributor Grants permission to create items but not to view the contents of the folder.
None Grants no permission in the folder.

To set new roles for users or to modify existing client permissions, complete the following steps:

Start Outlook. If the Folder list isn't displayed, click Go, and then select Folder List.
Expand Public Folders in the Folder list, and then expand All Public Folders.
Right-click the folder with which you want to work, and then select Properties.
On the Permissions tab (shown in Figure 1), the Name and Permission Level lists display account names and their permissions on the folder. If you want to grant users permissions that are different from the default permission, click Add.
In the Add Users dialog box, select the name of a user who needs access to the mailbox. Then click Add to put the name in the Add Users list. Repeat this step as necessary for other users. Click OK when you're finished.
In the Name and Permission Level lists, select one or more users whose permissions you want to modify. Then use the Permission Level list to assign a role or select individual permission items. When you're finished granting permissions, click OK.

Figure 1. Use the Permissions tab to set permissions and assign roles for users. The role controls the actions the user can perform.

In the Exchange Management Shell, you can work with permissions using the Get-PublicFolderClientPermission, Add-PublicFolderClientPermission, and Remove-PublicFolderClientPermission cmdlets. Samples Example 2 through Example 4 provide the syntax and usage for these cmdlets. Values for the –AccessRights parameter can be set to the name of the permission level you want. Specify the exact name, as listed previously, without spaces. If you want to create modified permission levels, you can add or remove individual access rights. Use the names exactly as shown on the Permissions tab, without spaces.

Example 2. Get-PublicFolderClientPermission syntax and usage

Syntax

Get-PublicFolderClientPermission -Identity PublicFolderIdentity
 [-Server Server]
 [-User UserIdentity]


Usage

Get-PublicFolderClientPermission -Identity "\Projects"
 -User "William Stanek"

Example 3. Add-PublicFolderClientPermission syntax and usage

Syntax

Add-PublicFolderClientPermission -Identity PublicFolderIdentity
 -AccessRights PermLevelOrAccessRight
 -User UserIdentity
 [-DomainController DCName] [-Server Server]


Usage

Add-PublicFolderClientPermission -Identity "\Projects"
 -AccessRights "PublishingEditor"
 -User "William Stanek"

Add-PublicFolderClientPermission -Identity "\Projects"
 -AccessRights "CreateItems"
 -User "JimWilson"

Example 4. Remove-PublicFolderClientPermission syntax and usage

Syntax

Remove-PublicFolderClientPermission -Identity PublicFolderIdentity
 -AccessRights PermLevelOrAccessRight
 -User UserIdentity
 [-DomainController DCName] [-Server Server]


Usage

Remove-PublicFolderClientPermission -Identity "\Projects"
 -AccessRights "PublishingEditor"
 -User "William Stanek"

Remove-PublicFolderClientPermission -Identity "\Projects"
 -AccessRights "CreateItems"
 -User "Jim Wilson"

Microsoft Exchange Server 2010 : Managing Public Folder Settings (part 3) - Manipulating, Renaming, and Recovering Public Folders

Microsoft Exchange Server 2010 : Managing Public Folder Settings (part 2) - Granting and Revoking Send As Permissions for Public Folders, Propagating Public Folder Settings and Data

Other

Microsoft Exchange Server 2010 : Creating and Working with Public Folders (part 3) - Adding Items to Public Folders Using Outlook

Microsoft Exchange Server 2010 : Creating and Working with Public Folders (part 2) - Determining Public Folder Size, Item Count, and Last Access Time

Microsoft Exchange Server 2010 : Creating and Working with Public Folders (part 1)

Microsoft Exchange Server 2010 : Accessing Public Folders Through the Information Store

Portable Scanner MagicScan T4E Review

Life Logging - Is It Worth The Effort? (Part 6)

Life Logging - Is It Worth The Effort? (Part 5)

Life Logging - Is It Worth The Effort? (Part 4)

Life Logging - Is It Worth The Effort? (Part 3)

Life Logging - Is It Worth The Effort? (Part 2)