Calender, Exchange

Conference Rooms, Double Bookings and Permissions

I have seen a lot of bad things done with conference rooms in Exchange. For example, making everybody an author of the room so anybody can (double) book. Or added people as send as or full mailbox permissions from within Exchange. So there are a few things I would never do

  1. Give anybody send as permissions directly through the EMC
  2. Give anybody full mailbox access through the EMC
  3. Give anybody non default settings by going the calendar permissions within outlook

So, how do you solve this

  1. By setting permissions with RBAC for conference rooms
  2. By using delegation within the conference room

To make a Resouce in Exchange and configure it for delegation and restricted access. All of this is done through PowerShell.

 

Put in a request to create the resource

  1. Create the mailbox using Powershell: enable-mailbox (username) -Database “Conference Rooms” -Room
  2. Set specific settings on the conference room

Once the mailbox has been created, you can set delegates and other settings, one of the key ones is to enable the booking attendant of the room by running the following powershell command: Set-CalendarProcessing -<resource> -ResourceDelegates “<user1@networks.com”,”<user2@networks.com>” -AutomateProcessing AutoAccept DLs cannot be used for ResourceDelegates More settings can be found at http://technet.microsoft.com/en-us/library/dd335046(v=exchg.150).aspx

To allow only certain people to book the room, this is known as in-policy and out-of-policy settings. This too also uses the powershell commandlet Set-CalendarProcessing. The default settings used for this are:

  • AllBookInPolicy: $true or $false: default is $true

    By Setting this to true allows the calendar to accept meetings from all users, by setting it to false, you need to set the value to at least one user for approval

  • AllRequestInPolicy: $false or $true: default is $false

    These requests are subject to approval by a resource mailbox delegate unless the AllBookInPolicy parameter is set to true

  • AllRequestOutOfPolicy: $true or $false: default is $false

    Out-of-policy requests are subject to approval by a resource mailbox delegate.

  • BookInPolicy: default: $null, array, for example “user1@netowrks.com”,user2@networks.com…

    Any in-policy meeting requests from these users are automatically approved

  • RequestInPolicy: default: $null, array, for example “user1@netowrks.com”,user2@networks.com…

    All in-policy meeting requests from these users are subject to approval by a resource mailbox delegate

  • RequestOutOfPolicy: default: $null, array, for example “user1@netowrks.com”,user2@networks.com…

    Out-of-policy requests are subject to approval by a resource mailbox delegate.

  • ProcessExternalMeetingMessages: $true or $false: default is $false.

    Setting to true allows the meeting room to accept meetings form people outside of the organizationto

 

What you SHOULD NEVER EVER DO with a calendar, doing so may allow double bookings to happen

  • Use the Exchange tool to grant full mailbox or send as permissions for a resource
  • Manually grant or deny permissions through outlook to a conference room. This is done by opening the calendar of the resource, right clicking and going to proprieties and permissions tab.

Default permissions for a calendar, you can get the permissions by running the following PowerShell command: get-mailboxfolderpermmision <username>:\calendar.

  • FolderName : Calendar
  • User : Default
  • AccessRights : {AvailabilityOnly}
  • Identity : Default

User : Anonymous

  • AccessRights : {None}
  • Identity : Anonymous

You can reset the permissions by doing the following

The following command will remove all but default and anonymous: Get-MailboxFolderPermission <room>:\calendar | where {($_.user -notlike “Default”) -and ($_.user -notlike “anonymous”)} | %{Remove-MailboxFolderPermission -User $_.user -Identity <room> }

Reset the default permissions running set-mailboxfolderpermission <username>:\calendar -user Default -AccessRights AvailabilityOnly and run it a second time but replace Default with Anonymous and the permission $null

To Remove full mailbox access, this is actually easier to do this through the GUI since there are a lot of permissions, however you can get a list by running the following command: Get-ADPermission “<display name of room>” | select User,accessRights| where {$_.AccessRights -like “GenericAll”}

They can then be removed by running the following command: remove-ADPermission “<display name of room>” -User “<username>” -AccessRights GenericAll

8 thoughts on “Conference Rooms, Double Bookings and Permissions

  1. Cialis 45 Ans Baclofene Deces Propecia Verschreiben Lassen [url=http://cialibuy.com]cialis canada[/url] Prezzo Di Cialis 5 Mg Alternativa A Viagra Propecia Finasteride Problems

  2. Zithromax Abdominal Cramps On Sale Fedex Shipping Provera Discount Legally Free Shipping [url=http://cialibuy.com]cialis 20mg for sale[/url] Kamagra Tablets Online Viagra Online Kaufen

  3. Whats Amoxicillin Clavulanate Comprar Levitra Generico 30mg Le Priligy Generique [url=http://sildenaf100mg.com]viagra[/url] Viagra Cheapest 100mg Soft Super Kamagra Einnahme

Leave a Reply

Your email address will not be published. Required fields are marked *