I have seen a lot of bad things done with conference rooms in Exchange. For example, making everybody an author of the room so anybody can (double) book. Or added people as send as or full mailbox permissions from within Exchange. So there are a few things I would never do
- Give anybody send as permissions directly through the EMC
- Give anybody full mailbox access through the EMC
- Give anybody non default settings by going the calendar permissions within outlook
So, how do you solve this
- By setting permissions with RBAC for conference rooms
- By using delegation within the conference room
To make a Resouce in Exchange and configure it for delegation and restricted access. All of this is done through PowerShell.
Put in a request to create the resource
- Create the mailbox using Powershell: enable-mailbox (username) -Database “Conference Rooms” -Room
- Set specific settings on the conference room
Once the mailbox has been created, you can set delegates and other settings, one of the key ones is to enable the booking attendant of the room by running the following powershell command: Set-CalendarProcessing -<resource> -ResourceDelegates “<user1@networks.com”,”<user2@networks.com>” -AutomateProcessing AutoAccept DLs cannot be used for ResourceDelegates More settings can be found at http://technet.microsoft.com/en-us/library/dd335046(v=exchg.150).aspx
To allow only certain people to book the room, this is known as in-policy and out-of-policy settings. This too also uses the powershell commandlet Set-CalendarProcessing. The default settings used for this are:
-
AllBookInPolicy: $true or $false: default is $true
By Setting this to true allows the calendar to accept meetings from all users, by setting it to false, you need to set the value to at least one user for approval
-
AllRequestInPolicy: $false or $true: default is $false
These requests are subject to approval by a resource mailbox delegate unless the AllBookInPolicy parameter is set to true
-
AllRequestOutOfPolicy: $true or $false: default is $false
Out-of-policy requests are subject to approval by a resource mailbox delegate.
-
BookInPolicy: default: $null, array, for example “user1@netowrks.com”,user2@networks.com…
Any in-policy meeting requests from these users are automatically approved
-
RequestInPolicy: default: $null, array, for example “user1@netowrks.com”,user2@networks.com…
All in-policy meeting requests from these users are subject to approval by a resource mailbox delegate
-
RequestOutOfPolicy: default: $null, array, for example “user1@netowrks.com”,user2@networks.com…
Out-of-policy requests are subject to approval by a resource mailbox delegate.
-
ProcessExternalMeetingMessages: $true or $false: default is $false.
Setting to true allows the meeting room to accept meetings form people outside of the organizationto
What you SHOULD NEVER EVER DO with a calendar, doing so may allow double bookings to happen
- Use the Exchange tool to grant full mailbox or send as permissions for a resource
- Manually grant or deny permissions through outlook to a conference room. This is done by opening the calendar of the resource, right clicking and going to proprieties and permissions tab.
Default permissions for a calendar, you can get the permissions by running the following PowerShell command: get-mailboxfolderpermmision <username>:\calendar.
- FolderName : Calendar
- User : Default
- AccessRights : {AvailabilityOnly}
- Identity : Default
User : Anonymous
- AccessRights : {None}
- Identity : Anonymous
You can reset the permissions by doing the following
The following command will remove all but default and anonymous: Get-MailboxFolderPermission <room>:\calendar | where {($_.user -notlike “Default”) -and ($_.user -notlike “anonymous”)} | %{Remove-MailboxFolderPermission -User $_.user -Identity <room> }
Reset the default permissions running set-mailboxfolderpermission <username>:\calendar -user Default -AccessRights AvailabilityOnly and run it a second time but replace Default with Anonymous and the permission $null
To Remove full mailbox access, this is actually easier to do this through the GUI since there are a lot of permissions, however you can get a list by running the following command: Get-ADPermission “<display name of room>” | select User,accessRights| where {$_.AccessRights -like “GenericAll”}
They can then be removed by running the following command: remove-ADPermission “<display name of room>” -User “<username>” -AccessRights GenericAll
Cialis 45 Ans Baclofene Deces Propecia Verschreiben Lassen [url=http://cialibuy.com]cialis canada[/url] Prezzo Di Cialis 5 Mg Alternativa A Viagra Propecia Finasteride Problems
Discount Worldwide Clobetasol Get Drugs Online Price [url=http://cialibuy.com]cialis for sale[/url] Achat Propecia En Ligne
Generic Viagra Shipped To P O Box [url=http://cialibuy.com]Buy Cialis[/url] Cheapest Viagra In Uk Cialis 5 Mg Daily Cost Cialis Y Sintrom
Zithromax Abdominal Cramps On Sale Fedex Shipping Provera Discount Legally Free Shipping [url=http://cialibuy.com]cialis 20mg for sale[/url] Kamagra Tablets Online Viagra Online Kaufen
Cialis Precios [url=http://cialibuy.com]cheap cialis online[/url] Sante Propecia Cialis Levitra Viagra L Impuissance Viagra Nebenwirkungen Dosierung
Propecia Eyebrow Hair [url=http://cialibuy.com]Cialis[/url] Zithromax Against Chlamydia Viagra 25 Mg 4 St Provera Cycrin Mail Order
Whats Amoxicillin Clavulanate Comprar Levitra Generico 30mg Le Priligy Generique [url=http://sildenaf100mg.com]viagra[/url] Viagra Cheapest 100mg Soft Super Kamagra Einnahme
Products For Longer Lasting Erections Nazaire [url=http://genericvia.com]online pharmacy[/url] Cialis Preise 5mg Acquistare Kamagra Paris A Buon Mercato