A couple of commenters wanted an update on how much progress I made on my attempt to restore Anonymous privileges to a specific user’s Calendar folder within Outlook. After some doing some digging, I came across the Microsoft Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration (PFDAVAdmin) Tool. The tool allows one to connect to their Exchange Server and correct permissions on Public Folders and Mailboxes.
Essentially, the problem I had is that the Discretionary Access Control List (DACL) on the Calendar folder in question was missing Anonymous. To add it back, one merely uses PFDAVAdmin to locate the NT AUTHORITY\ANONYMOUS LOGON. PFDAVAdmin does this quite easily. I had some difficulty in reading my Exchange Server’s mailboxes, but that was due in large part to the Exadmin virtual directory being set to require the use of SSL. Once I disabled this in the IIS Manager, PFDAVAdmin could see all of the mailboxes and pull up everything on them.
Now, while I have corrected the missing Anonymous permission, that does not appear to have resolved my problem. I am experimenting a bit with this, but it looks as though I am going to have to go the route that both mokie and eXtra heavy suggested. Essentially, I may have to create a group that has no rights to the Calendar folder for the managing partner. I could also try to peel away both the Default and Anonymous rights that currently exist on his Calendar folder, but that would seem to fly in the face of my original theory.
The bottom line: I need to make sure that no one except his assistant can access his Calendar via the File|Open Other User’s Folder… option within Outlook. More on this as it develops, but time for more hacking.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.