Exchange 2003 Change Mailbox Folders Permissions in Bulk
The other day one of my Senior Client Business managers contacted me about a change to a process that they had made within their own business processes that required a very specific action to be made to every single mailbox calendar in their organisation.
Essentially they had done away with paper based diaries and wished to move their enter scheduling processes to be based within each users Exchange calendar.
I personally thought that this was a great idea (personally I am all for making full use of Exchange’s features – but one condition that they would like to see implemented was for everyone in the organisation to have the ability to see each others calendar (but not edit).
I thought about this and decided that the best way to do this would be to change the “Default” security principle on everyone’s main calendar in Exchange to “Reviewer” rights – but, there in lay the challenge – how would I do this?
After doing some research around the web, I found reference to a once popular utility entitled “SetPerm” which was written by a chap called Kevin Snook (the original web site were you could download it appears to have lapsed – however it can be down loaded from here essentially SetPerm allows you to centrally change the permissions on all the folders that appear within an Exchange mailbox (for example; Calendar, Contacts, Deleted Items, Drafts et al).
Using this utility I was able to set everyones Default Calendar entry to “Reviewer” in a very short period of time – below is how I did it.
Firstly I installed SetPerm on the Exchange server in question – to do this I extracted all of the files in the setperm.zip to a folder on the hard disk of the Exchange server – the files extracted are acl.dll, setperm.exe, and readme2.rtf.
I then registered the ACL.dll using the following command syntax: regsvr32 c:\setperm\acl.dll.
Normally the ACL.dll is not available as a compiled DLL. It is based on a code sample that shipped in the Platform SDK and usually would need to be compiled before use, however the person whom created setperm very kindly pre-compiled it for us.
In order to change permissions on the folders within a users mailbox you require rights that are similar to that of EXMERGE – to configure these permissions for the account that I used and if you intend to use setperm I recommend that you follow this KB article HERE.
When the ACL.dll had been registered and I had checked my permissions I was ready to run setperm.exe.
Now at first it can be a little confusing on how to get this piece of software working – but, I found that if you run it with the following command line it works great:
So an example command line would be: setperm.exe /mailbox:andy.grogan\ex-nn
When setperm executes would will be presented with a screen that looks like the following;
On the bottom right there is a button entitled “Select Mailboxes” I clicked on this option and I was presented with the following dialog box:
From the top right where it says “Show names from the:“ I clicked on the drop down box and selected the “All Users” options – this changes the display so it will only show mailboxes, rather than contacts and distribution groups.
I then selected all of the mailboxes that I wished to change the permissions for by choosing them from the lists and holding down CTRL – when I was ready to change the permissions I clicked on the “Set permissions for” button and then clicked on OK (its the same as using the GAL in Outlook).
When I clicked OK, I was returned to the Setperm mail screen – here I could now place a tick in the Calendar area under the “Selected Folders” section. I then changed the permissions set to “Reviewer”.
When this was done my screen now looked like the following:
I could now click on the “Set Permissions” button which then changed all of the permissions for the default entry on all of the calendars that I had selected – the results of which are shown in the very bottom left information area – see the following example:
And that all there was to it – all of the calendar default permissions changed to “Reviewer” in a matter on minutes.
Obviously there is a little more to Setperm then just changing the default permissions on folders within mailboxes – you can also use it to set customer permissions of user folders on a per user basis – this is done by changing the scope under the “Set Permissions for these recipients” to “Custom” and the selecting the users that you wish to grant the permissions to.
Its a really good tool and I recommend it as part of any Exchange administrators tool kit.