官术网_书友最值得收藏!

Managing permissions

In this topic, we will look at ways by which we can assign permissions to users or groups called delegates. It allows the delegates to open and send messages from other mailboxes. Permissions can be assigned to mailboxes, distribution groups, and mail-enabled security groups. The following permissions can be assigned to delegates:

  • Full Access: A delegate of a mailbox has full access to open a mailbox and access the content. This permission, however, will not allow the delegate to send mail from that mailbox.
  • Send As: The Send As permission will allow the delegate to send messages from the other mailbox. The message in this case will appear to be coming from the mailbox owner. If Send As is used for a group, the message will appear to be originating from this group.
  • Send on Behalf: This permission will also allow a delegate to send messages from other user's mailbox. Unlike the Send As permission, the message from this field will indicate that this message was sent by the delegate on behalf of the mailbox owner.

Manage Full Access permissions

The following example assigns the Full Access permission to Holly for Amy's mailbox:

Add-MailboxPermission -Identity "Amy Alberts" -User hollyh -AccessRights FullAccess -InheritanceType all

If you are the administrator and there is a need to look at the content of some user's mailboxes, you can assign this permission using the following command. This example will provide full access permissions to for all the mailboxes:

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User admin@contoso.com -AccessRights fullaccess -InheritanceType all

You can view the Full Access permission using the following syntax:

Get-MailboxPermission –identity mailbox –User Delegate

For example, if you want to check if the permissions are set as per the first example, you need to type this:

Get-MailboxPermission –identity "Amy Alberts" –User hollyh

The Full Access permission, once granted, can be removed using the Remove-Mailbox permission. The following command will remove the full access granted to Holly Holt on Amy Albert's mailbox:

Remove-MailboxPermission -Identity "Amy Alberts" -User hollyh -AccessRights FullAccess -InheritanceType All

Manage Send As permission

The Send As permission can be granted and revoked using the Add-AD and Remove-AD permissions. For example, the following command will assign the Send As permission to the Tier 1 Helpdesk Support Group on the shared mailbox of Helpdesk:

Add-ADPermission -Identity helpdeskshared -User Tier1helpdeskgroup -ExtendedRights "Send As"

To view the permission, type this:

Get-ADPermission –identity helpdeskshared –User Tier1helpdeskgroup

If you are using Exchange Online, you need to replace –User with the –Trustee parameter.

The example removes the Send As permission for the user called John Doe from Holly Holt's mailbox:

Remove-ADPermission -Identity "Holly Holt" -User Johnd -ExtendedRights "Send As"

Manage Send On Behalf permission

The Send on Behalf permission is managed using the Set-Mailbox cmdlet. The following cmdlet assigns the Send on Behalf to John Doe on Holly Holt's mailbox:

Set-Mailbox -Identity hollyh@contoso.com -GrantSendOnBehalfTo JohnD

The following command will remove the send on Behalf permission of the admin assistant group from the Executives shared mailbox:

Set-Mailbox "Executives" -GrantSendOnBehalfTo @{remove="adminassistant@contoso.com"}

To view the send on behalf permission, type this:

Get-Mailbox –identity hollyh | FL GrantSendOnBehalfTo
主站蜘蛛池模板: 兖州市| 青龙| 泌阳县| 特克斯县| 贡山| 大方县| 通道| 新昌县| 郸城县| 滕州市| 三台县| 金溪县| 锡林郭勒盟| 乐陵市| 临沭县| 苏尼特左旗| 子长县| 眉山市| 普兰店市| 张北县| 丰镇市| 灵山县| 宣化县| 林口县| 惠州市| 遂川县| 息烽县| 宿迁市| 西林县| 满洲里市| 望谟县| 云南省| 哈密市| 慈溪市| 佳木斯市| 出国| 滦南县| 章丘市| 厦门市| 阳原县| 巫山县|