Mar 20 2023 12:14 AM
We have service account that has access to all users's calendar, we found out that it also has full access to mailbox (read, send e.t.c). How to restrict rights for mailbox ?
Service account need to only read, create calendar items for all users.
Mar 20 2023 12:26 AM
Mar 20 2023 03:59 PM
Mar 21 2023 04:02 AM
Hi @waihislam,
In order to remove the Full Access that your service account has over the mailboxes you can run:
Get-Mailbox -ResultSize Unlimited | Remove-MailboxPermission -User "your service account" -AccessRights FullAccess -Confirm:$false
And to add the required permissions over all the mailboxes calendar folder you can try this script:
$Users=Get-Mailbox -ResultSize Unlimited
$Permission = "Contributor"
foreach ($User in $Users) {
$Cal = $User.Identity.ToString() + ":\Calendar"
Add-MailboxFolderPermission -Identity $Cal -User "your service account" -AccessRights Contributor -Confirm:$false }
NOTE: Remember to add your service account to the script. If a permissions entry already exists for it, you'll need to change the "Add-MailboxFolderPermission" to "Set-MailboxFolderPermission".
This is a easy one. You can build one more complete, ( with different Calendar names in the case your users have different languages... Check if the entry already exists and run the "Set" automatically, etc... ), with the help of this article:
Set default calendar permissions for all users with PowerShell - ALI TAJRAN
Regarding the permissions level, I'll say "Contributor" is what you need. But anyway see the differences below:
Hope this helps.