Sharing all users calendars & Outlook error





On Exchange 2010, I'm trying to set permissions on all our users calendars so that everyone can open each others calendars via the open shared calendar feature in Outlook 2007 (Without each user having to manually share it themselves - It would never happen!). I've run the following powershell script:

$userAccounts = get-mailbox -resultsize unlimited
ForEach ($user in $userAccounts)
Add-MailboxFolderPermission -Identity ($user.UserPrincipalName + ":\Calendar") -User Default -AccessRights Reviewer

After this, I can open the calendars in Outlook, however, I get a balloon saying:

"You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator"
(Outlook also logs Event ID 25 in the application log on the client)

However, if I change the calendar permissions via Outlook, to the same (Anon=None, Default=Reviewer), using my calendar, it fixes the problem. I also notice that Outlook displays the "Shared" overlcay icon (The blue hand under it)! I've also then compared the permissions on my calendar Vs a problematic one with:

Get-MailboxFolderPermission -Identity\Calendar

But the output for both is the same. A little confusing. Is there another flag or similar that dentotes the calendar is shared that Outlook sets but the cmdlet isnt?

Ideas? I'm stuck!!



Think I've found the solution here, so just incase anyone stumbles accross this, here we go...

When modifying the folder permissions, I was adding manupulating the 'Default' user and giving it reviewer, by not using the default, and actually specifying an AD (mail enabled) group I managed to get things working.

I used the following to fix:
Remove-MailboxFolderPermission -Identity\Calendar -User Default -AccessRights Reviewer
Add-MailboxFolderPermission -Identity\Calendar -User Default - Accessrights AvailabilityOnly
Add-MailboxFolderPermission -Identity\Calendar -User company-wide-group -Accessrights Reviewer
So basically, leave Default to Free/Busy time (aka AvailabilityOnly) and Anonymous to None, then put an extra one in to grant access out.