users can delete public folder calendar entries without permission

  • Thread starter shrpshtr
  • Start date Views 1,729
S

shrpshtr

why would a user be able to delete a calender entry in exchange 2003

(Active Directory) public folder with permissions on that folder set

to none in the delete section? any help would be greatly appreciated.

shrp
 
R

Rich Matheisen [MVP]

On Mon, 15 Mar 2010 17:23:15 -0700 (PDT), shrpshtr

<shrpshtr@gmail.com> wrote:


> why would a user be able to delete a calender entry in exchange 2003
> (Active Directory) public folder with permissions on that folder set
> to none in the delete section? any help would be greatly appreciated.


The short answer is that they wouldn't be able to do that.

-
Rich Matheisen

 
L

Leonid S. Knyshov // SBS Expert

On 3/15/2010 5:23 PM, shrpshtr wrote:
> why would a user be able to delete a calender entry in exchange 2003
> (Active Directory) public folder with permissions on that folder set
> to none in the delete section? any help would be greatly appreciated.

> shrp


Deny permissions override Allow. Both permissions can be inherited.

If there is Allow permission upstream and you don't have a corresponding

Deny setting, then the Allowed user can delete.

Leonid S. Knyshov

Try Exchange Online http://bit.ly/free-exchange-trial

 
S

shrpshtr

Re: users can delete public folder calendar entries withoutpermission

On Mar 16, 3:19 am, "Leonid S. Knyshov // SBS Expert"

<LeonidSKnyshovSBSExp...> wrote:
> On 3/15/2010 5:23 PM, shrpshtr wrote:> why would a user be able to deletea calender entry in exchange 2003
> > (Active Directory) public folder with permissions on that folder set
> > to none in the delete section?  any help would be greatly appreciated..

>
> > shrp


> Deny permissions override Allow. Both permissions can be inherited.

> If there is Allow permission upstream and you don't have a corresponding
> Deny setting, then the Allowed user can delete.
> > Leonid S. Knyshov
>

>

> http://crashproofsolutions.com
>

> Try Exchange Onlinehttp://bit.ly/free-exchange-trial
>


I've looked under ESM and can't find anywhere that permissions are

allowing this to occur. Is there anywhere else I need to check?

To Rich - I know they "won't" be able to do this but they can, and are.
 
R

Rich Matheisen [MVP]

Re: users can delete public folder calendar entries without permission

On Tue, 16 Mar 2010 06:30:09 -0700 (PDT), shrpshtr

<shrpshtr@gmail.com> wrote:


> On Mar 16, 3:19 am, "Leonid S. Knyshov // SBS Expert"
> <LeonidSKnyshovSBSExp...> wrote:
> > On 3/15/2010 5:23 PM, shrpshtr wrote:> why would a user be able to delete a calender entry in exchange 2003
> > > (Active Directory) public folder with permissions on that folder set
> > > to none in the delete section?  any help would be greatly appreciated.

> >
> > > shrp

>

>> Deny permissions override Allow. Both permissions can be inherited.
>

>> If there is Allow permission upstream and you don't have a corresponding
> > Deny setting, then the Allowed user can delete.


[ snip ]


> I've looked under ESM and can't find anywhere that permissions are
> allowing this to occur. Is there anywhere else I need to check?

> To Rich - I know they "won't" be able to do this but they can, and are.


Then the permissions aren't what you say they are.

Try using PFDAVADMIN and reset the permissions order.

MAPI arranges ACEs in the ACL in an order different to those in NTFS.

MAPI permissions are "deny,allow,deny,allow,deny,allow,. . . ", NTFS

are "deny,deny,deny,allow,allow,allow,..."

You don't offer much in the way of details as to the arrangement of

the permissions. Are the permissions given to a group or to an

individual? Are the individuals members of groups that have been given

perissions? Are groups members of other groups that have been given

permissions?

In the "look but don't touch" category, hold down the Control key and

click the "Client permissions..." button on the folder. Perhaps the

more familiar "NTFS view" will help find the cause.

-
Rich Matheisen

 

Top