Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Powershell - Removing User FullAccess Permissions from Their Own Mailb

- - - - - Exchange 2010 Powershell

  • Please log in to reply
2 replies to this topic

#1
Falcor

Falcor

    Newbie

  • Member
  • 13 posts
  • OS:Windows 8 x64
  • Country: Country Flag

Hi All,

 

We had a little bug go through our Exchange Server that really hosed our permissions on all mailboxes.  I have everything working now, but am looking for a way to systematically clean up permissions.

 

For instance: NT Authority\Self is allowed FullAccess on all mailboxes...this is good.  This allows each user full access to their own mailbox.  On top of this, each user is listed ALSO with FullAccess permissions on their own mailboxes.  This is unnecessary due to the NT Authority\Self permission.

 

If I were to use the Exchange Management Console to remove each user from their mailbox, EMC would actually remove their access entirely by stipulating a DENY - not good.

 

What I am looking to do is use PowerShell to run a loop.  So that you may better understand what I am trying to do:

1. Get-Mailbox
2. Enumerate username associated with mailbox and assign $username variable
3. Remove-MailboxPermission –user $username –AccessRight FullAccess

Once the entire command is piped:

Get-Mailbox | $username = user | Remove-MailboxPermission -user $username -AccessRight FullAccess 

Thus, it would remove the users' full-access permissions only from their own mailbox.

 

Can anyone help me accomplish this?  I have searched and searched, but still come up empty.

 

Thanks!


Edited by Falcor, 16 March 2014 - 10:54 PM.



How to remove advertisement from MSFN

#2
Falcor

Falcor

    Newbie

  • Member
  • 13 posts
  • OS:Windows 8 x64
  • Country: Country Flag

So far what I've come up with on my own...which does NOT work is:

Get-Mailbox | Foreach-Object{

    $username = Select-Object Alias
    Remove-MailboxPermission -user $username -AccessRight FullAccess
}

This is the error I get, which doesn't help me in the least:

Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
    + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],
   PSInvalidOperationException
    + FullyQualifiedErrorId : RemotePipelineExecutionFailed

Cannot bind argument to parameter 'User' because it is null.
    + CategoryInfo          : InvalidData: (:) [Remove-MailboxPermission], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Remove-MailboxPermission

Any ideas?



#3
Falcor

Falcor

    Newbie

  • Member
  • 13 posts
  • OS:Windows 8 x64
  • Country: Country Flag

Still?  No one?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN