In a previous article I demonstrated how to use a PowerShell script to grant read-only permissions to an Exchange mailbox. The script achieves this by granting the “Reviewer” permission to each folder within the mailbox. In fact, it can be used to grant any mailbox folder permission or role (eg Owner, Editor, Contributor), not just read-only, and I have just made a minor update to the script to handle errors better.
One of the most common requests from people who use that script is how to *remove* permissions from mailbox folders.
Fortunately this is an easy task with just a few modifications to the original script. Naturally just as there is an Add-MailboxFolderPermission cmdlet for Exchange Server, there is also a Remove-MailboxFolderPermission cmdlet.
So we can use the same approach of traversing the mailbox folder hierarchy, checking for the user in question, and removing the permissions.
Here is a sample from the script that shows how this is performed:
$mailboxfolders = @(Get-MailboxFolderStatistics $Mailbox | Where {!($exclusions -icontains $_.FolderPath)} | Select FolderPath)
foreach ($mailboxfolder in $mailboxfolders)
{
$folder = $mailboxfolder.FolderPath.Replace("/","\")
if ($folder -match "Top of Information Store")
{
$folder = $folder.Replace(“\Top of Information Store”,”\”)
}
$identity = "$($mailbox):$folder"
Write-Host "Checking $identity for permissions for user $user"
if (Get-MailboxFolderPermission -Identity $identity -User $user -ErrorAction SilentlyContinue)
{
try
{
Remove-MailboxFolderPermission -Identity $identity -User $User -Confirm:$false -ErrorAction STOP
Write-Host -ForegroundColor Green "Removed!"
}
catch
{
Write-Warning $_.Exception.Message
}
}
}
You can download the complete Remove-MailboxFolderPermissions.ps1 script from Github here.
And here is an example of the script in action, removing permissions for the user “Alan Reid” from the mailbox of “Alex Heyne”.
[PS] C:\Scripts\MailboxFolderPermissions>.\Remove-MailboxFolderPermissions.ps1 -Mailbox alex.heyne -user alan.reid
Checking alex.heyne:\ for permissions for user alan.reid
Removed!
Checking alex.heyne:\Calendar for permissions for user alan.reid
Removed!
Checking alex.heyne:\Contacts for permissions for user alan.reid
Removed!
Checking alex.heyne:\Contacts\{06967759-274D-40B2-A3EB-D7F9E73727D7} for permissions for user alan.reid
Removed!
Checking alex.heyne:\Contacts\GAL Contacts for permissions for user alan.reid
Removed!
Checking alex.heyne:\Contacts\Recipient Cache for permissions for user alan.reid
Removed!
Checking alex.heyne:\Conversation Action Settings for permissions for user alan.reid
Removed!
Checking alex.heyne:\Deleted Items for permissions for user alan.reid
Removed!
Checking alex.heyne:\Drafts for permissions for user alan.reid
Removed!
Checking alex.heyne:\Inbox for permissions for user alan.reid
Removed!
Checking alex.heyne:\Inbox\Customers for permissions for user alan.reid
Removed!
Checking alex.heyne:\Inbox\Marketing Reports for permissions for user alan.reid
Removed!
Checking alex.heyne:\Inbox\Team Matters for permissions for user alan.reid
Removed!
Checking alex.heyne:\Journal for permissions for user alan.reid
Removed!
Checking alex.heyne:\Junk E-Mail for permissions for user alan.reid
Removed!
Checking alex.heyne:\News Feed for permissions for user alan.reid
Removed!
Checking alex.heyne:\Notes for permissions for user alan.reid
Removed!
Checking alex.heyne:\Outbox for permissions for user alan.reid
Removed!
Checking alex.heyne:\Quick Step Settings for permissions for user alan.reid
Removed!
Checking alex.heyne:\RSS Feeds for permissions for user alan.reid
Removed!
Checking alex.heyne:\Sent Items for permissions for user alan.reid
Removed!
Checking alex.heyne:\Suggested Contacts for permissions for user alan.reid
Removed!
Checking alex.heyne:\Tasks for permissions for user alan.reid
Removed!
Checking alex.heyne:\Working Set for permissions for user alan.reid
Removed!
Checking alex.heyne:\Calendar Logging for permissions for user alan.reid
This article PowerShell Script to Remove Mailbox Folder Permissions is © 2015 ExchangeServerPro.com
Get more Exchange Server tips at ExchangeServerPro.com
