Tip

Grant users access to another user's Outlook 2007 mailbox

Exchange Server mailboxes are often thought of as something personal that belongs to one specific user. At times, however, you may need to give one user access to another user's mailbox or you may need to monitor a mailbox yourself. This tip explains the processes for both.

Delegating mailbox access in Outlook 2007

It's common for higher-ranking employees in an organization to have an assistant who may need to screen messages or send messages on behalf of the manager. In another instance, one user may be out of the office for an extended period and another user may need to check that person's email. In either case, an Outlook user can delegate access of his or her mailbox to another user.

The delegation process is fairly simple. In Microsoft Outlook 2007, select Tools -> Options. When the Options properties sheet appears, select the Delegates tab. Click Add and select the user you want to give access to your mailbox. Once you've specified the delegate for your mailbox, you'll be taken to the Delegate Permissions dialog box (Figure 1).

    Requires Free Membership to View


Figure 1. You can set the level of permissions that delegates have over your mailbox.

As you can see, the delegate is given the ability to read, modify and create calendar and task list items by default. However, they are not allowed to access the Inbox, Contacts, Notes or Journal. Additionally, although the delegate has full access to the user's calendar, he cannot read private calendar items unless you select the Delegate Can See My Private Items check box.

You can set one of four different permission levels on mailbox objects (Calendar, Inbox, etc.).

  • None: The delegate has no access to mailbox objects.
  • Reviewer: The delegate has read-only access to mailbox objects.
  • Author: The delegate has full read and write access to mailbox objects.
  • Editor: The delegate has full read and write access to mailbox objects, as well as the ability to modify existing items.

After clicking OK, you're returned to the Options properties sheet. If you look at Figure 2, you'll notice that, by default, meeting requests and responses are sent to delegates and a copy is sent to the mailbox owner. There are also options to only send these requests and responses to only the mailbox owner or only the delegates.


Figure 2. You must decide how meeting requests and responses should be handled.

Opening a delegated mailbox in Outlook 2007

Once a user has delegated mailbox access to another user, the delegate can open the other user's mailbox by selecting the Open -> Other User's Folder command. Outlook 2007 will display a dialog box similar to the one shown in Figure 3, which prompts a user to enter the name of the user whose mailbox they'd like to open and the individual folder within the mailbox to open.


Figure 3. The delegate must specify which mailbox resource they want to open.

Monitoring a user's Outlook mailbox

in some cases, you may need to access a mailbox without the employee knowing that you're doing so. But before I begin, it's important to know that in most organizations it's illegal to monitor an employee's email without his or her knowledge or consent. Therefore, be sure to check with your company's legal department before using this technique.

More on Outlook 2007:
Crash course on Microsoft Outlook 2007 calendar sharing

Predict how large Outlook 2007 mailboxes will perform

Avoid Outlook 2007 performance issues during repairs

The method used to monitor a mailbox isn't that different from delegating mailbox access. When a user delegates access to his mailbox, he's granting mailbox permissions to another user. When you want to monitor a mailbox, you still have to grant permission to the mailbox. The difference between the two is that, as the Exchange administrator, you grant permissions, not the owner of the Outlook mailbox.

Another difference is that while normal mailbox delegation is performed through Outlook, this procedure uses the Exchange Management Shell. The person granting the permissions must be either the Exchange Server administrator or an Exchange Organization administrator.</ p> The command used to grant mailbox permissions is Add-MailboxPermission.

To give you an idea of how this command works, imagine that you wanted to grant User1 full access to User2's mailbox. To do so, enter the following command:

Add-MailboxPermission –Identity "User2" –User User1 –AccessRight FullAccess –InheritanceType all

This command requires the use of several command line switches. Here is a breakdown of the switches and their functions:

  • -Identity: The Identity switch tells Exchange Server to which mailbox the new permissions will apply. The Identity must be the user's full name and must be enclosed in quotation marks.
  •  

  • -User: The User switch tells Exchange Server which user is being granted permission to access the mailbox.
  •  

  • -AccessRight: The AccessRight switch indicates what level of mailbox access the specified user will be granted. The command above uses FullAccess, but there are other access rights that you can set including SendAs, ExternalAccount, DeleteItem, ReadPermission, ChangePermission and ChangeOwner.
  •  

  • -InheritanceType: The InheritanceType switch tells Exchange Server how far down the Active Directory object structure the permission should propagate. This value is normally set to All.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip?  Let us know.


This was first published in February 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.