Monday, March 21, 2005

Configuring Delegate Access on Exchange (Part 1)

[Warning, I'm in a rambling mood today]

Family is important. In my opinion, you should do whatever you can to help your family. As I think I've mentioned in the past, my grandfather, after he retired decided to keep his mind active by learning the computer. Now everyone might say "you can't teach an old dog new tricks". Well, my grandfather might be special, but you can actually teach him new tricks, you just can't teach him multiple ways to do the same trick. We've been working on email and reading news on The Globe & Mail website (Canada's top newspaper).

As any user with two computers and two pop3 accounts, he was struggling with email. My grandfather is what us Canadian's call a "snow bird", meaning he lives in Florida during the cold months, and Ontario during the warm months. This posed a problem, he got used to the idea of a "Toronto" and an "Florida" email address. He'd either not respond to email for months and months, or he'd tell people to email him at another email address during different months.

In my book, unacceptable. Enter SBS.

I set my grandfather up with an account on my server here in Seattle, then while on vacation with my grandfather on Vancouver Island, BC, I managed to convince him he needed a new computer (to upgrade from Win9x to WinXP with Office 2003), we ordered it from Dell over a dial-up connection (wow those things are slow!). The next month, I was in Toronto unpacking and moving his data to the new computer. I configured the new box to point to my server in Seattle using RPC over HTTP for email. After ironing out a few kinks (upgrading his ISP's DSL modem), he was up and running.

Originally, I had left his outlook checking both email accounts. Unfortunately, what I didn't realize was that he was getting 15-20 peices of spam a day, and maybe 1 or 2 emails every 3-4 days!

So being the good grandson I offered to check my grandfather's pop3 email for him, and send him any non-spam email. My grandfather didn't seem to mind the invasion to his privacy, and I set it up.

For the first little while, I'd just forward email to him that was not spam, until one day he decided to reply. *I* got the reply! Whoops!

I needed a new method to just make this work for him so he can't tell the difference. Delegate access was the way to go! I had to drag & drop the actual messages into his inbox so he could just hit reply and it would come from his email address.

So I set out to accomplish this task. Outlook help probably saved me about 15-20 minutes. Here are the steps that I followed:

  1. Log into the mailbox as my grandfather using Outlook in RPC/HTTP mode (not that it matters)

  2. I went to Tools,Options, and the Delegates tab

  3. Click the Add... button

  4. Select the user from the GAL you want to have delegate access

  5. Change the permissions that person has on the different parts of Outlook. In my case, I only wanted access to the inbox, so I changed that to Editor (can read, create, and modify items).

At this point, I was finished with the users inbox, so I closed it up. I then opened mine since it was me that I gave access to. I then followed the steps to add the mailbox to my Outlook view:

  1. In my Outlook, I went to Tools, E-Mail Accounts and clicked on View or Change existing e-mail accounts and clicked Next.

  2. With the Microsoft Exchange Server account selected, I clicked on Change.

  3. Then More Settings on the Exchange Server Settings Page

  4. On the Advanced Tab, I clicked Add and typed in the alias of my grandfather

At this point, I have my grandfather's mailbox showing up in my Outlook folder list, but if I try to expand it, I get an error. I thought I'd be done at this point, but apparently there is one more ACL you have to change, as an admin, on the server.
Here's how:

  1. On the server open Server Management and browse to the Userssnap-in.

  2. Right click the user in question and choose Properties.

  3. On the Exchange Advanced tab, click on the Mailbox Rights button at the bottom.

  4. In here, I had to add myself to my grandfather's mailbox and give myself Full mailbox access. There may be a lesser permission you could do here, but my grandfather trusts me, so this is fine.

That's it! Now I can expand my grandfather's mailbox in my Outlook view and drag and drop any mail in there I want! Now when I get mail from his pop3 service, I can drop it into his actual mail box, and he's able to hit reply.

The only other thing you might want to do, is if you are using strong passwords on your network (which I strongly recommend), and the account is not logged into, you'll have to exclude it from the password policy to make sure that the password doesn't expire on that account and no one can access it. But I think I'll save that for tomorrow's post.

Part 2, is available here!

3 comments:

Anonymous said...

On a Windows 200 box you might not see the Exchange Advanced tab. to view it select view then tick Advanced features

Sean Daniel said...

Thanks for the help! That's great information!

Anonymous said...

just a heads up - delegate not delgate!