Outlook users on Exchange 2010 mailboxes were
failing to download the OAB (offline address book) due to list folder privilege being missing
on OAB directories used for clients to download via IIS. The directories require at least the list folder privilege for the Authenticated Users group to be able to download an OAB.
To resolve I created a task that runs on every boot
on each CAS server and sets the required privilege on the OAB and lower
folders. The task must be set to “run with the highest privileges” and
I had to run it as a user with local administrator
rights. The task runs a ps1 script like below which sets the parent OAB folder and all child OAB folders. Each OAB in an Exchange 2010 environment has it's own folder named with a GUID.
#-----------------------------
$exdirpath = '<drive and path to>\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB'
$launchpath = '<drive and path to script output file>'
# ---- note that xcacls.vbs should be stored in th $launchpath location ----
# ---- clear output file ----
$permout = ""
$permout | Out-File $launchpath\setperm01result.
# ----- Set privilege for authenticated users with read and list on OAB root -----
$permout = cscript $launchpath\xcacls.vbs "$exdirpath" /E /G SID#S-1-5-11:L
$permout | Out-File -append $launchpath\setperm01result.
# ----- Set privilege for authenticated users with read and list on OAB subfolders -----
$exdirs = gci $exdirpath | where {$_.Attributes -eq 'Directory'}
foreach ($exdir in $exdirs)
{
$permout = cscript $launchpath\xcacls.vbs "$exdirpath\$exdir" /E /G SID#S-1-5-11:L
$permout | Out-File -append $launchpath\setperm01result.
}
No comments:
Post a Comment