In a previous article I demonstrated how to use a PowerShell script to grant read-only permissions to an Exchange mailbox. The script achieves this by granting the “Reviewer” permission to each folder within the mailbox. In fact, it can be used to grant any mailbox folder permission or role (eg Owner, Editor, Contributor), not just read-only, and I have just made a minor update to the script to handle errors better.

One of the most common requests from people who use that script is how to *remove* permissions from mailbox folders.

Fortunately this is an easy task with just a few modifications to the original script. Naturally just as there is an Add-MailboxFolderPermission cmdlet for Exchange Server, there is also a Remove-MailboxFolderPermission cmdlet.

So we can use the same approach of traversing the mailbox folder hierarchy, checking for the user in question, and removing the permissions.

Here is a sample from the script that shows how this is performed:

$mailboxfolders = @(Get-MailboxFolderStatistics $Mailbox | Where {!($exclusions -icontains $_.FolderPath)} | Select FolderPath) foreach ($mailboxfolder in $mailboxfolders) { $folder = $mailboxfolder.FolderPath.Replace("/","") if ($folder -match "Top of Information Store") { $folder = $folder.Replace(“Top of Information Store”,””) } $identity = "$($mailbox):$folder" Write-Host "Checking $identity for permissions for user $user" if (Get-MailboxFolderPermission -Identity $identity -User $user -ErrorAction SilentlyContinue) { try { Remove-MailboxFolderPermission -Identity $identity -User $User -Confirm:$false -ErrorAction STOP Write-Host -ForegroundColor Green "Removed!" } catch { Write-Warning $_.Exception.Message } } } 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 $ mailboxfolders = @ ( Get - MailboxFolderStatistics $ Mailbox | Where { ! ( $ exclusions - icontains $ _ . FolderPath ) } | Select FolderPath ) foreach ( $ mailboxfolder in $ mailboxfolders ) { $ folder = $ mailboxfolder . FolderPath . Replace ( "/" , "" ) if ( $ folder - match "Top of Information Store" ) { $ folder = $ folder . Replace ( “ Top of Information Store ” , ”” ) } $ identity = "$($mailbox):$folder" Write - Host "Checking $identity for permissions for user $user" if ( Get - MailboxFolderPermission - Identity $ identity - User $ user - ErrorAction SilentlyContinue ) { try { Remove - MailboxFolderPermission - Identity $ identity - User $ User - Confirm : $ false - ErrorAction STOP Write - Host - ForegroundColor Green "Removed!" } catch { Write - Warning $ _ . Exception . Message } } }

You can download the complete Remove-MailboxFolderPermissions.ps1 script from Github here.

And here is an example of the script in action, removing permissions for the user “Alan Reid” from the mailbox of “Alex Heyne”.

[PS] C:ScriptsMailboxFolderPermissions>.Remove-MailboxFolderPermissions.ps1 -Mailbox alex.heyne -user alan.reid Checking alex.heyne: for permissions for user alan.reid Removed! Checking alex.heyne:Calendar for permissions for user alan.reid Removed! Checking alex.heyne:Contacts for permissions for user alan.reid Removed! Checking alex.heyne:Contacts{06967759-274D-40B2-A3EB-D7F9E73727D7} for permissions for user alan.reid Removed! Checking alex.heyne:ContactsGAL Contacts for permissions for user alan.reid Removed! Checking alex.heyne:ContactsRecipient Cache for permissions for user alan.reid Removed! Checking alex.heyne:Conversation Action Settings for permissions for user alan.reid Removed! Checking alex.heyne:Deleted Items for permissions for user alan.reid Removed! Checking alex.heyne:Drafts for permissions for user alan.reid Removed! Checking alex.heyne:Inbox for permissions for user alan.reid Removed! Checking alex.heyne:InboxCustomers for permissions for user alan.reid Removed! Checking alex.heyne:InboxMarketing Reports for permissions for user alan.reid Removed! Checking alex.heyne:InboxTeam Matters for permissions for user alan.reid Removed! Checking alex.heyne:Journal for permissions for user alan.reid Removed! Checking alex.heyne:Junk E-Mail for permissions for user alan.reid Removed! Checking alex.heyne:News Feed for permissions for user alan.reid Removed! Checking alex.heyne:Notes for permissions for user alan.reid Removed! Checking alex.heyne:Outbox for permissions for user alan.reid Removed! Checking alex.heyne:Quick Step Settings for permissions for user alan.reid Removed! Checking alex.heyne:RSS Feeds for permissions for user alan.reid Removed! Checking alex.heyne:Sent Items for permissions for user alan.reid Removed! Checking alex.heyne:Suggested Contacts for permissions for user alan.reid Removed! Checking alex.heyne:Tasks for permissions for user alan.reid Removed! Checking alex.heyne:Working Set for permissions for user alan.reid Removed! Checking alex.heyne:Calendar Logging for permissions for user alan.reid 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 [ PS ] C : ScriptsMailboxFolderPermissions > . Remove - MailboxFolderPermissions . ps1 - Mailbox alex . heyne - user alan . reid Checking alex . heyne : for permissions for user alan . reid Removed ! Checking alex . heyne : Calendar for permissions for user alan . reid Removed ! Checking alex . heyne : Contacts for permissions for user alan . reid Removed ! Checking alex . heyne : Contacts { 06967759 - 274D - 40B2 - A3EB - D7F9E73727D7 } for permissions for user alan . reid Removed ! Checking alex . heyne : ContactsGAL Contacts for permissions for user alan . reid Removed ! Checking alex . heyne : ContactsRecipient Cache for permissions for user alan . reid Removed ! Checking alex . heyne : Conversation Action Settings for permissions for user alan . reid Removed ! Checking alex . heyne : Deleted Items for permissions for user alan . reid Removed ! Checking alex . heyne : Drafts for permissions for user alan . reid Removed ! Checking alex . heyne : Inbox for permissions for user alan . reid Removed ! Checking alex . heyne : InboxCustomers for permissions for user alan . reid Removed ! Checking alex . heyne : InboxMarketing Reports for permissions for user alan . reid Removed ! Checking alex . heyne : InboxTeam Matters for permissions for user alan . reid Removed ! Checking alex . heyne : Journal for permissions for user alan . reid Removed ! Checking alex . heyne : Junk E - Mail for permissions for user alan . reid Removed ! Checking alex . heyne : News Feed for permissions for user alan . reid Removed ! Checking alex . heyne : Notes for permissions for user alan . reid Removed ! Checking alex . heyne : Outbox for permissions for user alan . reid Removed ! Checking alex . heyne : Quick Step Settings for permissions for user alan . reid Removed ! Checking alex . heyne : RSS Feeds for permissions for user alan . reid Removed ! Checking alex . heyne : Sent Items for permissions for user alan . reid Removed ! Checking alex . heyne : Suggested Contacts for permissions for user alan . reid Removed ! Checking alex . heyne : Tasks for permissions for user alan . reid Removed ! Checking alex . heyne : Working Set for permissions for user alan . reid Removed ! Checking alex . heyne : Calendar Logging for permissions for user alan . reid