New Version Of ExFolders Adds A Clear Permissions Bulk Operation

  • [アーティクル]

In October of last year, I updated ExFolders with a new Clear Permissions option in order to fix folders with non-canonical ACLs. I described that update in an old blog post you can find here: https://blogs.technet.com/b/bill_long/archive/2012/05/03/3460823.aspx.

Since then, one of the most requested features has been a way to run this on a whole subtree of folders. Unfortunately, it appears that customers are seeing ACL problems more often than I expected. So today, I’ve released a new build of ExFolders that includes a way to do this. In the latest version, when you go to Tools->Custom Bulk Operation and you hit Add, you’ll find an option to Clear Folder Permissions.

One of the reasons I didn’t add this feature initially is that it is such a destructive operation. Clearing the permissions on a whole tree of folders is not something to do casually without considering the consequences. In a mailbox, you are taking away permissions on folders that users have purposely shared out. In public folders, you are literally removing all access rights for everyone, making it impossible for your clients to access the public folders.

However, when you add the Clear Folder Permissions bulk operation, you’ll notice it has a checkbox, which is selected by default, called Restore previous permissions after clearing. When this is selected, ExFolders will clear the permissions and save those changes, and then it will attempt to set the permissions that were present before and save the changes again. This should allow it to fix non-canonical ACLs without requiring the administrator to set all the permissions back the way they were before.

Of course, as with any bulk permissions change, it’s a good idea to take a permissions export first just in case something goes wrong. However, I expect this option will make importing after a mass Clear Permissions unnecessary in most cases. And because this option is selected by default, I’m hoping that if someone accidentally runs this against a set of folders, the impact will be minimal.

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Oh, that assumes that server name is in the first column of the CSV (column 0) and the email address is in the second column (column 1).

  • Anonymous
    August 03, 2012
    Bill: Great article on ExFolders. I just installed and configured the tool on my Exchange and am learning to get it to work the same way I used PFDAVAdmin to export mailbox folder permissions. With PFDAVAdmin I will run the following command and get an export with no problem. PFDAVAdmin -export -permissions ntaccount -s MYEXCH01 -f c:tempJohnD.txt -scope MailboxesJohnD On my Exchange 2010, I managed to do the same using PowerShell as follows [PS] C:Program FilesMicrosoftExchange ServerV14Bin>exfolders -connectto myexchserv002 -export -permission ntaccount -scope mailboxesjohnd@mycompany.com -f D:Exfolders_logsjohnd.txt and it works great. Here is a difficulity that I have come accross and need some help understanding how to accomplish a task discribed below. I have been trying to figure out how to get a report of mailbox folder permissions on multiple mailboxes accross several Exchange mailbox servers by using a csv file (with a list of users) as an input and get report of each mailbox on the list outputed on a text file for each mailbox individually. I could not achive this as the ExFolders tool does not have a future which allows to use an input file. I am not good at scripting and was not able to figure if this can be accomplished with Powershell. Any help or guidance is appreciated.

  • Anonymous
    October 18, 2013
    I just want to delete calendars from my Public Folders.  How the heck do I do this?

  • Anonymous
    October 18, 2013
    Hi Aaron, To do that in an automated fashion, you'd have to write a script that looks for any public folders where the PR_CONTAINER_CLASS is IPF.Appointment, and then delete those. I don't have an existing script that does that.

  • Anonymous
    June 29, 2015
    How can we run Exfolders, Modify all items in powershell command?

  • Anonymous
    January 22, 2016
    Hello Bil,

    when this Feature restores ACLs after Clearing them, does it also restore permissions for non-existant users? Because we have a lot permissions for users from previous migrations that users son't actually exist on our active Directory, and never existed (in the current one); and also some already deleted users from the current AD that have still permissions. We'd like to clear them out.

    Felix

  • Anonymous
    January 22, 2016
    It tries to restore all permissions. You could test it on one folder to be sure, but I would expect it to restore them.