From: Rich Matheisen [MVP] on
On Tue, 16 Mar 2010 06:30:09 -0700 (PDT), shrpshtr
<shrpshtr(a)> wrote:

>On Mar 16, 3:19�am, "Leonid S. Knyshov // SBS Expert"
><LeonidSKnyshovSBSExp...(a)> wrote:
>> On 3/15/2010 5:23 PM, shrpshtr wrote:> why would a user be able to delete a calender entry in exchange 2003
>> > (Active Directory) public folder with permissions on that folder set
>> > to none in the delete section? �any help would be greatly appreciated.
>> > shrp
>> Deny permissions override Allow. Both permissions can be inherited.
>> If there is Allow permission upstream and you don't have a corresponding
>> Deny setting, then the Allowed user can delete.

[ snip ]

>I've looked under ESM and can't find anywhere that permissions are
>allowing this to occur. Is there anywhere else I need to check?
>To Rich - I know they "won't" be able to do this but they can, and are.

Then the permissions aren't what you say they are.

Try using PFDAVADMIN and reset the permissions order.

MAPI arranges ACEs in the ACL in an order different to those in NTFS.
MAPI permissions are "deny,allow,deny,allow,deny,allow,. . . ", NTFS
are "deny,deny,deny,allow,allow,allow,..."

You don't offer much in the way of details as to the arrangement of
the permissions. Are the permissions given to a group or to an
individual? Are the individuals members of groups that have been given
perissions? Are groups members of other groups that have been given

In the "look but don't touch" category, hold down the Control key and
click the "Client permissions..." button on the folder. Perhaps the
more familiar "NTFS view" will help find the cause.
Rich Matheisen
MCSE+I, Exchange MVP