One of my users needs to share several dozen existing folders in her mailbox. Setting the permission on each one will take a lot of clicks, but she doesn't want to share the entire mailbox. Is there a tool that will let me change the permissions on multiple folders in a mailbox with a single command?

Microsoft does provide such a tool: the Microsoft Exchange Server Public Folder DAV-based Administration Tool (PFDavAdmin). Information about the latest version of this tool, which works with both Exchange Server 2003 and Exchange 2000 Server, is available at http://www.microsoft.com/ technet/prodtechnol/exchange/2003/articles/tooleasmobadminpfdav.mspx. Despite its name, PFDavAdmin can change access control entries (ACEs) on mailbox folders as well as public folders. (For information about using the tool with public folders, see the Web-exclusive article "PFDavAdmin: Using WebDAV to Modify Public Folders," June 2004, InstantDoc ID 43132.) PFDavAdmin requires the Windows .NET Framework 1.1.

To download the tool, go to http://www.microsoft.com/downloads/details.aspx?FamilyID=635BE792-D8AD-49E3-ADA4-E2422C0AB424. When you run the download file, you'll see a prompt showing the default folder in which the application will be installed. Within that parent folder, you'll see a new folder named PFDAVAdmin, which will contain both pfdavadmin.exe and an 18-page pfdavadmin.doc file of instructions for the many operations the tool can perform.

Let's walk through the solution to your problem. The PFDAVAdmin feature that lets you set permissions can work on a single folder or can propagate-permissions from one folder to all its subfolders. To make the job easy, the user should organize all the folders that need the same permissions into one hierarchy so that an administrator can assign the desired permissions to the top-level folder of that hierarchy. For example, the user might create a top-level folder named Shared in her mailbox and put all the folders she needs to share into that folder. Then, you can run pfdavadmin .exe and follow these steps:

  1. Choose File, Connect.
  2. In the Connect dialog box, provide the names of the Exchange server and Global Catalog (GC) server and authentication information for a user account that has Full Access permission to the mailbox.
  3. Under Connection, select Specified mailbox and enter the URL that you'd typically use with Outlook Web Access (OWA) to access the mailbox (i.e., http://Servername/ exchange/MailboxName). Click OK to connect.
  4. In the main PFDAVAdmin window, the URL should appear with a plus (+) sign next to it. Click the + to expand the mailbox folders. If an error appears saying that the folders could not be expanded, check the mailbox permissions and alias and try again.
  5. To view the permissions on the Shared folder, right-click it, then choose Folder Permissions. Figure 1 shows specific permissions for a user named donnal, plus the anonymous and default (\Everyone) entities, each with the None role. (You might not see an entry for \Everyone if default permissions were never set for this folder.)
  6. To copy those permissions to the Project A, Project B, and Project C folders and their subfolders, rightclick the Shared folder again and choose Propagate Folder ACEs.
  7. In the Propagate ACEs dialog box, which Figure 2 shows, select the permissions you want to propagate, select Add/replace, then click OK.

PFDAVAdmin will display a progress report listing each folder whose permissions have been changed. You can get more detailed logging by choosing Tools, Options from the main PFDAVAdmin window.