Avenging_Mikon posted:

Got a ticket to give a few people read-only access to a calendar used for that department's absences. It's set up as a disabled user with people being given access to the calendar. I've usually been handling thing by enabling the user, changing the password, logging in as the user, handing out the changes, then disabling the user again. Is that about the best way to handle that? Or is there some wonderful way to give calendar rights without logging in to the account?

rafikki posted:

Try a "test routing fib-lookup" from the cli with your vrouter and see if that helps clear it up.

Boogalo posted:

Powershell is your friend.

code:

Set-MailboxFolderPermission -Identity CalendarAccount:\Calendar -User UserNeedingAccess -AccessRights Reviewer

I think, or something like that. https://technet.microsoft.com/en-us/library/ff522363(v=exchg.160).aspx

Boogalo posted:

Powershell is your friend.

code:

Set-MailboxFolderPermission -Identity CalendarAccount:\Calendar -User UserNeedingAccess -AccessRights Reviewer

I think, or something like that. https://technet.microsoft.com/en-us/library/ff522363(v=exchg.160).aspx

SeaborneClink posted:

Yes. You use a Shared Mailbox named "PTO", put an auto-attendent on it and then people schedule their time out of the office on their own calendars like an adult.

The answer(s) you probably need.

A) You create a Shared Mailbox and delegate permissions exactly as you described by giving their departmental security group Editor access so that people can add, delete and edit their own events while retaining read-only access to everyone else's events booked on that calendar and they can book on a common calendar that they will cry and throw tantrums about because they can't get it on their cell phones.

B) You just change the permissions on the $OfficeManager[-3]'s calendar to grant Anonymous the Publishing Editor role.


C) You create a Public Folder calendar on SBS03 then mangle your way back up this list in reverse order until everyone in the company has some unique combination of permissions that grants some of them full Publishing Editor access but no read access to some small portion of the company's executive leadership, and Full Access with Send-As as well to the rest of board of directors emails.

In my hear of hearts I know you'll end up with the 3rd option

Sickening posted:

Basically my new company has a firewall setup that doesn't make sense.

Basically its ISP A is setup by a static route of 0.0.0.0 to go this ip/interface , exactly how I expect.
But ISP B is just a second 0.0.0.0 route of a different metric put pointing to another virtual router group B as the handoff. That virtual router group B has its own static route of of 0.0.0.0 that points back to the original virtual router group A.

This in my mind would just make ISP B never something that is going to work because its a loving loop. This is made more complicated that the guest wifi is in virtual router group B and works just fine despite this dumb static route entry that doesn't make sense.

(They aren't using Policy Based Forwarding if that also doesn't confuse things)


I will give this a shot.

Judge Schnoopy posted:

Are there Nat rules for specific vlans that get pushed to router group B's interface?

I can't imagine access rules would do it because the traffic would stop instead of pushing to another interface. But NAT can be used in... Unconventional ways on firewalls.

Avenging_Mikon posted:

Pretty sure we don't have SBS03. And gently caress, A sounds awesome. Too bad the calendar's already created as an individual user rather than a shared mailbox. I should look in to having that process updated.

nielsm posted:

Unless by "an individual user" you mean "a user account also belonging to a person" you can convert a user mailbox into a shared mailbox very easily:

code:

Set-Mailbox -Identity MailboxName -Type Shared

Or you can convert it to a Room or Resource type if it's a singular bookable location/object.
Convert all your shared mailboxes/calendars to real Shared (or resource) type, it makes several behaviors more reasonable and also lets you enable things like MessageCopyForSendAs.

Avenging_Mikon posted:

Pretty sure we don't have SBS03. And gently caress, A sounds awesome. Too bad the calendar's already created as an individual user rather than a shared mailbox. I should look in to having that process updated.

nielsm posted:

Unless by "an individual user" you mean "a user account also belonging to a person" you can convert a user mailbox into a shared mailbox very easily:

code:

Set-Mailbox -Identity MailboxName -Type Shared

Or you can convert it to a Room or Resource type if it's a singular bookable location/object.
Convert all your shared mailboxes/calendars to real Shared (or resource) type, it makes several behaviors more reasonable and also lets you enable things like MessageCopyForSendAs.

Sickening posted:

Yes, sorry, these are nat rules.

SeaborneClink posted:

A was intended to be one of the "please god don't do this!" answers

The correct answer was the first one.

Avenging_Mikon posted:

Got a ticket to give a few people read-only access to a calendar used for that department's absences

Boogalo posted:

Powershell is your friend.

code:

Set-MailboxFolderPermission -Identity CalendarAccount:\Calendar -User UserNeedingAccess -AccessRights Reviewer

Judge Schnoopy posted:

Do the configured routes clear anything up, either on the firewall or on the router group? And does the router group have separate NAT rules to change the traffic before it gets sent back to group A?

Don't know if I'm helping at all here. I'm more familiar with ASAs or Checkpoint, and most of my head-scratchers come from looking at NAT and Routes individually rather than combining them for the big picture of traffic flow.

Super Slash posted:

Something even cooler to do is make a security group for said department and mail enable it, hide from address book, drop in all relevant members, then give Editor/Whatever permissions for the calendar to said security group. Bingo now every one in that department can automatically cock around with that calendar with no fuss.

SeaborneClink posted:

It's still arguably permissible to also create the Shared Mailbox (please for fucks sake do not covert a user mailbox to a shared), and have people just add it as a Resource to their event if there must ABSOLUTELY be a master list of who is not in the office at a given time.

Converting in place doesn't strip non-essential attributes off of the user object. Future you is going to want to kill the poo poo out of past you when it's finally migration day. Just create a new attribute of the correct spec the first time. People are immutable for a reason, they shouldn't be able to transfigure into an Equipment Mailbox either.

Avenging_Mikon posted:

Okay Mr. Smartypants, given it's for a different department, and that the department's been using this user-mailbox for years, how do you propose to have a central calendar that shows the department's absences at a glance and is actually kept accurate? Hrm?

nielsm posted:

Can you elaborate on the evils caused by the procedure? Genuinely want to know because we have a shitton of shared mailboxes/resources that were created as user mailboxes originally (because nobody knew better), and we have converted a few as other requests about them came in.

duz posted:

Do we really need a web based lotus notes?

GnarlyCharlie4u posted:

A ticket came in: User wants to remove all appointments from a conference room calendar(resource) because we're going to renovate the space.
Cool. Let me just fire up powershell.
Hmmm... I wonder if there's a way to send out notifications that the appointment has been deleted. Let's google it!
Hmmm... nothing easy or immediately definitive, better call the user to see if that's a necessity before I finish this script.

After a brief conversation, I figured out that she was actually tasked with rescheduling all the appointments to other spaces during the renovation. That includes discussing each appointment with the booker and confirming that the new appointment is in an amenable space / time. NOT deleting them from that room being renovated. Lady, you don't know how close you were to pissing off a whole bunch of people. Nice job trying to pass your work off on me though!

Even after I explained that just deleting all the appointments is definitely not what she wants me to do. She then proceeded to ask me if there was a way for me to just move all the appointments to other calendars.
Look, I get that this is a poo poo task that you got stuck with, but gently caress if you think I'm gonna make this my problem.

dee eight posted:

Thanks Ants posted:

tactlessbastard posted:

Cross posting from PYF:

D. Ebdrup posted:

But since the user specifically mentioned in the ticket that they wanted to remove all appointments, isn't your rear end covered unless you're expected to fully and completely sanity-check everything your users do (in which case, no salary would be too high)?

SeaborneClink posted:

You mean like the Scheduling Assistant? Also I suggest telling people that keeping accurate accounting of their availability is an expectation of their continued employment?

The addendum about putting the PTO Calendar as the booked resource is as far as I know still within the realm of suggested best practices. You can turn off auto acceptance on the Auto Attendant if someone needs to go in and manually approve the events. You'd probably also need to override the conflict setting as well.

tactlessbastard posted:

Cross posting from PYF:

ConfusedUs posted:

Literally the best possible vanity plate.

anthonypants posted:

Oh? https://twitter.com/KevinKlaes/status/898232041837297672

anthonypants posted:

Oh? https://twitter.com/KevinKlaes/status/898232041837297672

anthonypants posted:

Oh? https://twitter.com/KevinKlaes/status/898232041837297672

SeaborneClink posted:

This can get really edge case rather quickly, dependent on how many dumb things someone or someones in your org done in the past, but the technical debt has already been spent so On account of that person used to be a person, they probably had auser@contoso.com, you'll need to change their primarySMTPAddress, emailAddress (did you remember to set SMTP: as well as smtp:), you'll probably also need to set a proxyAddress to get it to map correctly with 365.

Now we start asking the fun questions. Did someone once try to integrate Skype for Business, and they tried to replace every desk phone with the Skype soft phone as well? Are you still hauling around old extended attributes from that awful timekeeping integration someone tried to force on the company back in 2003? Does your print tracking software require a unique AD attribute for each user? Are you really certain that there is absolutely no one that has access to this person's old mailbox, not even through an inherited membership or recursive group? (Pro-tip this is nearly impossible to get to correct, even in Powershell)

For all the time you have to spend to actually convert a user account to a shared resource, it's always 100x easier to just create the correct resource in the first place, and export select calendar events by proper filtering and import into the new shared box.

Sefal posted:

I have the same experience as MF_James except that my mother is completely computer illiterate to the point she has trouble copy pasting stuff.
But it's my mother so I don't mind helping out. Whenever I need my family they are always there for me. So giving computer support is fine. I draw the line at extended family though.

iospace posted:

I originally posted that in AI

tactlessbastard posted:

Sorry

Malachite_Dragon posted:

My dad worked in IT for the first half of my life; he can do his own drat tech support

GnarlyCharlie4u posted:

Search your heart, what does it tell you?