We have a couple of requirements in our environment, firstly Admin users need access to all mailboxes, then all users need reviewer (Read only) access to everyone elses calendars.
To achieve this, I have the following powershell script scheduled to run overnight…
$userAccounts = get-mailbox -resultsize unlimited
ForEach ($user in $userAccounts)
{
Add-MailboxPermission -Identity $user -User "DOMAIN\Domain Admins" -AccessRights FullAccess
Add-MailboxFolderPermission -Identity ($user.UserPrincipalName + ":\Calendar") -User entire-company -AccessRights Reviewer
}
I initially tried using the ‘Default’ user for the calendar permissions, but this caused some odd results and errors in outlook, so I put that back to ‘AvailabilityOnly’ and used a mail-enabled active directory group that contained the whole company instead!
There might be a nicer way to set default mailbox permissions at the time of account creation, but I’ve yet to find this!