How to configure permissions to update Outlook Web Access signatures and settings

Abstract

You wish to update Microsoft® Outlook Web Access (OWA) signatures & settings from the server. By default, Exclaimer Signature Manager updates the OWA signatures & settings from each client desktop computer using ExSync.exe. This 'server' method of signature deployment can be used if you have users who access their email only by OWA and rarely log on to your domain. Specific permissions are required for the user account used to update the signatures & settings. This also applies to Office 365.

Description

The permissions required vary depending on the version of Microsoft® Exchange your mailbox server is using:

• Microsoft® Exchange 2003 and Microsoft® Windows® Small Business Server 2003
• Microsoft® Exchange 2007 and Microsoft® Windows® Small Business Server 2008
• Microsoft® Exchange 2010, Microsoft® Exchange 2013 and Microsoft® Windows® Small Business Server 2011.
• Microsoft® Office 365

Please follow the steps in the appropriate subsequent section to setup the correct permissions.

Microsoft® Exchange 2003 and Microsoft® Windows® Small Business Server 2003

The user account used must have the 'Exchange Administrator' role. To achieve this, please follow these steps on a Microsoft® Exchange server in your organization:

1. Click Start, click All Programs, click Microsoft Exchange, and then click System Manager:
   
   


2. Right-click the organization or the Administrative Group where you want to delegate administrative permissions, and then click Delegate control:
   
   


3. The Exchange Administration Delegation Wizard starts, click Next.
4. On the Users or Groups page, click Add.
5. In the Delegate Control dialog box, click Browse.
6. In the Select Users, Computers, or Groups dialog box, click the appropriate location in the Look in box and click the name of the user that you wish to use:
   
   


7. Under Role in the Delegate Control dialog box, choose 'Exchange Administrator' and then click OK:
   
   


8. The user that you added appears in the Users and Groups list.
9. Click Next, and then click Finish.
10. The user account you wish to use now has the required permission.

Note: If you have multiple Administrative Groups you will need to repeat the steps above for each Administrative Group.

Microsoft® Exchange 2007 and Microsoft® Windows® Small Business Server 2008

The user account used must have the 'Store Admin' permission. To achieve this, please follow these steps:

1. Click Start, click All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Shell:
   
   


2. A black PowerShell window will appear. Enter the following command and press ENTER:
   
   Get-MailboxDatabase | Add-ADPermission -User -AccessRights ExtendedRight -ExtendedRights ms-Exch-Store-Admin
   (Replacing with the user account you wish to use.)
   


3. The user account you wish to use now has the required permission.

Microsoft® Exchange 2010, Microsoft® Exchange 2013 and Microsoft® Windows® Small Business Server 2011

1. Click Start, click All Programs, click Microsoft Exchange Server 2010/2013, and then click Exchange Management Shell:
   
   


2. A black PowerShell window will appear. Enter the following command and press ENTER:
   Get-MailboxDatabase | Add-ADPermission -User -AccessRights ExtendedRight -ExtendedRights ms-Exch-Store-Admin (Replacing with the user account you wish to use.)
   
   


3. Enter the following command and press ENTER:
   $ExchangeServer = Get-ExchangeServer | where {$_.IsClientAccessServer -eq $true} | where {$_.IsValid -eq $true} | where {$_.IsExchange2007OrLater -eq $true} | where { $_.AdminDisplayVersion.Major -ge 14 }
4. Enter the following command and press ENTER: $ExchangeServer | ForEach-Object { New-ManagementRoleAssignment -Role ApplicationImpersonation -User (Get-User -Identity "<username>" | select-object).identity } (Replacing with the user account you wish to use.)
   
   
5. Close the PowerShell window.
6. The user account you wish to use now has the required permission.

Microsoft® Office 365

1. Run the following Powershell script:
   

   $credential = (get-credential)    

When prompted, please enter account details for an Office 365 administrator.




2. Run the following Powershell script:
   

   Import-PSSession (New-PSSession -ConfigurationName Microsoft.Exchange -Credential $credential -ConnectionURI https://ps.outlook.com/powershell -Authentication Basic -AllowRedirection) -AllowClobber    

3. Log on using an Office 365 administrator account and enter the following command:
   

   New-ManagementRoleAssignment -Role ApplicationImpersonation -User (Get-User -Identity "EMAIL ADDRESS" | Select-Object).Identity    

   Replace "EMAIL ADDRESS" with the email address of the account you would like to use for the OWA signature updates on Office 365.