I need to make my resource reservation system (using Exchange 2010 calendars) available for external users. Edit: we have a resource that can be used by only one person at a time and we would like to allow our domain users to book this resource BUT we would like to allow people that hasn't any access to our domain to do the same thing.
The solution I'm thinking of is to create a mailbox which will be used by customers (they add the mailbox in a mail client) so that they can open the resource calendar and book it.
The problem I'm facing right now is that every domain account is part of the group Everyone which :
- has read access to every server of the domain
- can list the global address book
- can do a lot of things that is OK for any domain user but not for this external user account.
Note :
- I cannot use a shared mailbox because the people that should use this mailbox don't have any domain account
- I cannot simply disable the user object and keep the mailbox because this removes the possibility to use the mailbox
- If I remove the "domain user" group membership and add a new unused group the account stays in the Everyone group which has a lot of rights
How could one restrict a domain account access to everything except his mailbox and a resource calendar?