Result, people could make unauthorized copies of their mailboxes on their home PCs and laptops.
Exchange 2007 SP1 and later has a great feature of disabling outlook anywhere access per user basis.
It is a very simple process of running few commands in powershell and the administrator is done with the configuration. Lets take a look:
To enable outlook anywhere for a single user:
Get-Mailbox –Identity "username" | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$False
To disable outlook anywhere for a single user:
Get-Mailbox –Identity "username" | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True
To enable it for all users:
Get-Mailbox –ResultSize Unlimited | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$False
To disable it for all users:
Get-Mailbox –ResultSize Unlimited | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True
To enable it for multiple users only:
- Identify the user who need to be blocked access to Outlook Anywhere.
- Make a list of all such user’s user accounts.
- Put it in a simple text file as below:
User2
User3
- Now save this text file to any location you want with name Mailboxes.txt. For example D:Mailboxes.txt
- Simply run the script below.
Foreach ($Mailbox in $Mailboxes)
{
Set-CASMailbox -Identity $Mailbox -MAPIBlockOutlookRpcHttp:$false -Verbose
}
To disable it for multiple users only:
- Identify the user who need to be blocked access to Outlook Anywhere.
- Make a list of all such user’s user accounts.
- Put it in a simple text file as below:
User2
User3
- Now save this text file to any location you want with name Mailboxes.txt. In my case it is D:Mailboxes.txt
- Simply run the script below.
Foreach ($Mailbox in $Mailboxes)
{
Set-CASMailbox -Identity $Mailbox -MAPIBlockOutlookRpcHttp:$true -Verbose
}
Source
I know this is an old post, but there is still a lot of Exchange 2007 servers out there in service and even new Exchange 2007 servers being brought into service. I did a migration for a client from 2003 to 2007 just this weekend. So as a note of caution in regards to the security of email with this command. If you Outlook Anywhere enabled, once a user connects, and downloads their mail with Cached Exchange Mode enabled, running Get-Mailbox –Identity "username" | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True will not block them from access to the Outlook Cached email and in fact will continue to connect them to the mail server for new mail. The command will only stop them from connecting to the directory. That said, if you set up a new user, then run Get-Mailbox –Identity "username" | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True they will not be able to connect to the directory and so will not be able to access their mail for the initial download of cache. I tested these commands 6 ways from Sunday and that is the hole I found. Outlook and Exchange are a flakey couple.
ReplyDelete