The following e-mail has reached me and if you ask so nicely, I owe you an answer:
Dear Frank, I have the following problem: Users in our Exchange organization should not be able to change their address book entry themselves. This means editing "Options - General - My account", where they could change e.g. address, telephone number, etc.. I dimly remember that you could prevent this via Policies, but I can't find any more information about it. :( It would be very, very, very nice if you could give me a tip
This means the following: Users can change some personal settings via OWA, for example address, telephone and mobile phone number:
In some environments, however, changing the data by the user can cause problems. For example, if the address is used for automatic e-mail signatures and the user enters their private address instead of their company address. The data that a user enters here is written to the Active Directory user object, which could therefore also confuse other applications that access the Active Directory:
However, it is easy to prevent users from changing their own data by simply changing the "Default Role Assignment Policy" accordingly:
The "MyContactInformation" option and its sub-items can now be deactivated within the "Default Role Assignment Policy":
The "" applies to all users. If an attempt is now made to change the user's own data, a message appears when saving that the user is not authorized to change their data:
While you're at it, you can also deactivate the uploading or changing of your own photo:
This function can also be switched off so that users do not upload any funny photos and these are also displayed in various other systems. The following command can be used for this purpose:
| 1 | Set-OwaMailboxPolicy
-Identity
Default
-SetPhotoEnabled
:
$false
|
However, it must be noted here that the OwaMailboxPolicy is also assigned to the mailboxes. By default, no policy is assigned to the mailboxes:
The following command can be used to bind the OwaMailboxPolicy to a single mailbox:
| 1 | Set-CASMailbox
Frank
-OwaMailboxPolicy
default
|
The following command can be used to bind the policy to all mailboxes:
| 1 | Get-CASMailbox
-ResultSize
unlimited |
Set-CASMailbox
-OwaMailboxPolicy
default
|
For new mailboxes, it must therefore be ensured that the OwaMailboxPolicy is also assigned.
After the policy has been assigned, the button to change the photo no longer works:
Hallo Frank,
gibt es auch eine Möglichkeit, dass der User im OWA nur das Kennwort ändern kann und sonst nichts?
Am besten wäre es, dass der User die anderen Einträge / Einstellungen erst gar nicht sieht?
Bin schon mit Benutzerrollen und OWA Richtlinien in der ECP am ausprobieren, aber irgendwie werden immer alle Optionen im OWA angezeigt.
Hast Du eine Idee wie ich das lösen kann?
VG
Dirk
Hallo Frank,
kennst Du eine Möglichkeit, damit die Default OwaMailboxPolicy automatisch bei neuen Postfächern gesetzt wird?
Hallo Tom,
siehe hier:
https://www.frankysweb.de/exchange-2013-postfach-features-deaktivieren-scripting-agent/
Gruß,
Frank
Vielen Dank!
Danke, schön erklärt