The following e-mail has reached me and if you ask so nicely, I owe you an answer:
Lieber Frank, ich hab folgendes Problem: User in unserer Exchange-Orga, sollen Ihren Adressbucheintrag nicht selbst anpassen können. Also die Bearbeitung von „Optionen – Allgemein – Mein Konto“, wo sie z.B. Adresse, Telefonnummer, etc. ändern könnten. Ich habe ganz dunkel in Erinnerung, dass man das über Policies unterbinden konnte, aber finde die Bohne keine Infos mehr dazu. :( Es wäre gaaaanz ganz ganz dolle lieb, wenn Du mir einen Tipp geben könntest
This means the following: Users can change some personal settings via OWA, for example address, telephone and mobile phone number:
In some environments, however, changing the data by the user can cause problems. For example, if the address is used for automatic e-mail signatures and the user enters their private address instead of their company address. The data that a user enters here is written to the Active Directory user object, which could therefore also confuse other applications that access the Active Directory:
However, it is easy to prevent users from changing their own data by simply changing the "Default Role Assignment Policy" accordingly:
The "MyContactInformation" option and its sub-items can now be deactivated within the "Default Role Assignment Policy":
The "" applies to all users. If an attempt is now made to change the user's own data, a message appears when saving that the user is not authorized to change their data:
While you're at it, you can also deactivate the uploading or changing of your own photo:
This function can also be switched off so that users do not upload any funny photos and these are also displayed in various other systems. The following command can be used for this purpose:
|
1
|
Set-OwaMailboxPolicy -Identity Default -SetPhotoEnabled:$false |
However, it must be noted here that the OwaMailboxPolicy is also assigned to the mailboxes. By default, no policy is assigned to the mailboxes:
The following command can be used to bind the OwaMailboxPolicy to a single mailbox:
|
1
|
Set-CASMailbox Frank -OwaMailboxPolicy default |
The following command can be used to bind the policy to all mailboxes:
|
1
|
Get-CASMailbox -ResultSize unlimited | Set-CASMailbox -OwaMailboxPolicy default |
For new mailboxes, it must therefore be ensured that the OwaMailboxPolicy is also assigned.
After the policy has been assigned, the button to change the photo no longer works:
