Sample Chapters from Microsoft Exchange

Sample Chapters from Microsoft Exchange

Configuring Mailbox Delivery Restrictions,

Permissions, and Storage Limits

You use mailbox properties to set delivery restrictions, permissions, and storage limits . To change these configuration settings for mailboxes, follow the techniques discussed in this section .

Setting Message Size restrictions for Contacts

You set message size restrictions for contacts in much the same way that you set size restrictions for users . Follow the steps listed in the next section .

Setting Message Size restrictions on Delivery to and from

Individual Mailboxes

Using the When The Size Of Any Attachment Is Greater Than Or Equal To Limit transport rule condition, you can set restrictions regarding the size of message attachments and specify what action to take if a message has an attachment that exceeds this limit . Sometimes, you need to set exceptions for specific users . For example, some users might need to be able to send large files as part of their job .

You set individual delivery restrictions by completing the following steps:

1.

Open the Properties dialog box for the mailbox-enabled user account by double-clicking the user name in the Exchange Management Console .

2.

On the Mail Flow Settings tab, double-click Message Size Restrictions .

As shown in Figure 6-6, you can now set the following send and receive

restrictions:

FIGURE 6-6

You can apply individual delivery restrictions on a per-user basis .

n

Sending Message Size Sets a limit on the size of messages the user can send . The value is set in kilobytes (KBs) . If an outgoing message exceeds the limit, the message isn’t sent and the user receives a non-delivery report (NDR) .

n

Receiving Message Size Sets a limit on the size of messages the user can receive . The value is set in KBs . If an incoming message exceeds the limit, the message isn’t delivered and the sender receives an NDR .

3.

Click OK . The restrictions that you set override the global default settings .

182 ChAPTEr 6

Mailbox Administration

Setting Send and receive restrictions for Contacts

You set message send and receive restrictions for contacts in the same way that you set these restrictions for users . Follow the steps listed in the next section .

Setting Message Send and receive restrictions on Individual

Mailboxes

By default, user mailboxes are configured to accept messages from anyone . To

override this behavior, you can do the following: n

Specify that only messages from the listed users, contacts, or groups be

accepted .

n

Specify that messages from specific users, contacts, or groups listed be

rejected .

n

Specify that only authenticated users—meaning users who have logged on to the Exchange system or the domain—be accepted .

You set message send and receive restrictions by completing the following steps:

1.

Open the Properties dialog box for the mailbox-enabled user account by double-clicking the user name in the Exchange Management Console .

2.

On the Mail Flow Settings tab, double-click Message Delivery Restrictions . As shown in Figure 6-7, you can now set message acceptance restrictions .

FIGURE 6-7

You can apply send and receive restrictions on messages on a per-user basis .

3.

If you want to ensure that messages are accepted only from authenticated users, select the Require That All Senders Are Authenticated check box .

Mailbox Administration

ChAPTEr 6 183

4.

To accept messages from all e-mail addresses except those on the reject list, under Accept Messages From, select All Senders .

5.

To specify that only messages from the listed users, contacts, or groups be accepted, select the Only Senders In The Following List option and then add acceptable recipients by following these steps:

Click Add to display the Select Recipient dialog box .

Select a recipient, and then click OK . Repeat as necessary .

tip

You can select multiple recipients at the same time. To select multiple recipients individually, hold down the Ctrl key and then click each recipient that you want to select. To select a sequence of recipients, select the first recipient, hold down the Shift key, and then click the last recipient.

6.

To specify that no recipients should be rejected, under Reject Messages

From, select No Senders .

7.

To reject messages from specific recipients, under Reject Messages From, select Senders In The Following List and then add unacceptable recipients by following these steps:

Click Add to display the Select Recipients dialog box .

Select a recipient, and then click OK . Repeat as necessary .

8.

Click OK .

Permitting Others to Access a Mailbox

Occasionally, users need to access someone else’s mailbox, and in certain situations, you should allow this . For example, if John is Susan’s manager and Susan is going on vacation, John might need access to her mailbox while she’s away . Another situation in which someone might need access to another mailbox is when you’ve set up special-purpose mailboxes, such as a mailbox for [email protected] .com or a mailbox for [email protected] .com .

You can grant permissions for a mailbox in two ways: n

You can grant access to a mailbox and its content .

n

You can grant the right to send messages as the mailbox owner .

If you want to grant access to a mailbox and its contents but not grant Send

As permissions, use the Manage Full Access Permission Wizard . In the Exchange

Management Console, right-click the mailbox you want to work with and then select Manage Full Access Permission . In the Manage Full Access Permission Wizard, click Add, and then use the Select User Or Group dialog box to choose the user or users who should have access to the mailbox . To revoke the authority to access the mailbox, select an existing user name in the Security Principal list box and then click

Remove . Click Manage to set the desired access permissions .

If you want to grant Send As permissions, use the Manage Send As Permission

Wizard . In the Exchange Management Console, right-click the mailbox you want

184 ChAPTEr 6

Mailbox Administration

to work with and then select Manage Send As Permission . In the Manage Send

As Permission Wizard, click Add, and then use the Select Recipient dialog box to choose the user or users who should have this permission . To revoke this permission, select an existing user name in the Security Principal list box and then click Remove .

Click Manage to set the desired Send As permissions .

In the Exchange Management Shell, you can use the Add-MailboxPermission and

Remove-MailboxPermission cmdlets to manage full access permissions . Samples 6-4 and 6-5 show examples of using these cmdlets . In these examples, the AccessRights parameter is set to FullAccess to indicate you are setting full access permissions on the mailbox .

SAMPLE 6-4

Adding full access permissions

Syntax

Add-MailboxPermission –Identity UserBeingGrantedPermission

–User UserWhoseMailboxIsBeingConfigured –AccessRights 'FullAccess'

Usage

Add-MailboxPermission –Identity

'CN=Jerry Orman,OU=Engineering,DC=cpandl,DC=com'

–User 'CPANDL\boba' –AccessRights 'FullAccess'

SAMPLE 6-5

Removing full access permissions

Syntax

Remove-MailboxPermission –Identity 'UserBeingGrantedPermission'

–User 'UserWhoseMailboxIsBeingConfigured' –AccessRights 'FullAccess'

–InheritanceType 'All'

Usage

Remove-MailboxPermission –Identity 'CN=Jerry Orman,

OU=Engineering,DC=cpandl,DC=com'

–User 'CPANDL\boba' –AccessRights 'FullAccess' –InheritanceType 'All'

If you want to allow another user to send messages as the mailbox owner, you can do this using the Manage Send As Permission Wizard . In the Exchange

Management Console, right-click the mailbox you want to work with and then select

Manage Send As Permission . In the Manage Send As Permission Wizard, click Add, and then use the Select User Or Group dialog box to choose the user or users who should have Send As permission on the mailbox . To revoke Send As permission, select an existing user name in the Security Principal list box and then click Remove .

Click Manage to set the desired access permissions .

Mailbox Administration

ChAPTEr 6 185

In the Exchange Management Shell, you can use the Add-ADPermission and

Remove-ADPermission cmdlets to manage Send As permissions . Samples 6-6 and

6-7 show examples using these cmdlets . In these examples, the ExtendedRights parameter is set to Send-As to indicate you are setting Send As permissions on the mailbox .

SAMPLE 6-6

Adding Send As permissions

Syntax

Add-ADPermission –Identity UserBeingGrantedPermission

–User UserWhoseMailboxIsBeingConfigured –ExtendedRights 'Send-As'

Usage

Add-ADPermission –Identity 'CN=Jerry

Orman,OU=Engineering,DC=cpandl,DC=com'

–User 'CPANDL\boba' –ExtendedRights 'Send-As'

SAMPLE 6-7

Removing Send As permissions

Syntax

Remove-ADPermission –Identity UserBeingRevokedPermission

–User UserWhoseMailboxIsBeingConfigured –ExtendedRights 'Send-As'

–InheritanceType 'All' –ChildObjectTypes $null

–InheritedObjectType $null -Properties $null

Usage

Remove-ADPermission –Identity 'CN=Jerry

Orman,OU=Engineering, DC=cpandl,DC=com'

–User 'CPANDL\boba' –ExtendedRights 'Send-As' –InheritanceType 'All'

–ChildObjectTypes $null –InheritedObjectTypes $null

-Properties $null

Note

Another way to grant access permissions to mailboxes is to do so through

Outlook. Using Outlook, you have more granular control over permissions. You can allow a user to log on as the mailbox owner, delegate mailbox access, and grant

various levels of access. For more information on this issue, see the “Accessing Multiple

Exchange Server Mailboxes” and “Granting Permission to Access Folders Without

Delegating Access” sections in Chapter 16.

Forwarding E-Mail to a New Address

Except when rights management prevents it, any messages sent to a user’s mailbox can be forwarded to another recipient . This recipient can be another user or a mailenabled contact . You can also specify that messages should be delivered to both the forwarding address and the current mailbox .

186 ChAPTEr 6

Mailbox Administration

To configure mail forwarding, follow these steps:

1.

Open the Properties dialog box for the mailbox-enabled user account by double-clicking the user name in the Exchange Management Console .

2.

On the Mail Flow Settings tab, double-click Delivery Options .

3.

To remove forwarding, in the Forwarding Address panel, clear the Forward

To check box .

4.

To add forwarding, select the Forward To check box and then click Browse .

Use the Select Recipient dialog box to choose the alternate recipient .

5.

If messages should go to both the alternate recipient and the current mailbox owner, select the Deliver Messages To Both Forwarding Address And

Mailbox check box . (See Figure 6-8 .) Click OK .

FIGURE 6-8

Using the Delivery Options dialog box, you can specify alternate recipients for mailboxes and deliver mail to the current mailbox as well .

Setting Storage restrictions on an Individual Mailbox

You can set storage restrictions on multiple mailboxes using global settings for each mailbox database or on individual mailboxes using per-user restrictions . Global

restrictions are applied when you create a mailbox and are reapplied when you

define new global storage restrictions . Per-user storage restrictions are set individually for each mailbox and override the global default settings .

Note

Storage restrictions apply only to mailboxes stored on the server. They don’t apply to personal folders. Personal folders are stored on the user’s computer.

Mailbox Administration

ChAPTEr 6 187

You’ll learn how to set global storage restrictions in Chapter 10, “Mailbox and

Public Folder Database Administration .” See the “Setting Mailbox Database Limits and Deletion Retention” section in that chapter .

You set individual storage restrictions by completing the following steps:

1.

Open the Properties dialog box for the mailbox-enabled user account by double-clicking the user name in the Exchange Management Console .

2.

On the Mailbox Settings tab, double-click Storage Quotas . This displays the

Storage Quotas dialog box, shown in Figure 6-9 .

FIGURE 6-9

Using the Storage Quotas dialog box, you can specify storage limits and

deleted item retention on a per-user basis when necessary .

3.

To set mailbox storage limits, in the Storage Quotas panel, clear the Use

Mailbox Database Defaults check box . Then set one or more of the following storage limits: n

Issue Warning At (MB) This limit specifies the size, in megabytes, that a mailbox can reach before a warning is issued to the user . The warning tells the user to clean out the mailbox .

n

Prohibit Send At (MB) This limit specifies the size, in megabytes, that a mailbox can reach before the user is prohibited from sending any new mail . The restriction ends when the user clears out the mailbox and the mailbox size is under the limit .

n

Prohibit Send And Receive At (MB) This limit specifies the size, in megabytes, that a mailbox can reach before the user is prohibited from sending and receiving mail . The restriction ends when the user clears out the mailbox and the mailbox size is under the limit .

CautioN

Prohibiting send and receive might cause the user to think they’ve lost e-mail. When someone sends a message to a user who is prohibited from receiving messages, an NDr is generated and delivered to the sender. The original recipient never sees the e-mail. Because of this, you should rarely prohibit send and receive.

4.

Click OK twice .

188 ChAPTEr 6

Mailbox Administration

Setting Deleted Item retention Time on Individual Mailboxes

Normally, when a user deletes a message in Microsoft Office Outlook, the message is placed in the Deleted Items folder . The message remains in the Deleted Items folder until the user deletes it manually or allows Outlook to clear out the Deleted

Items folder . With personal folders, the message is then permanently deleted and you can’t restore it . With server-based mailboxes, the message isn’t actually deleted from the Exchange database . Instead, the message is marked as hidden and kept for a specified period of time called the deleted item retention period .

Note

The standard processes can be modified in several different ways. A user could press Shift+Delete to bypass Deleted Items. As an administrator, you can create and apply policies that prevent users from deleting items (even if they try to use

Shift+Delete). You can also configure policy to retain items indefinitely.

Default retention settings are configured for each mailbox database in the organization . You can change these settings, as described in Chapter 10 in the “Setting

Mailbox Database Limits and Deletion Retention” section, or override the settings on a per-user basis by completing these steps:

1.

Open the Properties dialog box for the mailbox-enabled user account by double-clicking the user name in the Exchange Management Console .

2.

On the Mailbox Settings tab, double-click Storage Quotas . This displays the

Storage Quotas dialog box, shown previously in Figure 6-9 .

3.

In the Deleted Item Retention panel, clear the Use Mailbox Database Defaults check box .

4.

In the Keep Deleted Items For (Days) text box, enter the number of days to retain deleted items . An average retention period is 14 days . If you set the retention period to 0 and aren’t using policies that prevent deletion, messages aren’t retained and can’t be recovered . If you set the retention period to 0 but are using policies that prevent deletion, the messages are retained according to the established policies .

5.

You can also specify that deleted messages should not be permanently removed until the mailbox database has been backed up . This option ensures that the deleted items are archived into at least one backup set . Click OK twice .

Real WoRld

Deleted item retention is convenient because it allows the administrator the chance to salvage accidentally deleted e-mail without restoring a user’s mailbox from backup. I strongly recommend that you enable this setting, either in the mailbox database or for individual mailboxes, and configure the retention period accordingly.

Mailbox Administration

ChAPTEr 6 189

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement

Table of contents