IT tutorials
 
Applications Server
 

Microsoft Exchange Server 2013 : Assignment policies

3/21/2014 9:45:26 PM
- Windows 10 Product Activation Keys Free 2019
- How to active Windows 8 without product key
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

So far, you have looked at direct assignment of roles to role groups by which users receive rights through their membership in the group that enable them to perform administrative operations such as viewing transport queues or conducting discovery searches. Every RBAC system needs a default policy to provide a basic set of functions that users can run. Exchange 2013 includes the concept of a management role assignment policy to enable users to perform certain functions that have to be performed by administrators in previous versions of Exchange. Table 1 lists the roles covered by the default role assignment policy, which is assigned automatically to an end user when his mailbox is created unless the administrator overrides it by specifying another role assignment policy or by changing the default role assignment policy. The role assignment policy specified for a mailbox can be changed at any time by running the Set-Mailbox cmdlet. For instance:

Table 1. User roles in default role assignment policy

Role

Use

Enabled by default

MyBaseOptions

Base option that allows end users to access Outlook Web App options

Y

MyContactInformation

Enables end users to update their phone and contact information

Y

MyProfileInformation

Enables end users to update their first name, last name, initials, and display name

N

MyVoiceMail

Enables end users to manage their voice mail options such as greetings

N

MyTextMessaging

Enables end users to manage options for text messaging

N

MyDistributionGroupMembership

Enables end users to manage their membership in distribution groups (list groups, leave groups, join new groups)

Y

MyDistributionGroups

Enables end users to create new groups and to manage the membership of groups they own

N

MyTeamMailboxes

Enables end users to manage team mailboxes they own

Y

MyMarketPlaceApps

Enables end users to add apps to Outlook Web App

Y

MyRetentionPolicies

Enables end users to select personal retention tags to apply to items in their mailbox

N

Set-Mailbox –Identity JSmith –RoleAssignmentPolicy 'New User Role Assignment Policy'

Note

End-user roles are different from management roles in that they only affect data relating to the end users, such as their personal information, or the distribution groups that include the end users. By comparison, management roles have a much broader scope in that they can affect data relating to other users or other components of Exchange.

A mailbox can have only one management role assignment policy. Individual mailboxes or groups of mailboxes can be assigned different management role assignment policies. You can use the following command to see the roles included in the default role assignment policy:

Get-ManagementRoleAssignment -RoleAssignee 'Default Role Assignment Policy'

If you want to check the roles assigned to a specific user through a role assignment policy, you can substitute the user’s name for the name of the assignment policy. For example:

Get-ManagementRoleAssignment -RoleAssignee 'Akers, Kim'

You can remove any of these roles from the default role assignment policy and thus make them unavailable to users through Outlook Web App options. For example, to remove the text messaging options from Outlook Web App options:

Remove-ManagementRoleAssignment 'MyTextMessaging-Default Role Assignment Policy'

Administrators can also change the default role assignment policy to make other options available to users. In addition, you have the flexibility to create a new role assignment policy and apply it to selected users to allow them access to a different set of tasks than is available to standard users. To set a new default role assignment policy:

Set-RoleAssignmentPolicy 'New End-User Default Role Assignment Policy' –IsDefault

Management role assignment policies are assigned with the New-Mailbox cmdlet or Enable-Mailbox cmdlet when you create a new user account or enable an existing account with a mailbox or with the Set-Mailbox cmdlet to change the policy for an existing mailbox. These assignments are explicit, whereas the assignment of the default policy is implicit. An explicit assignment always takes precedence over an implicit assignment. Here’s how you would assign an explicit policy to a mailbox:

Set-Mailbox –Identity 'Jack Jones' –RoleAssignmentPolicy 'VIP Users'

Sometimes it is useful to be able to process a group of users. For example, assume that you want to run a Unified Messaging pilot in just one office and want to enable the users in that office to update their voice mail settings through Outlook Web App options. The voice mail options are not enabled in the default policy, so you must create a new policy, assign the voice mail options to the policy, and then enable the policy for the mailboxes in the specific office. This set of commands does that. You create the policy, assign the necessary roles, including voice mail and the other roles users need to update their contact and personal information through Outlook Web App, and then assign the new role to all mailboxes that belong to the Chicago office:

New-RoleAssignmentPolicy –Name 'VoiceMail Pilot Users'
New-ManagementRoleAssignment –Role 'MyBaseOptions' –Policy 'VoiceMail Pilot Users'
New-ManagementRoleAssignment –Role 'MyVoiceMail' –Policy 'VoiceMail Pilot Users'
New-ManagementRoleAssignment –Role 'MyProfileInformation' –Policy 'VoiceMail Pilot Users'
New-ManagementRoleAssignment –Role 'MyContactInformation' –Policy 'VoiceMail Pilot Users'
Get-Mailbox –Filter {Office –eq 'Chicago'} | Set-Mailbox –RoleAssignmentPolicy 'VoiceMail Pilot Users'

Users will pick up the new management role assignment policy the next time they log on to Outlook Web App.

 
Others
 
- Microsoft Exchange Server 2013 : Role assignment (part 4) - Unscoped roles
- Microsoft Exchange Server 2013 : Role assignment (part 3) - Database scoping, Special roles
- Microsoft Exchange Server 2013 : Role assignment (part 2) - Creating roles for specific tasks, Specific scopes for role groups
- Microsoft Exchange Server 2013 : Role assignment (part 1) - Using role assignment policy to limit access
- Microsoft Exchange Server 2013 : Role group management
- Configuring Active Directory Server Roles : Administering Active Directory - Creating OUs
- Configuring Active Directory Server Roles : Administering Active Directory - Planning the OU Structure (part 2) - Delegating Administrative Control
- Configuring Active Directory Server Roles : Administering Active Directory - Planning the OU Structure (part 1) - Logical Grouping of Resources
- Configuring Active Directory Server Roles : Administering Active Directory - An Overview of OUs
- Configuring Active Directory Server Roles : Active Directory Rights Management Services
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS