Thursday, June 7, 2012

Disabling access to email, contacts and calendar for Subscriber Access in Exchange 2010

I was asked a few years ago back in the Exchange 2007 days whether it was possible to remove the mailbox functionality from a user but enable them for Unified Messaging so they could have voicemail and after doing a bit of research, I found that you actually can’t because in order to enable a user for UM, you had to enable them for email.  Fast forward to a few years later I have a client with Exchange 2010 who had a small group of users who, by company policy, should only have voicemail but not email and I was asked to prevent them from accessing their email’s inbox via the Unified Messaging Subscriber Access line.  Knowing that I’m bound to come across this again at some point, I thought it would be nice to blog it.

There are actually 2 ways of disabling access to certain mailbox features for users who dial into their Exchange UM’s subscriber access line.  First, the features that are available when a user dials in are as follows:

  • Voicemail
  • Email
  • Calendar
  • Personal contacts
  • Directory
  • Personal options

Other than the Voicemail and Personal options options, all of the other features can be disabled by one or the two of the following methods:

Method 1 – Disable features via per UM Mailbox level

The first method is to disable voicemail subscriber access features by a per UM mailbox level.  The drawback of using this method is that you’ll be executing this cmdlet on every user and you are only limited to disabling:

  • Email
  • Calendar

To execute this cmdlet, open up the Exchange Management Shell and type in the following:

To disable email access –> Set-UMMailbox -Identity “<Mailbox Name>” -TUIAccessToEmailEnabled $true

To disable calendar access –> Set-UMMailbox -Identity “<Mailbox Name>” -TUIAccessToCalendarEnabled $true

The following is an example for disabling Bradley Simons’ email access via the subscriber access line:

Set-UMMailbox -Identity "Simons, Bradley" -TUIAccessToEmailEnabled $true

Method 2 – Disable features via per UM Mailbox Policy

The second method to disable voicemail subscriber access features is through the use of a new UM Mailbox Policy.  The advantage of using another UM Mailbox Policy is that you can disable all of the following features:

  • Email
  • Calendar
  • Personal contacts
  • Directory

**Note that you can associate more than one UM Mailbox Policy to a dial plan.

Begin by creating a new UM Mailbox Policy and executed the following cmdlets to disable the features:

Set-UMMailboxPolicy -Identity "<UM Mailbox Policy Name>" -AllowTUIAccessToEmail $false

Set-UMMailboxPolicy -Identity "<UM Mailbox Policy Name>" –AllowTUIAccessToPersonalContacts $false

Set-UMMailboxPolicy -Identity "<UM Mailbox Policy Name>" -AllowTUIAccessToCalendar $false

Set-UMMailboxPolicy -Identity "<UM Mailbox Policy Name>" -AllowTUIAccessToDirectory $false

To assign users this UM Mailbox Policy, open up the Exchange Management Console, navigate to Recipient Configuration –> Mailbox:

image

Open up the user’s properties, click on the Mailbox Features tab then open up the properties of the Unified Messaging feature:

clip_image001

Click on the Browse button:

clip_image001[4]

… and choose the UM Mailbox Policy:

image

image

Click on the OK buttons to apply the changes.

1 comment:

@uribrown1 said...

Nice one mate! Lifesaver!