Set-ActiveSyncMailboxPolicy

 

Applies to: Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

The Set-ActiveSyncMailboxPolicy cmdlet enables you to apply a variety of mailbox policy settings to a server. You can set any of the parameters by using one command.

Syntax

set-ActiveSyncMailboxPolicy -Identity <MailboxPolicyIdParameter> [-AllowBluetooth <Disable | HandsfreeOnly | Allow>] [-AllowBrowser <$true | $false>] [-AllowCamera <$true | $false>] [-AllowConsumerEmail <$true | $false>] [-AllowDesktopSync <$true | $false>] [-AllowExternalDeviceManagement <$true | $false>] [-AllowHTMLEmail <$true | $false>] [-AllowInternetSharing <$true | $false>] [-AllowIrDA <$true | $false>] [-AllowNonProvisionableDevices <$true | $false>] [-AllowPOPIMAPEmail <$true | $false>] [-AllowRemoteDesktop <$true | $false>] [-AllowSimpleDevicePassword <$true | $false>] [-AllowSMIMEEncryptionAlgorithmNegotiation <BlockNegotiation | OnlyStrongAlgorithmNegotiation | AllowAnyAlgorithmNegotiation>] [-AllowSMIMESoftCerts <$true | $false>] [-AllowStorageCard <$true | $false>] [-AllowTextMessaging <$true | $false>] [-AllowUnsignedApplications <$true | $false>] [-AllowUnsignedInstallationPackages <$true | $false>] [-AllowWiFi <$true | $false>] [-AlphanumericDevicePasswordRequired <$true | $false>] [-ApprovedApplicationList <ApprovedApplicationCollection>] [-AttachmentsEnabled <$true | $false>] [-Confirm [<SwitchParameter>]] [-DeviceEncryptionEnabled <$true | $false>] [-DevicePasswordEnabled <$true | $false>] [-DevicePasswordExpiration <Unlimited>] [-DevicePasswordHistory <Int32>] [-DevicePolicyRefreshInterval <Unlimited>] [-DomainController <Fqdn>] [-IsDefaultPolicy <$true | $false>] [-MaxAttachmentSize <Unlimited>] [-MaxCalendarAgeFilter <All | TwoWeeks | OneMonth | ThreeMonths | SixMonths>] [-MaxDevicePasswordFailedAttempts <Unlimited>] [-MaxEmailAgeFilter <All | OneDay | ThreeDays | OneWeek | TwoWeeks | OneMonth>] [-MaxEmailBodyTruncationSize <Unlimited>] [-MaxEmailHTMLBodyTruncationSize <Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>] [-MinDevicePasswordComplexCharacters <Int32>] [-MinDevicePasswordLength <Nullable>] [-Name <String>] [-PasswordRecoveryEnabled <$true | $false>] [-RequireDeviceEncryption <$true | $false>] [-RequireEncryptedSMIMEMessages <$true | $false>] [-RequireEncryptionSMIMEAlgorithm <TripleDES | DES | RC2128bit | RC264bit | RC240bit>] [-RequireManualSyncWhenRoaming <$true | $false>] [-RequireSignedSMIMEAlgorithm <SHA1 | MD5>] [-RequireSignedSMIMEMessages <$true | $false>] [-RequireStorageCardEncryption <$true | $false>] [-UnapprovedInROMApplicationList <MultiValuedProperty>] [-UNCAccessEnabled <$true | $false>] [-WhatIf [<SwitchParameter>]] [-WSSAccessEnabled <$true | $false>]

set-ActiveSyncMailboxPolicy [-AllowBluetooth <Disable | HandsfreeOnly | Allow>] [-AllowBrowser <$true | $false>] [-AllowCamera <$true | $false>] [-AllowConsumerEmail <$true | $false>] [-AllowDesktopSync <$true | $false>] [-AllowExternalDeviceManagement <$true | $false>] [-AllowHTMLEmail <$true | $false>] [-AllowInternetSharing <$true | $false>] [-AllowIrDA <$true | $false>] [-AllowNonProvisionableDevices <$true | $false>] [-AllowPOPIMAPEmail <$true | $false>] [-AllowRemoteDesktop <$true | $false>] [-AllowSimpleDevicePassword <$true | $false>] [-AllowSMIMEEncryptionAlgorithmNegotiation <BlockNegotiation | OnlyStrongAlgorithmNegotiation | AllowAnyAlgorithmNegotiation>] [-AllowSMIMESoftCerts <$true | $false>] [-AllowStorageCard <$true | $false>] [-AllowTextMessaging <$true | $false>] [-AllowUnsignedApplications <$true | $false>] [-AllowUnsignedInstallationPackages <$true | $false>] [-AllowWiFi <$true | $false>] [-AlphanumericDevicePasswordRequired <$true | $false>] [-ApprovedApplicationList <ApprovedApplicationCollection>] [-AttachmentsEnabled <$true | $false>] [-Confirm [<SwitchParameter>]] [-DeviceEncryptionEnabled <$true | $false>] [-DevicePasswordEnabled <$true | $false>] [-DevicePasswordExpiration <Unlimited>] [-DevicePasswordHistory <Int32>] [-DevicePolicyRefreshInterval <Unlimited>] [-DomainController <Fqdn>] [-Instance <MobileMailboxPolicy>] [-IsDefaultPolicy <$true | $false>] [-MaxAttachmentSize <Unlimited>] [-MaxCalendarAgeFilter <All | TwoWeeks | OneMonth | ThreeMonths | SixMonths>] [-MaxDevicePasswordFailedAttempts <Unlimited>] [-MaxEmailAgeFilter <All | OneDay | ThreeDays | OneWeek | TwoWeeks | OneMonth>] [-MaxEmailBodyTruncationSize <Unlimited>] [-MaxEmailHTMLBodyTruncationSize <Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>] [-MinDevicePasswordComplexCharacters <Int32>] [-MinDevicePasswordLength <Nullable>] [-Name <String>] [-PasswordRecoveryEnabled <$true | $false>] [-RequireDeviceEncryption <$true | $false>] [-RequireEncryptedSMIMEMessages <$true | $false>] [-RequireEncryptionSMIMEAlgorithm <TripleDES | DES | RC2128bit | RC264bit | RC240bit>] [-RequireManualSyncWhenRoaming <$true | $false>] [-RequireSignedSMIMEAlgorithm <SHA1 | MD5>] [-RequireSignedSMIMEMessages <$true | $false>] [-RequireStorageCardEncryption <$true | $false>] [-UnapprovedInROMApplicationList <MultiValuedProperty>] [-UNCAccessEnabled <$true | $false>] [-WhatIf [<SwitchParameter>]] [-WSSAccessEnabled <$true | $false>]

Detailed Description

The Set-ActiveSyncMailboxPolicy cmdlet enables you to set each parameter in a mailbox policy. You can set any of the parameters by using one command.

To run the Set-ActiveSyncMailboxPolicy cmdlet, the account you use must be delegated the Exchange Organization Administrator role.

For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxPolicyIdParameter

This parameter specifies the Exchange ActiveSync mailbox policy.

Name

Required

System.String

This parameter specifies the name of the policy.

AllowBluetooth

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.BluetoothType

This parameter specifies whether the Bluetooth capabilities of the mobile device are allowed. The available options are Disable, HandsfreeOnly, and Allow. The default value is Allow.

AllowBrowser

Optional

System.Boolean

This parameter indicates whether Pocket Internet Explorer is allowed on the mobile device. The default value is $true. This parameter does not affect third-party browsers.

AllowCamera

Optional

System.Boolean

This parameter indicates whether the mobile device's camera is allowed. The default value is $true.

AllowConsumerEmail

Optional

System.Boolean

This parameter indicates whether the mobile device user can configure a personal e-mail account on the device. The default value is $true.

AllowDesktopSync

Optional

System.Boolean

This parameter specifies whether the mobile device can synchronize with a desktop computer through a cable. The default value is $true.

AllowExternalDeviceManagement

Optional

System.Boolean

This parameter specifies whether an external device management program is allowed to manage the device.

AllowHTMLEmail

Optional

System.Boolean

This parameter specifies whether HTML e-mail is enabled on the device. The default value is $true.

AllowInternetSharing

Optional

System.Boolean

This parameter specifies whether the mobile device can be used as a modem to connect a computer to the Internet. The default value is $true.

AllowIrDA

Optional

System.Boolean

This parameter specifies whether infrared connections are allowed to the mobile device. The default value is $true.

AllowNonProvisionableDevices

Optional

System.Boolean

When set to $true, this parameter enables all devices to synchronize with the computer that is running Exchange 2007, regardless of whether the device can enforce all the specific settings that are established in the Exchange ActiveSync policy. This also includes devices that are managed by a separate device management system. When set to $false, this parameter blocks these non-provisionable devices from synchronizing with the Exchange 2007 server. The default value is $false.

AllowPOPIMAPEmail

Optional

System.Boolean

This parameter specifies whether the user can configure a POP3 or IMAP4 e-mail account on the device. The default value is $true.

AllowRemoteDesktop

Optional

System.Boolean

This parameter specifies whether the mobile device can initiate a remote desktop connection. The default value is $true.

AllowSimpleDevicePassword

Optional

System.Boolean

This parameter specifies whether a simple device password is allowed. A simple device password is a password that has a specific pattern, such as 1111 or 1234. The default value is $true.

AllowSMIMEEncryptionAlgorithmNegotiation

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.SMIMEEncryptionAlgorithmNegotiationType

This parameter specifies whether the messaging application on the device can negotiate the encryption algorithm in case a recipient's certificate does not support the specified encryption algorithm.

AllowSMIMESoftCerts

Optional

System.Boolean

This parameter specifies whether S/MIME software certificates are allowed. The default value is $true.

AllowStorageCard

Optional

System.Boolean

This parameter specifies whether the device can access information that is stored on a storage card. The default value is $true.

AllowTextMessaging

Optional

System.Boolean

This parameter specifies whether text messaging is allowed from the device. The default value is $true.

AllowUnsignedApplications

Optional

System.Boolean

This parameter specifies whether unsigned applications can be installed on the device. The default value is $true.

AllowUnsignedInstallationPackages

Optional

System.Boolean

This parameter specifies whether unsigned installation packages can be executed on the device. The default value is $true.

AllowWiFi

Optional

System.Boolean

This parameter specifies whether wireless Internet access is allowed on the device. The default value is $true.

AlphanumericDevicePasswordRequired

Optional

System.Boolean

This parameter specifies that the device password must be alphanumeric. The default value is $false.

ApprovedApplicationList

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.ApprovedApplicationCollection

This parameter contains a list of approved applications for the device.

AttachmentsEnabled

Optional

System.Boolean

When set to $false, this parameter blocks the user from downloading attachments. The default value is $true.

Confirm

Optional

System.Management.Automation.SwitchParameter

This parameter causes the command to pause processing and requires that the administrator acknowledge what the command will do before processing continues. The default value is $true.

DeviceEncryptionEnabled

Optional

System.Boolean

This parameter, when set to $true, enables device encryption on the mobile device. The default value is $false. Currently, only the storage card can be encrypted on devices running Windows Mobile 6.0. We recommend that you do not use this setting and use the RequireStorageCardEncryption parameter instead.

DevicePasswordEnabled

Optional

System.Boolean

When set to $true, this parameter requires that the user set a password for the device. The default value is $false.

DevicePasswordExpiration

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the length of time, in days, that a password can be used. After this length of time, a new password must be created. The format of the parameter is dd.hh.mm:ss, for example, 24.00:00 = 24 hours.

DevicePasswordHistory

Optional

System.Int32

This parameter specifies the number of previously-used passwords to store. When a user creates a new password, the user cannot reuse a stored password that was previously used.

DevicePolicyRefreshInterval

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies how often the policy is sent from the server to the device.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

This parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to the Active Directory directory service.

Instance

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.MobileMailboxPolicy

This parameter specifies the instance of the Exchange ActiveSync mailbox policy.

IsDefaultPolicy

Optional

System.Boolean

This parameter specifies whether this policy is the default Exchange ActiveSync mailbox policy. The default value is $false. If another policy is currently set as the default, setting this parameter will replace the old default policy with this policy.

MaxAttachmentSize

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the maximum size of attachments that can be downloaded to the mobile device. The default value is Unlimited.

MaxCalendarAgeFilter

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.CalendarAgeFilterType

This parameter specifies the maximum range of calendar days that can be synchronized to the device. The value is specified in days.

MaxDevicePasswordFailedAttempts

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the number of attempts a user can make to enter the correct password for the device. You can enter any number between 4 and 16. The default value is 8.

MaxInactivityTimeDeviceLock

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the length of time that the device can be inactive before the password is required to reactivate the device. You can enter any interval between 30 seconds and 1 hour. The default value is 15 minutes. The format of the parameter is hh.mm:ss, for example, 15:00 = 15 minutes.

MinDevicePasswordLength

Optional

System.Nullable

This parameter specifies the minimum number of characters in the device password. You can enter any number between 1 and 16. The maximum length a password can be is 16 characters. The default value is 4.

MaxEmailAgeFilter

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.EmailAgeFilterType

This parameter specifies the maximum number of days of e-mail items to synchronize to the device. The value is specified in days.

MaxEmailBodyTruncationSize

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the maximum size at which e-mail messages are truncated when synchronized to the device. You must specify the value in kilobytes (KB). For example, if you want to set the value to 4 kilobytes, type 4kb or 4096.

MaxEmailHTMLBodyTruncationSize

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the maximum size at which HTML-Formatted e-mail messages are synchronized to the device. You must specify the value in kilobytes (KB). For example, if you want to set the value to 4 kilobytes, type 4KB or 4096.

MinDevicePasswordComplexCharacters

Optional

System.Int32

This parameter specifies the minimum number of complex characters required in a device password. A complex character is not a letter.

Name

Optional

System.String

This parameter specifies the name of the Exchange ActiveSync mailbox policy.

PasswordRecoveryEnabled

Optional

System.Boolean

When set to $true, this parameter enables you to store the recovery password for the device on an Exchange server. The default value is $false. The recovery password can be viewed from either Office Outlook Web Access or the Exchange Management Console.

RequireDeviceEncryption

Optional

System.Boolean

This parameter specifies whether encryption is required on the device. The default value is $false.

RequireEncryptedSMIMEMessages

Optional

System.Boolean

This parameter specifies whether you must encrypt S/MIME messages. The default value is $false.

RequireEncryptionSMIMEAlgorithm

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.EncryptionSMIMEAlgorithmType

This parameter specifies what required algorithm must be used when encrypting a message.

RequireManualSyncWhenRoaming

Optional

System.Boolean

This parameter specifies whether the device must synchronize manually while roaming. The default value is $false.

RequireSignedSMIMEAlgorithm

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.SignedSMIMEAlgorithmType

This parameter specifies what required algorithm must be used when signing a message.

RequireSignedSMIMEMessages

Optional

System.Boolean

This parameter specifies whether the device must send signed S/MIME messages.

RequireStorageCardEncryption

Optional

System.Boolean

This parameter specifies whether encryption of a storage card is required. The default value is $true.

UnapprovedInROMApplicationList

Optional

Microsoft.Exchange.Data.MultiValuedProperty

This parameter contains a list of applications that cannot be run in ROM.

UNCAccessEnabled

Optional

System.Boolean

This parameter specifies whether access to Windows file shares is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.

WhatIf

Optional

System.Management.Automation.SwitchParameter

This parameter instructs the command to simulate the actions that it would take on the object. By using the WhatIf parameter, the administrator can view what changes would occur without having to apply any of those changes. The default value is $false.

WSSAccessEnabled

Optional

System.Boolean

This parameter specifies whether access to Windows SharePoint Services is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.

Note   Some Exchange ActiveSync policy settings require the mobile device to have certain built-in features that enforce these security and device management settings. If your organization allows all devices, you must set the AllowNonProvisionableDevices parameter to $true. This includes devices that cannot enforce all policy settings. When you run a cmdlet to set the size, the values that are available on a device are based on the predefined size in the Exchange ActiveSync Mailbox Policies. The predefined size can be one or more of the following:

  • Headers Only (This is the default setting.)

  • 2KB

  • 5KB

  • 20KB

  • 50KB

For example, if you run the Set-ActiveSyncMailboxPolicy -id "<Policy_ID>" –MaxEmailHTMLBodyTruncationSize 4KB cmdlet, the option of setting the message size on the device to Headers Only and 2KB may be available. However, the 4KB option is not available.

The following list describes the predefined size that may be set in Exchange ActiveSync mailbox policies and the corresponding values that are available on the device:

  • If the MaxEmailHTMLBodyTruncationSize is set to unlimited in the policy, the full list of predefined sizes is available.

  • If the MaxEmailHTMLBodyTruncationSize is set to less than 2048, the Headers Only option is the only value available.

  • If the MaxEmailHTMLBodyTruncationSize is set to greater than or equal to 2048 but less than 5120, the Headers Only and 2KB options are the only values available.

  • If the MaxEmailHTMLBodyTruncationSize is set to greater than or equal to 5120 but less than 8192, the Headers Only, 2KB, and 5KB options are the only values available.

  • If the MaxEmailHTMLBodyTruncationSize is set to greater than or equal to 8192 but less than 20480, the Headers Only, 2KB, 5KB, and 8KB options are the only values available.

  • If the MaxEmailHTMLBodyTruncationSize is set to greater than or equal to 20480 but less than 51200, the Headers Only, 2KB, 5KB, 8KB, and 20KB options are the only values available.

  • If the MaxEmailHTMLBodyTruncationSize is set to greater than or equal to 51200, the Headers Only, 2KB, 5KB, 8KB, 20KB, and 50KB options are available.

Input Types

Return Types

Errors

Error Description

 

 

Exceptions

Exceptions Description

 

 

Example

The following code example sets several policy settings for the Exchange ActiveSync policy named SalesPolicy.

Set-ActiveSyncMailboxPolicy -Name:"SalesPolicy" -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -MaxEmailAgeFilter:5 -AllowWiFi:$falst -AllowStorageCard: $true -AllowPOPIMAPEmail:$falseComments