Managing Accounts With Group Policy
Hello,I have a question for you Exchange gurus. I’m a relative newbie at Exchange, but have worked with Exchange admins at different clients to accommodate my needs.
Here is my need. I have several domain service accounts that need to be able to send both internal and external email messages; primarily SQL Server accounts, but not exclusively. I absolutely do not want these accounts to be able to receive any messages. Not internal; not external. I was looking at Exchange’s Server Manager and do not see an obvious way to configure this.
I’ve seen the options to restrict mail box size, but that seems like a back door way to manage this. I’ve seen options to restrict sending, or sending and receiving of messages, but nothing the just restricts receiving.
Ideally, I would like to configure a setup where I could put these service accounts in an AD group or AD OU and use group policy to manage this restriction. Is that reasonable? What would be considered a best practice?
Thanks,
Greg Wilkerson
February 25th, 2010 4:45am
Not sure which version of Exchange you are using but you can set a delivery restriction to "accept messages only from" and then leave it blank or put your own account there.http://technet.microsoft.com/en-us/library/bb397214.aspx (for Exchange 2010... similar in 2007 For 2003 it's under Active Directory Users and Computers.)You could also put in a transport rule to drop messages to these mailboxes, if you want to manage it all in one place.
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2010 6:59am
Exchange 2003 on Windows Server 2003 is the environment. I'll look at that article. I'm not sure what you mean by "transport rule", but I'll look that up.Thanks.Greg
February 26th, 2010 4:50am
Hi,I think we can try to set an invalid email address on user properties- "Message restrictions"-"accept messages"-"only from"Besides, please try to create a e-mail address policy to prevent user to recieve e-mail.Detail steps you can refer to the article below:How to selectively prevent users from sending or receiving Internet e-mail in Exchange Server 2003 or in Exchange 2000 Serverhttp://support.microsoft.com/kb/924635Regards,Xiu
Free Windows Admin Tool Kit Click here and download it now
February 26th, 2010 12:17pm
I can understand wanting to do this, but speaking as an Exchange Admin, I will tell you that this is bad practice and something I discourage. I have seen far too many cases where a scripted process was either mis-configured, or the intended recipient's emails address changed or became undeliverable, and it should have been corrected but no one knew it was happening because nobody ever saw the NDR's.If there is no return path on the emails, then any email it sends that is undeliverable becomes a "double bounce". The email is undeliverable, and so is the resulting delivery failure notification.
February 26th, 2010 3:45pm
Excellent point. I hadn't thought about a double bounce. Hmm. More to think about. I would want to know about delivery failures. Other than not knowing of the delivery failure, is there any other harm?Thank you.
Free Windows Admin Tool Kit Click here and download it now
February 26th, 2010 8:13pm
No other harm that I know of.
February 26th, 2010 8:31pm