Restricting Internal Mail
Hi, I have a Windows 2003 domain with Exchange 2003. I work in a school where both Students & Staff have Exchange E-Mail accounts. I would like to restrict pupils from being able to e-mail staff, but I don't want to have to set it as an individual permission on all 1200 student accounts. Can anyone give me any ideas on how I can achieve this. If it helps, Pupils have there own OU in AD as do Staff, Students have there own mailbox store, as do Staff. Any ideas?Thanks
January 15th, 2007 11:31pm
First,download admodify toolhttp://www.microsoft.com/technet/prodtechnol/exchange/2003/insider/admodifynet.mspxthis tool can help you change a large number ad user account attribute at once.
Secondly,create pupils universal or global distribution group and add all students be a members.
By default,all user accept messages from everyone,you can change Staff accountwith admodify tool to "from everyone except" and add pupils distribution group.
NOTE:This configuration may cause exchange slow delivery performance,more information please reference this kb article Mail delivery is slow after you configure delivery restrictions that are based on a distribution list
Free Windows Admin Tool Kit Click here and download it now
January 16th, 2007 6:11am
Thanks for the reply, I already had the ADModify tool but there is nothing of use (that I can see) on the 'Tab' for Exchange General' which is where I would normally set the 'Accept Message from Everyone Except'. I have checked the other tabs and this feature does not appear on any of them. When ADModify first fires up I am selecting 'Change Attributes', is this correct?
Thanks
Dalton
January 18th, 2007 12:30pm
I'm guessing this is just technically not possible as nobody appears to be able to help me
Free Windows Admin Tool Kit Click here and download it now
January 22nd, 2007 3:21pm
I'm sorry,you are right. The ADModify tool not provide this option to change.
But I find out the attributes "unauthOrig" is same the option,maybe you can use script modify that.
January 23rd, 2007 5:37am
Dalton, I had to do this as well. In our organization we have only a select number of people that are able to send or recieve external e-mail messages. Anyone who can not send messages outside of the company has an address of @fakedomain.local. I then went into "Organization Configureation" and "Hub Transport" and create a transport rule that says:
Apply rule to messageswhen the From address contains fakedomainsend Delivery not authorized, messages refused to sender with 5.7.1 and silently drop the messageexcept when the message is sent to a member of All Employees
This works for us, the user gets immediate responce that they are not allowed to send messages outside of the company.
Steve
NOTE: This is for Exchange 2007, we had to do this orignally for Exchange 2000 so I believe they should still work for 2k3, here is a link to the notes:
http://www.msexchange.org/tutorials/MF009.html
Free Windows Admin Tool Kit Click here and download it now
February 14th, 2007 7:52pm