Modify Exchange Server 2010 default settings to prevent users from creating distribution groups

The students who used to do the training asked me a question today, saying that all users can create and manage distribution groups from their Outlook clients, but they are not allowed to create their own distribution groups, and want to see if there is a way to deny users the ability to create their own distribution groups.

This is a common problem, because by default all users under the Microsoft Exchange 2010 platform can create and manage groups from their e-mail clients, but if you want to turn this feature off, it's also a way to prevent users from creating and managing a team. Let me share some of the solutions that were given at the time:

1, you can create an allocation policy to assign this policy to users who do not allow the creation and management of distribution groups.

2. The My distribution Groups and my distribution Group membership roles can be removed from the default administrative role assignment policy.

So how do you do it? Let's take a look at it together:

Create a policy that does not contain my distribution group and my distribution group membership roles and apply that role to specific users in your organization. These users will not be able to create or manage distribution groups.

Create a role assignment policy. Here we assume that the Create policy No distribution Group Management. New-roleassignmentpolicy "No distribution Group Management"

Use variables to get all roles assigned to the default role assignment policy. $Roles = get-managementroleassignment-roleassignee "Default Role Assignment Policy"

Attention:

The default role assignment policy that is installed with Exchange 2010 is named default roles assignment Policy. If you change the name of the policy or if you have another default policy, you can run the following command to locate the default policy.

Get-roleassignmentpolicy | Where {$_. Isdefault-eq $True}

Back to the column page: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/Mail/

Add all roles assigned to the default allocation policy to the new role assignment policy, except for roles that contain the term "newsletter." $Roles | Where {$_. Role-notlike "*distribution*"} | New-managementroleassignment-policy "No distribution Group Management"

Apply the No distribution Group Management allocation policy to the appropriate user. This example applies the No distribution Group Management Role Assignment policy to all mailboxes that set the CustomAttribute1 value to Contract Employee. Get-mailbox-filter {customattribute1-eq "Contract Employee"} | Set-mailbox-roleassignmentpolicy "No distribution Group Management"

To remove the My distribution Groups and my distribution Groups membership role from the default administrative role assignment policy using the command line

Attention:

1. You cannot use EMC to remove the My distribution Groups and my distribution Group membership roles from the default administrative role assignment policy.

2. Removing the My distribution Groups and my distribution Group membership role from the default Role assignment policy is the easiest way to remove this permission from most users of your organization. However, this does not affect recipients who have assigned other role assignment policies.

Action method:

Create a role assignment policy. Here we take the Create strategy No distribution Group management as an example.

New-roleassignmentpolicy "No distribution Group Management"

Use variables to get all roles assigned to the default role assignment policy. $Roles = get-managementroleassignment-roleassignee "Default Role Assignment Policy"

Note: The default Role Assignment policy that is installed with Exchange 2010 is named default roles assignment Policy. If you change the name of the policy or if you have another default policy, you can run the following command to locate the default policy.

Get-roleassignmentpolicy | Where {$_. Isdefault-eq $True}

Add all roles assigned to the default allocation policy to the new role assignment policy, except for roles that contain the term "newsletter."

$Roles | Where {$_. Role-notlike "*distribution*"} | New-managementroleassignment-policy "No distribution Group Management"

Set the new role assignment policy as the default policy so that it applies to all users in your organization. Set-roleassignmentpolicy "No distribution Group Management"-isdefault

Rename the old default role assignment policy to more appropriate content. This example renames the Old_default role assignment Policy. Set-roleassignmentpolicy "Default Role Assignment Policy"-name "Old_default Role Assignment Policy"

This article is from the "Clumsy birds have" blog, please be sure to keep this source http://tingdongwang.blog.51cto.com/1056852/694365