Beruflich Dokumente
Kultur Dokumente
Michael Firsov
Windows Audit
Advertisements
In this part we’ll go through setting up the most common Exchange options (such as Send/Receive connectors, public
folders, dsn notifications and many others) as well as customizing Outlook Web App and DSN notifications.
Let’s start by examining accepted domains and email address polices pages:
The only accepted domain here is Testcompany.com – I’m not planning to receive mail for other domains.
I think the Default address policy will do in most cases, otherwise it’s possible to create some other domain suffix for
the mailboxes.
On the receive connectors page please pay attention to the default list of receive connectors: given that Exch1 is a
multirole server there are 5 connectors: 3 for the CAS role (FrontEndTransport)and 2 for the Mailbox role
(HubTransport).
Next, let’s create the Send connector for sending Internet mail: I’m going to use a smart host for the delivery to any
domain; after creating the connector I will enable logging (it’s disabled by default
Another way of enabling logging:
Furthermore, there’s a couple of useful commands regarding logging – the first one sets the maximum log directory
size and the second defines how long the logs are retained:
The first customization I’d like to apply to my Exchange server is the new banner – the text presented to the other party
during an smtp session. The default out of box is to present the following text:
Get-ReceiveConnector -id “Exch1\Default Frontend Exch1” |Set-ReceiveConnector –Banner ‘220 TestCompany mail
system’ –Comment ‘MailAdmin 02.12.2014: Configured the new Banner’
Now If we type in Telnet “open localhost 25” we’ll get this welcome text:
It’s much more easier to manage CAS servers’ settings via Outlook Web App policies than applying them on per server
basis so I will rename the default policy to the “Enterprise” and apply it to my users. Don’t forget that the Default
Outlook Web App policy is NOT assigned to any mailbox by default.
Of course, you can apply the default OWA policy in EMS too:
There’re also some OWA policy settings that can be applyed only in EMS, for example:
ExplicitLogonEnabled
DelegateAccessEnabled
DisplayPhotosEnabled
SetPhotoEnabled,
SetPhotoURL
PredictedActionsEnabled
You can see your current OWA policy settings by Get-OWAMailboxPolicy cmdlet and configure settings by using Set-
OWAMailboxPolicy.
LogonPageLightSelectionEnabled
LogonPagePublicPrivateSelectionEnabled
And for the user convenience I”ll set the default domain so that users would not enter a domain name each time they
log in to the OWA page:
After using the aforementioned cmdlets we must restart IIS (for some reason the restart failed in the EMS so I did it in
PS):
Many companies would like to customize their OWA main page further by introducing their own logo and custom text;
here’s how we can accomplish such customization:
After editing favicon.ico in any graphical editor (I used Paint) its item changes its appearance:
In the OWA_Text_Blue.png file I added the words TestCompany to the default Outlook WebApp; it’s also possible to edit
olk_logo_white.png to edit the image showing a white envilope on the rightmost side of the page but I did do that
because Paint does not support transparency layers.
Attention! We won’t see the updated page content until we have deleted all IE’s (or any other browser’s) cached files!
I had some difficulties having these files deleted: even after clicking “Delete…” and deleting all the files they were still
present it the folder, so I had to remove them manually.
By default OWA sessions time out after 8 hours – I’d like sessions in my network to time out after 3 hour and this
command will do it:
Tip: to view public folders in OWA 2013 CU1 and later you must right-click Favorites and add a public folder.
Exchange 2013 has the ability to copy email messages destined t0/from a mailbox database (standard user license) or
a specific user (enterprise user license) to a special mailbox where they can be the subject for some analysys. Here’s
how we can set up journaling:
Next I’d like to customize delivery status notification (DSN) messages, both internal and external; it can be done with
the New-SystemMessage cmdlet:
New-SystemMessage -Language en -DsnCode 5.1.1 -Text “Sorry, we were unable to find your correspondent in our
directory so your message could not be delivered. Please make sure you typed the e-mail address correctly.” -
Internal $False
New-SystemMessage –Language en –DsnCode 5.1.1 –Text “We could not deliver your message because the
recepient does not exist in our mail database. Please check your address book once again or call a helpdesk for the
assistance.” –Internal $True
In the same way, we can customize a message users see in response to sending a message containing malware
(malware filtering is enabled by default in Exchange 2013):
It is appropriate mention here that it is strongly advised to update malware engine before putting the server into
production! There’s a script located in the Scripts folder we can use for updating malware engine :
An Event ID 6033 in the Application log means the update was successful, whilst EventID 6027 means the failure to
update.
Summary: