Recipe8.22.Disabling User Access to POP3, IMAP4, and HTTP

Previous page
Table of content
Next page

Recipe 8.22. Disabling User Access to POP3, IMAP4, and HTTP

Problem

You want to control access to your Exchange S erver from non-MAPI clients, allowing some users to use IMAP, POP, or HTTP and preventing others from doing so.

Solution

Using a graphical user interface

To disable an individual user's access to POP3, IMAP4, or HTTP, do the following:

  1. Log on to your Exchange server using an account that has administrative privileges on the domain.

  2. Open the ADUC snap-in (dsa.msc).

  3. Locate the account for which you want to disable POP3 access.

  4. Right-click the target account and select Properties.

  5. Select the Exchange Features tab. Under Protocols, click the protocol you want to disable, and then click Disable.

  6. Click OK.

To keep any user from using POP3 or IMAP4 on a particular server, do the following:

  1. Log on to the target Exchange server.

  2. Open the Services snap-in (services.msc).

  3. Locate the service you want to disable (Microsoft Exchange POP3 or Microsoft Exchange IMAP4).

  4. Right-click the service, and choose Stop from the context menu.

  5. To prevent the service from being restarted on the next boot:

  6. Right-click the service and select Properties.

  7. Change Startup Type to either Manual or Disabled.

  8. Click OK.

Using VBScript
' This code disables access to POP3, HTTP, and IMAP ' ------ SCRIPT CONFIGURATION ------ strUser = "cn=<username>,cn=Users,dc=<domain>,dc=<com>"    ' e.g., "cn=Paul Robichaux,cn=Users,dc=robichaux,dc=net" charSS = Chr(167)     'define a section symbol symbolset = "ISO-8859-1"  'choose a symbol set for pop3 & imap4 ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUser) disableHTTP = "HTTP" & charSS & "0" & charss & "1" & String(6,charSS)  enableHTTP = "HTTP" & charSS & "1" & charss & "1" & String(6,charSS) disableIMAP = "IMAP4" & charSS & "0" & charss & "1" & charss & "4" & charSS _          & symbolset & charSS & "0" & charss & "1" & charss & "0" & charss & "0" enableIMAP = "IMAP4" & charSS & "1" & charss & "1" & charss & "4" & charSS _          & symbolset & charSS & "0" & charss & "1" & charss & "0" & charss & "0" disablePOP3 = "POP3" & charSS & "0" & charSS & "1" & charSS & "4" & charSS _          & symbolset & charSS & "0" & String(3,charSS)  enablePOP3 = "POP3" & charSS & "1" & charSS & "1" & charSS & "4" & charSS _          & symbolset & charSS & "0" & String(3,charSS) '---  set each protocol as "enable" or "disable"           protocolSettings= Array(disableHTTP,disableIMAP,disablePOP3) ' to disable all ' protocolSettings= Array(enableHTTP,enableIMAP,enablePOP3) ' to enable all objuser.Put "protocolSettings", protocolSettings objUser.SetInfo  Wscript.Echo "Protocol settings for " & objUser.Get("sAMAccountName") & _              " have been updated"

Discussion

In Active Directory, the settings for POP3, IMAP4, and HTTP access to a user's mailbox are stored in the multivalued protocolSettings property in the user object. The format of each value takes a funny-looking format that uses the section character (§, ASCII 167) as a field delimiter.

POP3§<enableFlag>§<defaultsFlag>§<encodingFlag>§<symbolSet>§<rtfFlag>§Â§Â§ IMAP4§<enableFlag>§<defaultsFlag>§<encodingFlag>§<symbolSet>§1§1§0§0 HTTP§<enableFlag>§<defaultsFlag> §Â§Â§Â§Â§Â§

The first two flag values are fairly straightforward:


<enableFlag>

Can be 0 (disable this protocol) or 1 (enable this protocol)


<defaultsFlag>

Can be 1 (use the virtual server's encoding and behavior defaults) or 0 (override the server defaults with this user's settings)

The <encodingFlag> values are a little more complex:


0

Message should be MIME-encoded with both text and HTML body parts.


1

Message should be MIME-encoded with text-only body parts.


2

POP3 UUencoding is enabled; Macintosh messages will use Binhex encoding.


3

POP3 UUencoding is enabled.


4

Message should be MIME-encoded with HTML-only body parts.

Finally, the <rtfFlag> values control whether or not Exchange will use RTF (and thus generate the infamous winmail.dat attachment):


0

Microsoft Exchange Rich Text format is disabled.


1

Microsoft Exchange Rich Text format is disabled.

Note that the steps provided in the GUI solutions are also applicable for IMAP4 and HTTP; while the actual service name changes, the steps for each protocol are identical. In the interests of simplicity, we've only included the steps for disabling the POP3 protocol.

See Also

MS KB 252459 (Retrieve Properties of User Objects with ADSI and ADO) and MSDN documentation for Platform SDK: Active Directory Schema


Previous page
Table of content
Next page
Exchange Server Cookbook
Exchange Server Cookbook: For Exchange Server 2003 and Exchange 2000 Server
ISBN: 0596007175
EAN: 2147483647
Year: 2006
Pages: 235
Authors: Paul Robichaux, Missy Koslosky, Devin L. Ganger
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Developing Tablet PC Applications (Charles River Media Programming)
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Extending and Embedding PHP
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy