Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, July 12, 2016 12:16 PM
Hi, we have some mailboxes where users tend to mess with Inbox rules. I was curious whether there is a way to prevent them from doing so.
I was thinking about RBAC user roles, but was unable to find something. Is there no way to deny users access to inbox rules?
All replies (10)
Thursday, July 14, 2016 1:31 PM âś…Answered
OK, would you mind to share the solution here to help others with the same requirement?
Sure, but it does not prevent users from modifying their inbox rules.
The purpose of the Inbox rule was to block messages from certain recipients and sending an automated reply to these. The only way to do that correctly is the 'Have server reply with a specific message' action in inbox rules.
The relevant inbox rules had been disabled or corrupted from time to time, either due users messing intentionally with them, or through incompatible Outlook versions. In our case, we created a transport rule to redirect the messages to another mailbox, and there we created the inbox rule, out of reach for the actual mailbox users.
Tuesday, July 12, 2016 7:17 PM
You can remove them directly from the Role assignment policy (either remove the MyBaseOptions role, or create a customized one and assign it instead). This will not stop them from being able to use Outlook rules however.
Wednesday, July 13, 2016 4:45 AM
Thanks. Actually this was my idea, but I could not find any option within MyBaseOptions which would be responsible for this (so that I could create a custom role without it).
Wednesday, July 13, 2016 5:24 AM
There is no (sub)options, you can either remove the whole role, or create a new one based on MyBaseOptions, with the Inbox rules cmdlets removed. Again, wont help you with Outlook :)
Wednesday, July 13, 2016 5:44 AM
Well, yes, I wanted to create a new role, same as MyBaseOptions, but with the Inbox rules cmdlets removed. However, I could not find Inbox rules cmdlets in the MyBaseOptions role.
But if it doesn't help with Outlook, it's futile anyway.
Wednesday, July 13, 2016 7:00 AM | 1 vote
Hi,
Use this command, you will find the *-InboxRule cmdlets in the MyBaseOptions role.
Get-ManagementRoleentry "MyBaseOptions\-InboxRule"
And here is my idea for your requirement.
1. Get all the roles in default Role Assignment Policy.
Get-RoleAssignmentPolicy "Default Role Assignment Policy" | fl AssignedRoles
2. Customize a new role inherited with MyBaseOptions role.
New-ManagementRole -Parent "MyBaseOptions" -Name "MyBaseOptions-InboxRule"
3. Remove all inbox rule cmdlets in this role.
Remove-ManagementRoleEntry "MyBaseOptions-InboxRule\-InboxRule"
4. Create a new Role Assignment Policy, add all the roles that we get in the step 1 except MyBaseOptions role. Then add the custom role "MyBaseOptions-InboxRule". Assign this new Role Assignment Policy to one test user.
Note: This is just my idea, I haven't test it. So I don't know if it will work.
Best Regards.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Lynn-Li
TechNet Community Support
Thursday, July 14, 2016 9:39 AM
Thanks. Command 3 does actually not work, I had to use this instead:
get-ManagementRoleEntry "MyBaseOptions-InboxRule\-InboxRule" | Remove-ManagementRoleEntry
But unfortunately, this only removes rule options from OWA, not from Outlook. So I guess that what I want cannot be achieved.
Thursday, July 14, 2016 12:20 PM
Yeah, RBAC solution can prevent users creating inbox rule from OWA.
For outlook, perhaps you will consider to use Group Policy to disable this feature.
https://technet.microsoft.com/en-us/library/cc178992.aspx?f=255&MSPPError=-2147217396
Best Regards.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Lynn-Li
TechNet Community Support
Thursday, July 14, 2016 12:23 PM
Thanks. Group Policy is out of scope because these users are external and use Outlook Anywhere. But I found another solution to the actual problem.
Thursday, July 14, 2016 1:27 PM
OK, would you mind to share the solution here to help others with the same requirement?
Thanks.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Lynn-Li
TechNet Community Support