+ Post New Thread
Results 1 to 15 of 15
Cloud Services Thread, Remove Password Change option form OWA for Live@Edu in Technical; Hi guys, Has anyone else done this? Having set up PCNS at our site I now want to remove the ...
  1. #1
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 157 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65

    Remove Password Change option form OWA for Live@Edu

    Hi guys,

    Has anyone else done this?

    Having set up PCNS at our site I now want to remove the option to change a password in the OWA interface for all of my users, so that they can't create 'unsynced' passwords for their live@edu mailboxes.

    I assume that this is done in Powershell, but don't know where to start

    Thanks in advance!

    Ben

  2. #2

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I'm not confirming that it works, but you can turn off password reset on the service manglement portal (eduadmin.live.com).

  3. Thanks to PiqueABoo from:

    Mr.Ben (10th February 2012)

  4. #3
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 157 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65
    That's taken away the users ability to request a password reset - so part of the problem is solved Thanks @PiqueABoo

    They can still change their passwords when they have logged in though.

  5. #4

    Join Date
    Jun 2010
    Location
    England
    Posts
    735
    Thank Post
    89
    Thanked 52 Times in 46 Posts
    Rep Power
    35
    Did you get any further with this?

  6. #5
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 157 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65
    Quote Originally Posted by ihaveaproblem View Post
    Did you get any further with this?
    Not as yet! - To be honest though, i haven't looked at it in a few days.

    I'll bump this up to the Live@edu team to see if it can be done.

  7. #6

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    767
    Thank Post
    175
    Thanked 57 Times in 55 Posts
    Rep Power
    35
    Quote Originally Posted by Mr.Ben View Post
    Hi guys,

    Has anyone else done this?

    Having set up PCNS at our site I now want to remove the option to change a password in the OWA interface for all of my users, so that they can't create 'unsynced' passwords for their live@edu mailboxes.

    I assume that this is done in Powershell, but don't know where to start

    Thanks in advance!

    Ben
    I have done this, I can't remember the method, I setup Live@EDU at a previous school a while ago. If you google the question you should get a result.

  8. #7
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    524
    Thank Post
    26
    Thanked 229 Times in 159 Posts
    Rep Power
    86
    It's probably possible using RBAC. I've been reading about this (yesterday in fact) for Office 365. Would need to check if it also works for Outlook Live.

  9. #8
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 157 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65
    Hi James,

    I thought it may be down to the Access Controls - Can you send me the info that you were looking at for Office 365?

  10. #9
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    524
    Thank Post
    26
    Thanked 229 Times in 159 Posts
    Rep Power
    86
    The following is a work in progress, use at your own risk!

    I'm going to write this up, but here's the working version, borrowing largely from the inspiration post:


    • Open up a remote PowerShell session to your Outlook Live tenant.
    • Export MyBaseOptions_DefaultMailboxPlan management role entries for reference:


    Get-ManagementRoleEntry MyBaseOptions_DefaultMailboxPlan\* | ConvertTo-Html > C:\MyBaseOptions_DefaultMailboxPlan.htm


    • Copy the existing MyBaseOptions_DefaultMailboxPlan management role as a new role:


    New-ManagementRole –Parent MyBaseOptions_DefaultMailboxPlan –Name MyCustomOptions_DefaultMailboxPlan


    • Remove all Set-Mailbox parameters from the new role:


    Remove-ManagementRoleEntry MyMailbox\Set-Mailbox


    • Add Set-Mailbox parameters back to new role, except the password reference:


    Add-ManagementRoleEntry MyMailbox\Set-Mailbox –Parameters AcceptMessagesOnlyFrom, AcceptMessagesOnlyFromDLMembers, AcceptMessagesOnlyFromSendersOrMembers, DeliverToMailboxAndForward, ErrorAction, ErrorVariable, ExternalOofOptions, ForwardingAddress, ForwardingSmtpAddress, GrantSendOnBehalfTo, Identity, Languages, MailTip, MailTipTranslations, OutBuffer, OutVariable, RejectMessagesFrom, RejectMessagesFromDLMembers, RejectMessagesFromSendersOrMembers, RequireSenderAuthenticationEnabled, UserCertificate, UserSMimeCertificate, WarningAction, WarningVariable



    • Now, in ECP, under Roles & Auditing open up the User Role for the DefaultMailboxPlan, scroll down and you'll see something (hopefully) like:


    rolesgrab.PNG


    • Uncheck the MyBaseOptions_DefaultMailboxPlan role, and select the MyCustomOptions one.


    Give it some time to sink in, and in theory you should've lost the link to reset passwords via OWA:

    passwordgrab.PNG

  11. 2 Thanks to jamesbmarshall:

    Mr.Ben (15th February 2012), netadmin (15th February 2012)

  12. #10
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 157 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65
    Hi @jamesbmarshall

    Fingers crossed that solved the issue!

    It's not obvious for those of us that don't work with exchange too often that 'MyMailbox\Set-Mailbox' needs to refer to 'MyCustomOptions_DefaultMailboxPlan\Set-Mailbox' in your example.

    Thanks again

    Ben

  13. #11
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    524
    Thank Post
    26
    Thanked 229 Times in 159 Posts
    Rep Power
    86
    Quote Originally Posted by Mr.Ben View Post
    It's not obvious for those of us that don't work with exchange too often that 'MyMailbox\Set-Mailbox' needs to refer to 'MyCustomOptions_DefaultMailboxPlan\Set-Mailbox' in your example.
    Oops! You're right. I would go back and edit, but I can't.

  14. #12

    Join Date
    Jun 2010
    Location
    England
    Posts
    735
    Thank Post
    89
    Thanked 52 Times in 46 Posts
    Rep Power
    35
    I would try this, but a bit confused after your last two posts ^^

  15. #13

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I strongly suspect exposure to powershell accelerates brain cell death rate (proportionally to number of cmdlet syllables, total line lengths etc.), or at least it routinely does my head in. I'm pretty sure this will do the same trick *and* help save your IQ:

    New-ManagementRole –Parent MyBaseOptions_DefaultMailboxPlan –Name MyCustomOptions_DefaultMailboxPlan
    Set-ManagementRoleEntry MyCustomOptions_DefaultMailboxPlan\Set-Mailbox –Parameters Password -RemoveParameter


    Then go click in ECP Roles & Auditing as Jame's post above. If you want to undo those changes for any reason, go run this:

    Remove-ManagementRole MyCustomOptions_DefaultMailboxPlan

  16. #14
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 157 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65
    It's just a small change - again use at your own risk!

    •Open up a remote PowerShell session to your Outlook Live tenant.

    •Export MyBaseOptions_DefaultMailboxPlan management role entries for reference:


    Get-ManagementRoleEntry MyBaseOptions_DefaultMailboxPlan\* | ConvertTo-Html > C:\MyBaseOptions_DefaultMailboxPlan.htm

    •Copy the existing MyBaseOptions_DefaultMailboxPlan management role as a new role:

    New-ManagementRole –Parent MyBaseOptions_DefaultMailboxPlan –Name MyCustomOptions_DefaultMailboxPlan

    •Remove all Set-Mailbox parameters from the new role:

    Remove-ManagementRoleEntry MyCustomOptions_DefaultMailboxPlan\Set-Mailbox

    •Add Set-Mailbox parameters back to new role, except the password reference:

    Add-ManagementRoleEntry MyCustomOptions_DefaultMailboxPlan\Set-Mailbox –Parameters AcceptMessagesOnlyFrom, AcceptMessagesOnlyFromDLMembers, AcceptMessagesOnlyFromSendersOrMembers, DeliverToMailboxAndForward, ErrorAction, ErrorVariable, ExternalOofOptions, ForwardingAddress, ForwardingSmtpAddress, GrantSendOnBehalfTo, Identity, Languages, MailTip, MailTipTranslations, OutBuffer, OutVariable, RejectMessagesFrom, RejectMessagesFromDLMembers, RejectMessagesFromSendersOrMembers, RequireSenderAuthenticationEnabled, UserCertificate, UserSMimeCertificate, WarningAction, WarningVariable

    Then follow the guidelines that James wrote to assign this role to all of your mailboxes in the ECP

  17. #15

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

SHARE:
+ Post New Thread

Similar Threads

  1. Allowing student password changes for non-admin teacher
    By cheeseslice in forum Windows Server 2008 R2
    Replies: 5
    Last Post: 22nd September 2011, 08:18 AM
  2. Moodle plugin for Live@edu
    By RabbieBurns in forum Virtual Learning Platforms
    Replies: 15
    Last Post: 23rd August 2011, 04:10 PM
  3. Replies: 1
    Last Post: 23rd November 2010, 06:49 PM
  4. Script for Mass Password change
    By Samson in forum Windows
    Replies: 7
    Last Post: 2nd October 2008, 02:50 PM
  5. Changing windows explorer views for users.
    By Galway in forum Windows
    Replies: 1
    Last Post: 11th August 2007, 01:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •