Applies to: Exchange Server 2007
Topic Last Modified: 2007-06-11

The New-ActiveSyncMailboxPolicy cmdlet is used to create a new Microsoft Exchange ActiveSync mailbox policy object.

Syntax


new-ActiveSyncMailboxPolicy -Name <String> [-AllowNonProvisionableDevices <$true \| $false>] [-AllowSimpleDevicePassword <$true \| $false>] [-AlphanumericDevicePasswordRequired <$true \| $false>] [-AttachmentsEnabled <$true \| $false>] [-DeviceEncryptionEnabled <$true \| $false>] [-DevicePasswordEnabled <$true \| $false>] [-DevicePasswordExpiration <Unlimited>] [-DevicePasswordHistory <Int32>] [-DomainController <Fqdn>] [-MaxAttachmentSize <Unlimited>] [-MaxDevicePasswordFailedAttempts <Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>] [-MinDevicePasswordLength <Nullable>] [-PasswordRecoveryEnabled <$true \| $false>] [-TemplateInstance <PSObject>] [-UNCAccessEnabled <$true \| $false>] [-WSSAccessEnabled <$true \| $false>]

new-ActiveSyncMailboxPolicy -Name <String>
[-AllowNonProvisionableDevices <$true | $false>]
[-AllowSimpleDevicePassword <$true | $false>]
[-AlphanumericDevicePasswordRequired <$true | $false>]
[-AttachmentsEnabled <$true | $false>]
[-DeviceEncryptionEnabled <$true | $false>]
[-DevicePasswordEnabled <$true | $false>]
[-DevicePasswordExpiration <Unlimited>]
[-DevicePasswordHistory <Int32>] [-DomainController
<Fqdn>] [-MaxAttachmentSize <Unlimited>]
[-MaxDevicePasswordFailedAttempts <Unlimited>]
[-MaxInactivityTimeDeviceLock <Unlimited>]
[-MinDevicePasswordLength <Nullable>]
[-PasswordRecoveryEnabled <$true | $false>]
[-TemplateInstance <PSObject>] [-UNCAccessEnabled <$true |
$false>] [-WSSAccessEnabled <$true | $false>]

Parameters

Parameter	Required	Type	Description
Name	Required	System.String	This parameter specifies the name of the policy.
AllowNonProvisionableDevices	Optional	System.Boolean	When set to `$true`, this parameter enables all devices to synchronize with the Exchange 2007 server, regardless of whether the device can enforce all the specific settings that are established in the Exchange ActiveSync policy. When set to `$false`, this parameter blocks these non-provisionable devices from synchronizing with the Exchange 2007 server. The default value is `$false`.
AllowSimpleDevicePassword	Optional	System.Boolean	This parameter specifies whether a simple device password is allowed. A simple device password is a password that has a specific pattern, such as 1111 or 1234.
AlphanumericDevicePasswordRequired	Optional	System.Boolean	This parameter specifies that the device password must be alphanumeric. The default value is `$false`.
AttachmentsEnabled	Optional	System.Boolean	When set to `$false`, this parameter blocks the user from downloading attachments. The default value is `$true`.
DeviceEncryptionEnabled	Optional	System.Boolean	When set to `$true`, this parameter enables device encryption on the mobile device. The default value is `$false`. Currently, only the storage card can be encrypted on Microsoft Windows Mobile powered devices.
DevicePasswordEnabled	Optional	System.Boolean	When set to `$true`, this parameter enables the user to set a password for the device. The default value is `$false`.
DevicePasswordExpiration	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the length of time, in days, that a password can be used. After this length of time, a new password must be created.
DevicePasswordHistory	Optional	System.Int32	This parameter specifies the number of previously-used passwords to store. When a user creates a new password, the user cannot reuse a stored password that was previously used.
DomainController	Optional	Microsoft.Exchange.Data.Fqdn	To specify the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory, include the DomainController parameter on the command.
MaxAttachmentSize	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the maximum size of attachments that can be downloaded to the mobile device. The default value is `Unlimited`.
MaxDevicePasswordFailedAttempts	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the number of attempts a user can make to enter the correct password for the device. You can enter any number between 4 and 16. The default value is `8`.
MaxInactivityTimeDeviceLock	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the length of time that the device can be inactive before the password is required to reactivate the device. You can enter any interval between 30 seconds and 1 hour. The default value is `15 minutes`.
MinDevicePasswordLength	Optional	System.Nullable	This parameter specifies the minimum number of characters in the device password. You can enter any number between 1 and 16. The maximum length a password can be is 16 characters. The default value is 4.
PasswordRecoveryEnabled	Optional	System.Boolean	When set to `$true`, this parameter enables you to store the recovery password for the device on an Exchange server. The default value is `$false`. The recovery password can be viewed from either Office Outlook Web Access or the Exchange Management Console.
TemplateInstance	Optional	System.Management.Automation.PSObject	This parameter enables you to create a policy from an existing policy.
UNCAccessEnabled	Optional	System.Boolean	This parameter specifies whether access to Windows file shares is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.
WSSAccessEnabled	Optional	System.Boolean	This parameter specifies whether access to Windows SharePoint Services is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.

Note:
Some Exchange ActiveSync policy settings require the mobile device to have certain built-in features that enforce these security and device management settings. If your organization allows all devices, including devices that cannot enforce all policy settings, you must set the AllowNonProvisionableDevices parameter to `$true`.

Detailed Description

The New-ActiveSyncMailboxPolicy cmdlet creates an Exchange ActiveSync policy for mailboxes that are accessed by mobile devices.

To run the New-ActiveSyncMailboxPolicy cmdlet, the account you use must be delegated the following:

Exchange Organization Administrator role

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Input Types

Return Types

Errors

Error	Description

Exceptions

Exceptions	Description

Example

This code example creates a new Exchange ActiveSync policy that is named SalesPolicy that has several values that are preconfigured.

	Copy Code
New-ActiveSyncMailboxPolicy -Name:"SalesPolicy" -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true