Applies to: Exchange Server 2007
Topic Last Modified: 2007-06-11

The New-ActiveSyncMailboxPolicy cmdlet is used to create a new Microsoft Exchange ActiveSync mailbox policy object.

Syntax

new-ActiveSyncMailboxPolicy -Name <String> [-AllowNonProvisionableDevices <$true | $false>] [-AllowSimpleDevicePassword <$true | $false>] [-AlphanumericDevicePasswordRequired <$true | $false>] [-AttachmentsEnabled <$true | $false>] [-DeviceEncryptionEnabled <$true | $false>] [-DevicePasswordEnabled <$true | $false>] [-DevicePasswordExpiration <Unlimited>] [-DevicePasswordHistory <Int32>] [-DomainController <Fqdn>] [-MaxAttachmentSize <Unlimited>] [-MaxDevicePasswordFailedAttempts <Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>] [-MinDevicePasswordLength <Nullable>] [-PasswordRecoveryEnabled <$true | $false>] [-TemplateInstance <PSObject>] [-UNCAccessEnabled <$true | $false>] [-WSSAccessEnabled <$true | $false>]

Parameters

Parameter Required Type Description

Name

Required

System.String

This parameter specifies the name of the policy.

AllowNonProvisionableDevices

Optional

System.Boolean

When set to $true, this parameter enables all devices to synchronize with the Exchange 2007 server, regardless of whether the device can enforce all the specific settings that are established in the Exchange ActiveSync policy. When set to $false, this parameter blocks these non-provisionable devices from synchronizing with the Exchange 2007 server. The default value is $false.

AllowSimpleDevicePassword

Optional

System.Boolean

This parameter specifies whether a simple device password is allowed. A simple device password is a password that has a specific pattern, such as 1111 or 1234.

AlphanumericDevicePasswordRequired

Optional

System.Boolean

This parameter specifies that the device password must be alphanumeric. The default value is $false.

AttachmentsEnabled

Optional

System.Boolean

When set to $false, this parameter blocks the user from downloading attachments. The default value is $true.

DeviceEncryptionEnabled

Optional

System.Boolean

When set to $true, this parameter enables device encryption on the mobile device. The default value is $false. Currently, only the storage card can be encrypted on Microsoft Windows Mobile powered devices.

DevicePasswordEnabled

Optional

System.Boolean

When set to $true, this parameter enables the user to set a password for the device. The default value is $false.

DevicePasswordExpiration

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the length of time, in days, that a password can be used. After this length of time, a new password must be created.

DevicePasswordHistory

Optional

System.Int32

This parameter specifies the number of previously-used passwords to store. When a user creates a new password, the user cannot reuse a stored password that was previously used.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

To specify the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory, include the DomainController parameter on the command.

MaxAttachmentSize

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the maximum size of attachments that can be downloaded to the mobile device. The default value is Unlimited.

MaxDevicePasswordFailedAttempts

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the number of attempts a user can make to enter the correct password for the device. You can enter any number between 4 and 16. The default value is 8.

MaxInactivityTimeDeviceLock

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the length of time that the device can be inactive before the password is required to reactivate the device. You can enter any interval between 30 seconds and 1 hour. The default value is 15 minutes.

MinDevicePasswordLength

Optional

System.Nullable

This parameter specifies the minimum number of characters in the device password. You can enter any number between 1 and 16. The maximum length a password can be is 16 characters. The default value is 4.

PasswordRecoveryEnabled

Optional

System.Boolean

When set to $true, this parameter enables you to store the recovery password for the device on an Exchange server. The default value is $false. The recovery password can be viewed from either Office Outlook Web Access or the Exchange Management Console.

TemplateInstance

Optional

System.Management.Automation.PSObject

This parameter enables you to create a policy from an existing policy.

UNCAccessEnabled

Optional

System.Boolean

This parameter specifies whether access to Windows file shares is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.

WSSAccessEnabled

Optional

System.Boolean

This parameter specifies whether access to Windows SharePoint Services is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.

Note:
Some Exchange ActiveSync policy settings require the mobile device to have certain built-in features that enforce these security and device management settings. If your organization allows all devices, including devices that cannot enforce all policy settings, you must set the AllowNonProvisionableDevices parameter to $true.

Detailed Description

The New-ActiveSyncMailboxPolicy cmdlet creates an Exchange ActiveSync policy for mailboxes that are accessed by mobile devices.

To run the New-ActiveSyncMailboxPolicy cmdlet, the account you use must be delegated the following:

  • Exchange Organization Administrator role

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Input Types

Return Types

Errors

Error Description

 

 

Exceptions

Exceptions Description

 

 

Example

This code example creates a new Exchange ActiveSync policy that is named SalesPolicy that has several values that are preconfigured.

Copy Code
New-ActiveSyncMailboxPolicy -Name:"SalesPolicy" -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true