Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-07-27
This topic explains how to use the Exchange Management Console and the Exchange Management Shell to set PIN policies on a Unified Messaging (UM) mailbox policy. UM mailbox policies can be configured to increase the level of security for UM-enabled users by requiring users to comply with the predefined PIN policies for your organization.
To set PIN policies for UM users, you can either create a new UM mailbox policy or modify an existing UM mailbox policy. After a new UM mailbox policy is created, you can then configure the UM mailbox policy by configuring the following PIN settings:
- MinPasswordLength
- PINLifetime
- LogonFailuresBeforePINReset
- MaxLogonAttempts
- AllowCommonPatterns
- PINHistoryCount
For more information about how to configure UM PIN security, see Configuring PIN Security for UM-Enabled Users.
When you change a PIN policy on a UM mailbox policy, the change will affect all new users that are created and the users that are currently associated with the existing UM mailbox policy.
 Important: |
|---|
| When you change the PIN policy, the new PIN setting is applied to users who are currently associated with the UM mailbox policy. For example, if you modify the UM mailbox policy and change the minimum PIN length from 7 to 10 digits, the next time users log on they will be forced to change their PIN to comply with the changed PIN requirement. |
Before You Begin
To perform this procedure, the account you use must be delegated the Exchange Recipient Administrator role.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
Also, before you perform these procedures, confirm the following:
- The existing Exchange recipient has an
Exchange Server 2007 mailbox.
- The existing Exchange recipient is currently enabled for
UM.
- A UM dial plan has been created.
- A UM mailbox policy has been created.
Procedure
To use the Exchange Management
Console to set PIN policies for UM users
-
In the console tree of the Exchange Management Console, expand the Organization Configuration node, and then click Unified Messaging.
-
In the work pane, click the UM Mailbox Policies tab.
-
In the work pane, click the UM mailbox policy that you want to change. This is the UM mailbox policy that is associated to the UM-enabled user.
-
In the action pane, click Properties.
-
In the UM mailbox policy Properties window, click the PIN Policies tab.
-
On the PIN Policies tab, configure the PIN settings for the UM mailbox policy, and then click OK to accept your changes.
To use the Exchange Management
Shell to set PIN policies for UM users
-
Run the following command:
Copy CodeSet-UMMailboxPolicy -Identity MyUMMailboxPolicy -MinPasswordLength 8 -PINLifetime 30 -LogonFailuresBeforePINReset 3 -MaxLogonAttempts 7 -PINHistoryCount 10
For information about syntax and parameters, see Set-UMMailboxPolicy.
| Important: |
|---|
| It is a security best practice to implement strong PIN requirements for Unified Messaging users. This can be enforced by creating Unified Messaging PIN policies that require 6 or more digits for PINs and increases the level of security for your network. |
For More Information
- For more information about how to install the Unified Messaging
server role, see How to Perform a Custom
Installation Using Exchange Server 2007 Setup.
- For more information about how to create a new UM mailbox
policy, see How
to Create a New Unified Messaging Mailbox Policy.
- For more information about Unified Messaging mailbox policies,
see Understanding Unified
Messaging Mailbox Policies.
- For more information about how to manage Unified Messaging
mailbox policies, see Managing Unified
Messaging Mailbox Policies.