Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2007-08-16

The New-ActiveSyncMailboxPolicy cmdlet is used to create a new Microsoft Exchange ActiveSync mailbox policy object.

Syntax


new-ActiveSyncMailboxPolicy -Name <String> [-AllowBluetooth <Disable \| HandsfreeOnly \| Allow>] [-AllowBrowser <$true \| $false>] [-AllowCamera <$true \| $false>] [-AllowConsumerEmail <$true \| $false>] [-AllowDesktopSync <$true \| $false>] [-AllowExternalDeviceManagement <$true \| $false>] [-AllowHTMLEmail <$true \| $false>] [-AllowInternetSharing <$true \| $false>] [-AllowIrDA <$true \| $false>] [-AllowNonProvisionableDevices <$true \| $false>] [-AllowPOPIMAPEmail <$true \| $false>] [-AllowRemoteDesktop <$true \| $false>] [-AllowSimpleDevicePassword <$true \| $false>] [-AllowSMIMEEncryptionAlgorithmNegotiation <BlockNegotiation \| OnlyStrongAlgorithmNegotiation \| AllowAnyAlgorithmNegotiation>] [-AllowSMIMESoftCerts <$true \| $false>] [-AllowStorageCard <$true \| $false>] [-AllowTextMessaging <$true \| $false>] [-AllowUnsignedApplications <$true \| $false>] [-AllowUnsignedInstallationPackages <$true \| $false>] [-AllowWiFi <$true \| $false>] [-AlphanumericDevicePasswordRequired <$true \| $false>] [-ApprovedApplicationList <ApprovedApplicationCollection>] [-AttachmentsEnabled <$true \| $false>] [-Confirm [<SwitchParameter>]] [-DeviceEncryptionEnabled <$true \| $false>] [-DevicePasswordEnabled <$true \| $false>] [-DevicePasswordExpiration <Unlimited>] [-DevicePasswordHistory <Int32>] [-DomainController <Fqdn>] [-IsDefaultPolicy <$true \| $false>] [-MaxAttachmentSize <Unlimited>] [-MaxCalendarAgeFilter <All \| TwoWeeks \| OneMonth \| ThreeMonths \| SixMonths>] [-MaxDevicePasswordFailedAttempts <Unlimited>] [-MaxEmailAgeFilter <All \| OneDay \| ThreeDays \| OneWeek \| TwoWeeks \| OneMonth>] [-MaxEmailBodyTruncationSize <Unlimited>] [-MaxEmailHTMLBodyTruncationSize <Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>] [-MinDevicePasswordComplexCharacters <Int32>] [-MinDevicePasswordLength <Nullable>] [-PasswordRecoveryEnabled <$true \| $false>] [-RequireDeviceEncryption <$true \| $false>] [-RequireEncryptedSMIMEMessages <$true \| $false>] [-RequireEncryptionSMIMEAlgorithm <TripleDES \| DES \| RC2128bit \| RC264bit \| RC240bit>] [-RequireManualSyncWhenRoaming <$true \| $false>] [-RequireSignedSMIMEAlgorithm <SHA1 \| MD5>] [-RequireSignedSMIMEMessages <$true \| $false>] [-RequireStorageCardEncryption <$true \| $false>] [-TemplateInstance <PSObject>] [-UnapprovedInROMApplicationList <MultiValuedProperty>] [-UNCAccessEnabled <$true \| $false>] [-WhatIf [<SwitchParameter>]] [-WSSAccessEnabled <$true \| $false>]

new-ActiveSyncMailboxPolicy -Name <String>
[-AllowBluetooth <Disable | HandsfreeOnly | Allow>]
[-AllowBrowser <$true | $false>] [-AllowCamera <$true |
$false>] [-AllowConsumerEmail <$true | $false>]
[-AllowDesktopSync <$true | $false>]
[-AllowExternalDeviceManagement <$true | $false>]
[-AllowHTMLEmail <$true | $false>] [-AllowInternetSharing
<$true | $false>] [-AllowIrDA <$true | $false>]
[-AllowNonProvisionableDevices <$true | $false>]
[-AllowPOPIMAPEmail <$true | $false>] [-AllowRemoteDesktop
<$true | $false>] [-AllowSimpleDevicePassword <$true |
$false>] [-AllowSMIMEEncryptionAlgorithmNegotiation
<BlockNegotiation | OnlyStrongAlgorithmNegotiation |
AllowAnyAlgorithmNegotiation>] [-AllowSMIMESoftCerts <$true |
$false>] [-AllowStorageCard <$true | $false>]
[-AllowTextMessaging <$true | $false>]
[-AllowUnsignedApplications <$true | $false>]
[-AllowUnsignedInstallationPackages <$true | $false>]
[-AllowWiFi <$true | $false>]
[-AlphanumericDevicePasswordRequired <$true | $false>]
[-ApprovedApplicationList <ApprovedApplicationCollection>]
[-AttachmentsEnabled <$true | $false>] [-Confirm
[<SwitchParameter>]] [-DeviceEncryptionEnabled <$true |
$false>] [-DevicePasswordEnabled <$true | $false>]
[-DevicePasswordExpiration <Unlimited>]
[-DevicePasswordHistory <Int32>] [-DomainController
<Fqdn>] [-IsDefaultPolicy <$true | $false>]
[-MaxAttachmentSize <Unlimited>] [-MaxCalendarAgeFilter
<All | TwoWeeks | OneMonth | ThreeMonths | SixMonths>]
[-MaxDevicePasswordFailedAttempts <Unlimited>]
[-MaxEmailAgeFilter <All | OneDay | ThreeDays | OneWeek |
TwoWeeks | OneMonth>] [-MaxEmailBodyTruncationSize
<Unlimited>] [-MaxEmailHTMLBodyTruncationSize
<Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>]
[-MinDevicePasswordComplexCharacters <Int32>]
[-MinDevicePasswordLength <Nullable>]
[-PasswordRecoveryEnabled <$true | $false>]
[-RequireDeviceEncryption <$true | $false>]
[-RequireEncryptedSMIMEMessages <$true | $false>]
[-RequireEncryptionSMIMEAlgorithm <TripleDES | DES | RC2128bit |
RC264bit | RC240bit>] [-RequireManualSyncWhenRoaming <$true |
$false>] [-RequireSignedSMIMEAlgorithm <SHA1 | MD5>]
[-RequireSignedSMIMEMessages <$true | $false>]
[-RequireStorageCardEncryption <$true | $false>]
[-TemplateInstance <PSObject>]
[-UnapprovedInROMApplicationList <MultiValuedProperty>]
[-UNCAccessEnabled <$true | $false>] [-WhatIf
[<SwitchParameter>]] [-WSSAccessEnabled <$true |
$false>]

Parameters

Parameter	Required	Type	Description
Name	Required	System.String	This parameter specifies the name of the policy.
AllowBluetooth	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.BluetoothType	This parameter specifies whether the Bluetooth capabilities of the mobile device are allowed. The available options are Disable, HandsfreeOnly, and Allow. The default value is `Allow`.
AllowBrowser	Optional	System.Boolean	This parameter indicates whether Pocket Internet Explorer is allowed on the mobile device. The default value is `$true`. This parameter does not affect third-party browsers.
AllowCamera	Optional	System.Boolean	This parameter indicates whether the mobile device's camera is allowed. The default value is `$true`.
AllowConsumerEmail	Optional	System.Boolean	This parameter indicates whether the mobile device user can configure a personal e-mail account on the device. The default value is `$true`.
AllowDesktopSync	Optional	System.Boolean	This parameter specifies whether the mobile device can synchronize with a desktop computer through a cable. The default value is `$true`.
AllowExternalDeviceManagement	Optional	System.Boolean	This parameter specifies whether an external device management program is allowed to manage the device.
AllowHTMLEmail	Optional	System.Boolean	This parameter specifies whether HTML e-mail is enabled on the device. The default value is `$true`.
AllowInternetSharing	Optional	System.Boolean	This parameter specifies whether the mobile device can be used as a modem to connect a computer to the Internet. The default value is `$true`.
AllowIrDA	Optional	System.Boolean	This parameter specifies whether infrared connections are allowed to the mobile device. The default value is `$true`.
AllowNonProvisionableDevices	Optional	System.Boolean	When set to `$true`, this parameter enables all devices to synchronize with the computer that is running Exchange 2007, regardless of whether the device can enforce all the specific settings that are established in the Exchange ActiveSync policy. This also includes devices that are managed by a separate device management system. When set to `$false`, this parameter blocks these non-provisionable devices from synchronizing with the Exchange 2007 server. The default value is `$false`.
AllowPOPIMAPEmail	Optional	System.Boolean	This parameter specifies whether the user can configure a POP3 or IMAP4 e-mail account on the device. The default value is `$true`.
AllowRemoteDesktop	Optional	System.Boolean	This parameter specifies whether the mobile device can initiate a remote desktop connection. The default value is `$true`.
AllowSimpleDevicePassword	Optional	System.Boolean	This parameter specifies whether a simple device password is allowed. A simple device password is a password that has a specific pattern, such as 1111 or 1234. The default value is `$true`.
AllowSMIMEEncryptionAlgorithmNegotiation	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.SMIMEEncryptionAlgorithmNegotiationType	This parameter specifies whether the messaging application on the device can negotiate the encryption algorithm in case a recipient's certificate does not support the specified encryption algorithm.
AllowSMIMESoftCerts	Optional	System.Boolean	This parameter specifies whether S/MIME software certificates are allowed. The default value is `$true`.
AllowStorageCard	Optional	System.Boolean	This parameter specifies whether the device can access information that is stored on a storage card. The default value is `$true`.
AllowTextMessaging	Optional	System.Boolean	This parameter specifies whether text messaging is allowed from the device. The default value is `$true`.
AllowUnsignedApplications	Optional	System.Boolean	This parameter specifies whether unsigned applications can be installed on the device. The default value is `$true`.
AllowUnsignedInstallationPackages	Optional	System.Boolean	This parameter specifies whether unsigned installation packages can be executed on the device. The default value is `$true`.
AllowWiFi	Optional	System.Boolean	This parameter specifies whether wireless Internet access is allowed on the device. The default value is `$true`.
AlphanumericDevicePasswordRequired	Optional	System.Boolean	This parameter specifies that the device password must be alphanumeric. The default value is `$false`.
ApprovedApplicationList	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.ApprovedApplicationCollection	This parameter contains a list of approved applications for the device.
AttachmentsEnabled	Optional	System.Boolean	When set to `$false`, this parameter blocks the user from downloading attachments. The default value is `$true`.
Confirm	Optional	System.Management.Automation.SwitchParameter	This parameter causes the command to pause processing and requires that the administrator acknowledge what the command will do before processing continues. The default value is `$true`.
DeviceEncryptionEnabled	Optional	System.Boolean	This parameter, when set to `$true`, enables device encryption on the mobile device. The default value is `$false`. Currently, only the storage card can be encrypted on devices running Windows Mobile 6.0. We recommend that you don't use this setting and use the RequireStorageCardEncryption parameter instead.
DevicePasswordEnabled	Optional	System.Boolean	When set to `$true`, this parameter requires that the user set a password for the device. The default value is `$false`.
DevicePasswordExpiration	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the length of time, in days, that a password can be used. After this length of time, a new password must be created. The format of the parameter is dd.hh.mm:ss, for example, 24.00:00 = 24 hours.
DevicePasswordHistory	Optional	System.Int32	This parameter specifies the number of previously-used passwords to store. When a user creates a new password, the user cannot reuse a stored password that was previously used.
DomainController	Optional	Microsoft.Exchange.Data.Fqdn	This parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to the Active Directory directory service.
IsDefaultPolicy	Optional	System.Boolean	This parameter specifies whether this policy is the default Exchange ActiveSync mailbox policy. The default value is `$false`. If another policy is currently set as the default, setting this parameter will replace the old default policy with this policy.
MaxAttachmentSize	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the maximum size of attachments that can be downloaded to the mobile device. The default value is `Unlimited`.
MaxCalendarAgeFilter	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.CalendarAgeFilterType	This parameter specifies the maximum range of calendar days that can be synchronized to the device. The value is specified in days.
MaxDevicePasswordFailedAttempts	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the number of attempts a user can make to enter the correct password for the device. You can enter any number between 4 and 16. The default value is `8`.
MaxInactivityTimeDeviceLock	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the length of time that the device can be inactive before the password is required to reactivate the device. You can enter any interval between 30 seconds and 1 hour. The default value is `15 minutes`. The format of the parameter is hh.mm:ss, for example, 15:00 = 15 minutes.
MinDevicePasswordLength	Optional	System.Nullable	This parameter specifies the minimum number of characters in the device password. You can enter any number between 1 and 16. The maximum length a password can be is 16 characters. The default value is `4`.
MaxEmailAgeFilter	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.EmailAgeFilterType	This parameter specifies the maximum number of days of e-mail items to synchronize to the device. The value is specified in days.
MaxEmailBodyTruncationSize	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the maximum size at which e-mail messages are truncated when synchronized to the device. The value is specified in kilobytes (KB).
MaxEmailHTMLBodyTruncationSize	Optional	Microsoft.Exchange.Data.Unlimited	This parameter specifies the maximum size at which HTML-Formatted e-mail messages are synchronized to the device. The value is specified in kilobytes (KB).
MinDevicePasswordComplexCharacters	Optional	System.Int32	This parameter specifies the minimum number of complex characters required in a device password. A complex character is not a letter.
PasswordRecoveryEnabled	Optional	System.Boolean	When set to `$true`, this parameter enables you to store the recovery password for the device on an Exchange server. The default value is `$false`. The recovery password can be viewed from either Office Outlook Web Access or the Exchange Management Console.
RequireDeviceEncryption	Optional	System.Boolean	This parameter specifies whether encryption is required on the device. The default value is `$false`.
RequireEncryptedSMIMEMessages	Optional	System.Boolean	This parameter specifies whether you must encrypt S/MIME messages. The default value is `$false`.
RequireEncryptionSMIMEAlgorithm	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.EncryptionSMIMEAlgorithmType	This parameter specifies what required algorithm must be used when encrypting a message.
RequireManualSyncWhenRoaming	Optional	System.Boolean	This parameter specifies whether the device must synchronize manually while roaming. The default value is `$false`.
RequireSignedSMIMEAlgorithm	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.SignedSMIMEAlgorithmType	This parameter specifies what required algorithm must be used when signing a message.
RequireSignedSMIMEMessages	Optional	System.Boolean	This parameter specifies whether the device must send signed S/MIME messages.
RequireStorageCardEncryption	Optional	System.Boolean	This parameter specifies whether encryption of a storage card is required. The default value is `$true`.
TemplateInstance	Optional	System.Management.Automation.PSObject	This parameter enables you to create a policy from an existing policy.
UnapprovedInROMApplicationList	Optional	Microsoft.Exchange.Data.MultiValuedProperty	This parameter contains a list of applications that cannot be run in ROM.
UNCAccessEnabled	Optional	System.Boolean	This parameter specifies whether access to Windows file shares is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.
WhatIf	Optional	System.Management.Automation.SwitchParameter	This parameter instructs the command to simulate the actions that it would take on the object. By using the WhatIf parameter, the administrator can view what changes would occur without having to apply any of those changes. The default value is `$false`.
WSSAccessEnabled	Optional	System.Boolean	This parameter specifies whether access to Windows SharePoint Services is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.

Note:
Some Exchange ActiveSync policy settings require the mobile device to have certain built-in features that enforce these security and device management settings. If your organization allows all devices, you must set the AllowNonProvisionableDevices parameter to `$true`. This includes devices that cannot enforce all policy settings,

Detailed Description

The New-ActiveSyncMailboxPolicy cmdlet creates an Exchange ActiveSync policy for mailboxes that are accessed by mobile devices.

To run the New-ActiveSyncMailboxPolicy cmdlet, the account you use must be delegated the Exchange Organization Administrator role.

For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

Input Types

Return Types

Errors

Error	Description

Exceptions

Exceptions	Description

Example

This code example creates a new Exchange ActiveSync policy that is named SalesPolicy that has several values that are preconfigured.

	Copy Code
New-ActiveSyncMailboxPolicy -Name:"SalesPolicy" -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -MaxEmailAgeFilter:5 -AllowWiFi:$falst -AllowStorageCard: $true -AllowPOPIMAPEmail:$false

Copy Code

New-ActiveSyncMailboxPolicy -Name:"SalesPolicy" -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -MaxEmailAgeFilter:5 -AllowWiFi:$falst -AllowStorageCard: $true -AllowPOPIMAPEmail:$false