Applies to: Exchange Server 2007
Topic Last Modified: 2007-06-11

The Set-ActiveSyncMailboxPolicy cmdlet enables you to apply a variety of mailbox policy settings to a server. You can set any of the parameters by using one command.

Syntax

set-ActiveSyncMailboxPolicy -Identity <MailboxPolicyIdParameter> [-AllowNonProvisionableDevices <$true | $false>] [-AllowSimpleDevicePassword <$true | $false>] [-AlphanumericDevicePasswordRequired <$true | $false>] [-AttachmentsEnabled <$true | $false>] [-DeviceEncryptionEnabled <$true | $false>] [-DevicePasswordEnabled <$true | $false>] [-DevicePasswordExpiration <Unlimited>] [-DevicePasswordHistory <Int32>] [-DevicePolicyRefreshInterval <Unlimited>] [-DomainController <Fqdn>] [-MaxAttachmentSize <Unlimited>] [-MaxDevicePasswordFailedAttempts <Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>] [-MinDevicePasswordLength <Nullable>] [-Name <String>] [-PasswordRecoveryEnabled <$true | $false>] [-UNCAccessEnabled <$true | $false>] [-WSSAccessEnabled <$true | $false>]
set-ActiveSyncMailboxPolicy [-AllowNonProvisionableDevices <$true | $false>] [-AllowSimpleDevicePassword <$true | $false>] [-AlphanumericDevicePasswordRequired <$true | $false>] [-AttachmentsEnabled <$true | $false>] [-DeviceEncryptionEnabled <$true | $false>] [-DevicePasswordEnabled <$true | $false>] [-DevicePasswordExpiration <Unlimited>] [-DevicePasswordHistory <Int32>] [-DevicePolicyRefreshInterval <Unlimited>] [-DomainController <Fqdn>] [-Instance <MobileMailboxPolicy>] [-MaxAttachmentSize <Unlimited>] [-MaxDevicePasswordFailedAttempts <Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>] [-MinDevicePasswordLength <Nullable>] [-Name <String>] [-PasswordRecoveryEnabled <$true | $false>] [-UNCAccessEnabled <$true | $false>] [-WSSAccessEnabled <$true | $false>]

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxPolicyIdParameter

This parameter specifies the policy name.

AllowNonProvisionableDevices

Optional

System.Boolean

When set to $true, this parameter enables all devices to synchronize with the Exchange 2007 server, regardless of whether they can enforce all the settings that are established in the Exchange ActiveSync policy. When set to $false, this parameter blocks mobile devices from synchronizing with Exchange 2007. The default value is $false.

AllowSimpleDevicePassword

Optional

System.Boolean

This parameter specifies whether a simple device password is permitted. A simple device password is one in which there is a specific pattern, such as 1111 or 1234.

AlphanumericDevicePasswordRequired

Optional

System.Boolean

This parameter specifies whether the device password must contain non-numeric characters. If set to $true, the device password must contain non-numeric characters.

AttachmentsEnabled

Optional

System.Boolean

When set to $false, this parameter blocks the user from downloading attachments. The default value is $true.

DeviceEncryptionEnabled

Optional

System.Boolean

When set to $true, this parameter enables device encryption on the mobile device. The default value is $false. Currently, only the storage card can be encrypted on Windows Mobile powered devices.

DevicePasswordEnabled

Optional

System.Boolean

This parameter specifies whether a device password setting is enabled. If it is set to $true, a device password setting is enabled.

DevicePasswordExpiration

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the length of time, in days, that a password can be used. After this length of time, a new password must be created.

DevicePasswordHistory

Optional

System.Int32

This parameter specifies the number of previously used passwords to store. When a user creates a new password, they cannot reuse a stored password that was previously used.

DevicePolicyRefreshInterval

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies how frequently the device policy is refreshed.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

To specify the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to the Active Directory directory service, include the DomainController parameter on the command.

Instance

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.MobileMailboxPolicy

The Instance parameter enables you to pass a whole object to the command to be processed. It is mainly used in scripts where a whole object must be passed to the command.

MaxAttachmentSize

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the maximum size of attachments that can be downloaded to the mobile mailbox. The default value is Unlimited.

MaxDevicePasswordFailedAttempts

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies the maximum number times the device accepts a password that is incorrect before the information on the device is wiped.

MaxInactivityTimeDeviceLock

Optional

Microsoft.Exchange.Data.Unlimited

This parameter specifies that length of time that the device can be inactive before the password is required to reactivate the device. You can enter any interval between 30 seconds and 1 hour. The default value is 15 minutes.

MinDevicePasswordLength

Optional

System.Nullable

This parameter specifies the minimum length of a device password.

Name

Optional

System.String

This parameter specifies the name of the Exchange ActiveSync policy.

PasswordRecoveryEnabled

Optional

System.Boolean

This parameter enables the administrator to store the recovery password on Exchange. The recovery password can be viewed from Office Outlook Web Access or the Exchange Management Console.

UNCAccessEnabled

Optional

System.Boolean

This parameter specifies whether access to Windows file shares is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.

WSSAccessEnabled

Optional

System.Boolean

This parameter specifies whether access to Microsoft Windows SharePoint Services is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.

Detailed Description

The Set-ActiveSyncMailboxPolicy cmdlet enables you to set each parameter in a mailbox policy. You can set any of the parameters by using one command.

To run the Set-ActiveSyncMailboxPolicy cmdlet, the account you use must be delegated the following:

  • Exchange Organization Administrator role

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Input Types

Return Types

Errors

Error Description

 

 

Exceptions

Exceptions Description

 

 

Example

The following code example sets several policy settings for the Exchange ActiveSync policy named SalesPolicy.

Copy Code
Set-ActiveSyncMailboxPolicy -identity SalesPolicy -AllowNonProvisionableDevices:$true -DevicePasswordEnabled:$true -MaxInactivityTimeDeviceLock:01:27:23 -WSSAccessEnabled:$true