Anpassung von Outlook Web App 2010 Teil 1

vielleicht wurde jemand von euch auch schon mal mit dem Wunsch eines Kunden konfrontiert, das über Outlook Web Access eine Änderung von Passwörtern nicht möglich sein soll. Welche Gründe auch immer dahinter liegen mögen (z.B. ein Metadir als zentrale Benutzerverwaltung), mit Exchange 2010 ist das relativ einfach möglich. Hier gibt es einige Möglichkeiten Outlook Web App nach Kundenwunsch zu konfigurieren und anzupassen. Für die Passwortänderung (und einige andere Features) ist das mit einer Mailboxpolicy möglich. Hierzu erstellt man eine neue Mailboxpolicy in der Organisationskonfiguration, Client Access, Outlook Web App Mailbox Policys und trifft dort die Einstellung disabled für “Change Password”


untitled


 


Jetzt muß man die Policy nur noch den entsprechenden Postfächern zuweisen. Die OWA-Mailbox-Policy wird über das cmdlet set-casmailbox festgelegt. Um zum Beispiel allen Mailboxen in einem bestimmten Standort (in meinem Beispiel im customAttribute13) die Policy zu verpassen wird folgendes eingegeben:


get-mailbox –resultsize unlimited | where {$_.customattribute13 –eq “WN”} | set-casmailbox –OwaMailboxPolicy “No Password”


Tipp: Wenn die Anzahl der Mailboxen in den vierstelligen Bereich geht kann “get-mailbox” schon mal länger dauern. Wer weiß das er an einem Tag noch mehr Einstellungen treffen muß der kann alle Mailboxen einfach einmalig in eine Variable einlesen und die immer wieder benutzen (sofern man das gleiche Powershell-Fenster offen läßt) :


$Mailboxen=get-mailbox


Für obiges Beispiel wäre der Powershell – Oneliner dann:


$Mailboxen | where {$_.customattribute13 –eq “WN”} | set-casmailbox –OwaMailboxPolicy “No Password”


Beim nächsten Anmelden in Outlook Web App sieht man dann recht schnell bei einem Blick auf die OWA-Optionen das die Passwortänderungsmöglichkeit dort nicht mehr vorhanden ist.


Tipp: Mit Service Pack 1 für Exchange 2010 kann der Benutzer sein Kennwort auch ändern wenn es bereits abgelaufen ist. Dafür darf dann über die Richtlinie die Möglichkeit zur Passwortänderung natürlich nicht abgestellt sein. Wie das funktioniert wurde von Norbert Fehlauer auf www.faq-o.matic.net unter folgendem Link beschrieben.


 


 


Über die Mailboxpolicys sind außerdem noch folgende OWA – Teile für eine Mailbox deaktivierbar:


  • Zugriff auf Active Sync (Statistik über Active Sync Devices und Rücksetzmöglichkeit)
  • Alle Adresslisten
  • Kalender
  • Journal
  • Kontakte
  • Junk-Mail-Filter
  • Erinnerungen und Benachrichtigungen
  • Notizen
  • Premium Client
  • Such – Ordner
  • Aufgaben
  • Theme-Auswahl
  • Um-Integration
  • Wiederherstellung von gelöschten Elementen
  • Instant Messaging
  • Text Messaging
  • S/Mime

Auf den Registerkarten “Public Computer File Access “ und “Private Computer File Access” kann man einstellen welche Daten der Benutzer auf den Computer herunterladen kann bzw. welche lediglich im Browser gerendert werden. Die Auswahl ob es sich um einen vertrauenswürdigen Computer handelt trifft allerdings der Benutzer bei der Verwendung von Formularbasierter Authentifizierung bei der Anmeldung.


Viele Grüße


 


Walter Steinsdorfer

Heute ist Oktober–Patchday

… und es gab noch nie so viele Patche. Hm, irgendwie war das schon im letzten Monat der Fall. Naja, wie auch immer, hier die Liste der Updates:

 

MS10-071

Cumulative Security Update for Internet Explorer (2360131)
This security update resolves seven privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

Requires restart

Microsoft Windows,
Internet Explorer

MS10-075

Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
This security update resolves a privately reported vulnerability in the Microsoft Windows Media Player network sharing service. The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet.

Critical
Remote Code Execution

May require restart

Microsoft Windows

MS10-076

Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution

May require restart

Microsoft Windows

MS10-077

Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)
This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.

Critical
Remote Code Execution

May require restart

Microsoft Windows,
Microsoft .NET Framework

MS10-072

Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services. The vulnerabilities could allow information disclosure if an attacker submits specially crafted script to a target site using SafeHTML.

Important
Information Disclosure

May require restart

Microsoft Server Software

MS10-073

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
This security update resolves several publicly disclosed vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Important
Elevation of Privilege

Requires restart

Microsoft Windows

MS10-078

Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
This security update resolves two privately reported vulnerabilities in the Windows OpenType Font (OTF) format driver. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted OpenType font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Important
Elevation of Privilege

Requires restart

Microsoft Windows

MS10-079

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Office

MS10-080

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
This security update resolves thirteen privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Office

MS10-081

Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

Requires restart

Microsoft Windows

MS10-082

Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

May require restart

Microsoft Windows

MS10-083

Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important
Remote Code Execution

Requires restart

Microsoft Windows

MS10-084

Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs specially crafted code that sends an LPC message to the local LRPC Server. The message could then allow an authenticated user to access resources that are running in the context of the NetworkService account. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Important
Elevation of Privilege

Requires restart

Microsoft Windows

MS10-085

Vulnerability in SChannel Could Allow Denial of Service (2207566)
This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow denial of service if an affected Internet Information Services (IIS) server hosting a Secure Sockets Layer (SSL)-enabled Web site received a specially crafted packet message. By default, IIS is not configured to host SSL Web sites.

Important
Denial of Service

Requires restart

Microsoft Windows

MS10-074

Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the MFC Library. An attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Moderate
Remote Code Execution

May require restart

Microsoft Windows

MS10-086

Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)
This security update resolves a privately reported vulnerability in Windows Server 2008 R2 when used as a shared failover cluster. The vulnerability could allow data tampering on the administrative shares of failover cluster disks. By default, Windows Server 2008 R2 servers are not affected by this vulnerability. This vulnerability only applies to the cluster disks used in a failover cluster.

Moderate
Tampering

Requires restart

Microsoft Windows

 

Mehr Informationen bekommt ihr beim Oktober Security Bulletin.

Happy Patching

 

Walter Steinsdorfer

Steve Ballmer kommt nach Köln

Am Mittwoch, den 6. Oktober besucht SteveB, so sein internes Microsoft-Kürzel, Deutschland. Er wird sich einen Tag lang in Köln mit Industrievertretern, Kunden, Partnern, Medienvertretern aber auch mit Mitgliedern des CLIP und MVP Programms (s. u.) treffen und über das Top-Branchenthema Cloud Computing sowie über Windows Phone 7 sprechen.

Folgende Mitglieder der Microsoft Community Programme CLIP & MVP werden SteveB auf seinen offiziellen Terminen begleiten und auch ein persönliches Interview führen:

Alle Infos rund um die geplanten Themen und Events findet Ihr in dem Social Media Release im Microsoft Social Media Newsroom.

Die Microsoft Presseabteilung  wird über Steve Ballmers Deutschland-Besuch am 6. Oktober ab 8.30 Uhr live unter dem Hashtag #SteveB auf Twitter (http://twitter.com/MicrosoftPresse) und im Microsoft Social Media Newsroom berichten.

Aktuelle Videos dazu unter Youtube:

 

Steve B in Köln

Viele Grüße

 

Walter Steinsdorfer

Aus dem User Group Meeting: Lync

Alp Babayigit hat wie versprochen die Links aus seinem Vortrag im letzten User Group Meeting zur Verfügung gestellt:

Der Server wird wahrscheinlich ab Dezember erhältlich sein und das letzte Produkt aus der Wave 14-Reihe sein.

Viele Grüße

 

Walter Steinsdorfer