RPC encryption requirement.

With in the Outlook mail profile properties, there is an option that allows a user to disable encryption between Outlook and the Exchange server. Is it possible to prevent users from disabling (unchecking) this option?
Environment:
Exchange Server 2010
Outlook 2010 and 2013.
Thank you for your time.
Domenic DiPasqualeSystem / Network AdministratorAsked:
Who is Participating?
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
If you have both 32bit and 64bit you will need to create 2 different GPO's as well (1 for 32 and 1 for 64). You will then need to create a WMI Filter that apply to each of the GPO's for the respective OS architecture.

32bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

64bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

Will.
0
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
Download and install the Office ADM templates for group policies if you have not already and then you can.....

create a new policy and browse to..
User Configuration

|- Policies
   |- Administrative Templates
      |- Microsoft Outlook 2010
         |- Account Settings
            |- Exchange

In there you can configure the following policy settings.

- Authentication with Exchange Server,  choose Kerberos/NTLM Password Authentication
- Enable RPC encryption

These settings will now be forced after replication and gpupdates.
0
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
Also be aware that if you are using mutliple versions of Outlook (Office) you will need to download and deploy multiple ADM templates so that the correct policies apply to the correct version of Outlook (in your case).

Will.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
I'm in the process of downloading the office admin templates. Microsoft gives me the option to download a 32 and 64 bit version. Do I need to use both install packages since I use both 32 and 64 bit version of office, or do I only need the 64 bit version since they will be stored on a server (Windows Server 2008 R2 STD)?
0
 
Gareth GudgerConnect With a Mentor Commented:
This changed I believe in SP1. But in RTM encryption was required by the servers. If clients unchecked encryption, they would not connect. Outlook 2007 and newer clients had this enabled by default. But Outlook 2003 and earlier did not. So people would often turn this off during coexistence at the server level. SP1 turned this off my default. But you could turn this back on. That way, if any client turns off encryption, they won't be able to connect.

From the Exchange Management Shell on 2010. It will tell you if the server is accepting unencrypted RPC sessions. By default this should be set to True.

Get-RpcClientAccess fl | name, encryption*

Open in new window


And to set it.

Set-RpcClientAccess –Server Exchange_server_name –EncryptionRequired $true

Open in new window


More info here.
https://support.microsoft.com/kb/2006508?wa=wsignin1.0
0
 
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
It looks like I'm all set. RPC encryption was already required on my server. Attempting to obtain any new messages, send a message, or access the global address book would fail without encryption enabled on the client. I've download the office admin templates for both office 2010 and 2013. I've created GPOs for both version of office, preventing them from disabling RPC encryption. Thanks again for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.