Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 96
  • Last Modified:

RPC encryption requirement.

With in the Outlook mail profile properties, there is an option that allows a user to disable encryption between Outlook and the Exchange server. Is it possible to prevent users from disabling (unchecking) this option?
Environment:
Exchange Server 2010
Outlook 2010 and 2013.
Thank you for your time.
0
Domenic DiPasquale
Asked:
Domenic DiPasquale
4 Solutions
 
Neil RussellTechnical Development LeadCommented:
Download and install the Office ADM templates for group policies if you have not already and then you can.....

create a new policy and browse to..
User Configuration

|- Policies
   |- Administrative Templates
      |- Microsoft Outlook 2010
         |- Account Settings
            |- Exchange

In there you can configure the following policy settings.

- Authentication with Exchange Server,  choose Kerberos/NTLM Password Authentication
- Enable RPC encryption

These settings will now be forced after replication and gpupdates.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Also be aware that if you are using mutliple versions of Outlook (Office) you will need to download and deploy multiple ADM templates so that the correct policies apply to the correct version of Outlook (in your case).

Will.
0
 
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
I'm in the process of downloading the office admin templates. Microsoft gives me the option to download a 32 and 64 bit version. Do I need to use both install packages since I use both 32 and 64 bit version of office, or do I only need the 64 bit version since they will be stored on a server (Windows Server 2008 R2 STD)?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Gareth GudgerCommented:
This changed I believe in SP1. But in RTM encryption was required by the servers. If clients unchecked encryption, they would not connect. Outlook 2007 and newer clients had this enabled by default. But Outlook 2003 and earlier did not. So people would often turn this off during coexistence at the server level. SP1 turned this off my default. But you could turn this back on. That way, if any client turns off encryption, they won't be able to connect.

From the Exchange Management Shell on 2010. It will tell you if the server is accepting unencrypted RPC sessions. By default this should be set to True.

Get-RpcClientAccess fl | name, encryption*

Open in new window


And to set it.

Set-RpcClientAccess –Server Exchange_server_name –EncryptionRequired $true

Open in new window


More info here.
https://support.microsoft.com/kb/2006508?wa=wsignin1.0
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
If you have both 32bit and 64bit you will need to create 2 different GPO's as well (1 for 32 and 1 for 64). You will then need to create a WMI Filter that apply to each of the GPO's for the respective OS architecture.

32bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

64bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

Will.
0
 
Domenic DiPasqualeSystem / Network AdministratorAuthor Commented:
It looks like I'm all set. RPC encryption was already required on my server. Attempting to obtain any new messages, send a message, or access the global address book would fail without encryption enabled on the client. I've download the office admin templates for both office 2010 and 2013. I've created GPOs for both version of office, preventing them from disabling RPC encryption. Thanks again for your help.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Tackle projects and never again get stuck behind a technical roadblock.
Join Now