Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

RPC encryption requirement.

Posted on 2014-12-30
6
Medium Priority
?
94 Views
Last Modified: 2014-12-30
With in the Outlook mail profile properties, there is an option that allows a user to disable encryption between Outlook and the Exchange server. Is it possible to prevent users from disabling (unchecking) this option?
Environment:
Exchange Server 2010
Outlook 2010 and 2013.
Thank you for your time.
0
Comment
Question by:Domenic DiPasquale
6 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 500 total points
ID: 40523506
Download and install the Office ADM templates for group policies if you have not already and then you can.....

create a new policy and browse to..
User Configuration

|- Policies
   |- Administrative Templates
      |- Microsoft Outlook 2010
         |- Account Settings
            |- Exchange

In there you can configure the following policy settings.

- Authentication with Exchange Server,  choose Kerberos/NTLM Password Authentication
- Enable RPC encryption

These settings will now be forced after replication and gpupdates.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 1000 total points
ID: 40523636
Also be aware that if you are using mutliple versions of Outlook (Office) you will need to download and deploy multiple ADM templates so that the correct policies apply to the correct version of Outlook (in your case).

Will.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40523790
I'm in the process of downloading the office admin templates. Microsoft gives me the option to download a 32 and 64 bit version. Do I need to use both install packages since I use both 32 and 64 bit version of office, or do I only need the 64 bit version since they will be stored on a server (Windows Server 2008 R2 STD)?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 500 total points
ID: 40523909
This changed I believe in SP1. But in RTM encryption was required by the servers. If clients unchecked encryption, they would not connect. Outlook 2007 and newer clients had this enabled by default. But Outlook 2003 and earlier did not. So people would often turn this off during coexistence at the server level. SP1 turned this off my default. But you could turn this back on. That way, if any client turns off encryption, they won't be able to connect.

From the Exchange Management Shell on 2010. It will tell you if the server is accepting unencrypted RPC sessions. By default this should be set to True.

Get-RpcClientAccess fl | name, encryption*

Open in new window


And to set it.

Set-RpcClientAccess –Server Exchange_server_name –EncryptionRequired $true

Open in new window


More info here.
https://support.microsoft.com/kb/2006508?wa=wsignin1.0
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 1000 total points
ID: 40524455
If you have both 32bit and 64bit you will need to create 2 different GPO's as well (1 for 32 and 1 for 64). You will then need to create a WMI Filter that apply to each of the GPO's for the respective OS architecture.

32bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

64bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

Will.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40524560
It looks like I'm all set. RPC encryption was already required on my server. Attempting to obtain any new messages, send a message, or access the global address book would fail without encryption enabled on the client. I've download the office admin templates for both office 2010 and 2013. I've created GPOs for both version of office, preventing them from disabling RPC encryption. Thanks again for your help.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
How to effectively resolve the number one email related issue received by helpdesks.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question