Solved

RPC encryption requirement.

Posted on 2014-12-30
6
84 Views
Last Modified: 2014-12-30
With in the Outlook mail profile properties, there is an option that allows a user to disable encryption between Outlook and the Exchange server. Is it possible to prevent users from disabling (unchecking) this option?
Environment:
Exchange Server 2010
Outlook 2010 and 2013.
Thank you for your time.
0
Comment
Question by:Domenic DiPasquale
6 Comments
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 125 total points
ID: 40523506
Download and install the Office ADM templates for group policies if you have not already and then you can.....

create a new policy and browse to..
User Configuration

|- Policies
   |- Administrative Templates
      |- Microsoft Outlook 2010
         |- Account Settings
            |- Exchange

In there you can configure the following policy settings.

- Authentication with Exchange Server,  choose Kerberos/NTLM Password Authentication
- Enable RPC encryption

These settings will now be forced after replication and gpupdates.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 250 total points
ID: 40523636
Also be aware that if you are using mutliple versions of Outlook (Office) you will need to download and deploy multiple ADM templates so that the correct policies apply to the correct version of Outlook (in your case).

Will.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40523790
I'm in the process of downloading the office admin templates. Microsoft gives me the option to download a 32 and 64 bit version. Do I need to use both install packages since I use both 32 and 64 bit version of office, or do I only need the 64 bit version since they will be stored on a server (Windows Server 2008 R2 STD)?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 125 total points
ID: 40523909
This changed I believe in SP1. But in RTM encryption was required by the servers. If clients unchecked encryption, they would not connect. Outlook 2007 and newer clients had this enabled by default. But Outlook 2003 and earlier did not. So people would often turn this off during coexistence at the server level. SP1 turned this off my default. But you could turn this back on. That way, if any client turns off encryption, they won't be able to connect.

From the Exchange Management Shell on 2010. It will tell you if the server is accepting unencrypted RPC sessions. By default this should be set to True.

Get-RpcClientAccess fl | name, encryption*

Open in new window


And to set it.

Set-RpcClientAccess –Server Exchange_server_name –EncryptionRequired $true

Open in new window


More info here.
https://support.microsoft.com/kb/2006508?wa=wsignin1.0
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 250 total points
ID: 40524455
If you have both 32bit and 64bit you will need to create 2 different GPO's as well (1 for 32 and 1 for 64). You will then need to create a WMI Filter that apply to each of the GPO's for the respective OS architecture.

32bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

64bit
select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

Will.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40524560
It looks like I'm all set. RPC encryption was already required on my server. Attempting to obtain any new messages, send a message, or access the global address book would fail without encryption enabled on the client. I've download the office admin templates for both office 2010 and 2013. I've created GPOs for both version of office, preventing them from disabling RPC encryption. Thanks again for your help.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This video shows where to find templates, what they are used for, and how to create and save a custom template using Microsoft Word.
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now