Chekcing After Hour Business Email - Constitutes Overtime pay ( a big no no).

Recently, the HR Department wanted me to prevent employees from being able to check their business email through OWA, as this (I guess) poses issues about overtime pay and employees accessing their business emails.  My question, is what is the best method to not allow access to business emails after hours?  I know that there are login settings that effect a user's time and day for logging onto the network, but not certain it that effects access to business emails as well.
danberry1010Asked:
Who is Participating?
 
Tom CieslikConnect With a Mentor IT EngineerCommented:
The simplest way to restrict users to work /access emails after hours logon Hours button in Account tab / User Properties in Active Directory Users and Computers.

This setting will prevent from users authentication so OWA will not work too

Capture.JPG
1
 
JohnBusiness Consultant (Owner)Commented:
Probably the easiest way is just make clear that evening business email is frowned upon and in no case will overtime be paid. Do not check company email after 6:00pm and before 7:00am (or whatever hours).

Given all the ways to access email, it is difficult to stop other than turning the Exchange Server off each night (not practical).
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Since in most cases a firewall is between Exchange (resp. the IIS hosting the intranet site for it), that firewall can apply business hour rules on ingress SSL poilcies, cutting off any connection attempt outside of allowed hours.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
mbkitmgrCommented:
If this relates to Moble devices (Tablets/Phones) create a powershell script scheduled to run at the required times with

To Block
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $false

Then at the time you need them to regain access

To Reinstate
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $true

Ironically we were looking for the same thing :).  I had posted to a few forums, but checked my Powershell reference - should have RTFM (read the flaming manual) first
0
 
mbkitmgrCommented:
And for OWA

To Block
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$False

To Reinstate
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$True
1
 
masnrockCommented:
If your concern is logging into the network at all, then go with Tom's solution. If your concern revolves around only remote logins, then I would look into what your firewall can do in terms of schedule. Some of the only ports that need to remain open all the time such as port 25 in order to prevent the interruption of mail flow. Regardless, you're going to need an enforceable policy (which John named) that requires management and HR backing.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Tom, my suggestion will not cut off email. I'm explicitly talking about the SSL (HTTPS) ports, and those are not used for sending or receiving mails.
However, it is an all-or-nothing approach, not allowing for detailled setup for specific users - which has not been asked for. If there is no need for exceptions or different business schedules, it is the best solution as being very simple and effortless.
Having said that, I would go with a specific setting as recommended by the other Experts myself - but I like scripting, so have no issues with dynamic aspects and mass processing ;-).
0
 
danberry1010Author Commented:
Best solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.