danberry1010
asked on
Chekcing After Hour Business Email - Constitutes Overtime pay ( a big no no).
Recently, the HR Department wanted me to prevent employees from being able to check their business email through OWA, as this (I guess) poses issues about overtime pay and employees accessing their business emails. My question, is what is the best method to not allow access to business emails after hours? I know that there are login settings that effect a user's time and day for logging onto the network, but not certain it that effects access to business emails as well.
Since in most cases a firewall is between Exchange (resp. the IIS hosting the intranet site for it), that firewall can apply business hour rules on ingress SSL poilcies, cutting off any connection attempt outside of allowed hours.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If this relates to Moble devices (Tablets/Phones) create a powershell script scheduled to run at the required times with
To Block
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $false
Then at the time you need them to regain access
To Reinstate
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $true
Ironically we were looking for the same thing :). I had posted to a few forums, but checked my Powershell reference - should have RTFM (read the flaming manual) first
To Block
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $false
Then at the time you need them to regain access
To Reinstate
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $true
Ironically we were looking for the same thing :). I had posted to a few forums, but checked my Powershell reference - should have RTFM (read the flaming manual) first
And for OWA
To Block
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$False
To Reinstate
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$True
To Block
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$False
To Reinstate
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$True
If your concern is logging into the network at all, then go with Tom's solution. If your concern revolves around only remote logins, then I would look into what your firewall can do in terms of schedule. Some of the only ports that need to remain open all the time such as port 25 in order to prevent the interruption of mail flow. Regardless, you're going to need an enforceable policy (which John named) that requires management and HR backing.
Tom, my suggestion will not cut off email. I'm explicitly talking about the SSL (HTTPS) ports, and those are not used for sending or receiving mails.
However, it is an all-or-nothing approach, not allowing for detailled setup for specific users - which has not been asked for. If there is no need for exceptions or different business schedules, it is the best solution as being very simple and effortless.
Having said that, I would go with a specific setting as recommended by the other Experts myself - but I like scripting, so have no issues with dynamic aspects and mass processing ;-).
However, it is an all-or-nothing approach, not allowing for detailled setup for specific users - which has not been asked for. If there is no need for exceptions or different business schedules, it is the best solution as being very simple and effortless.
Having said that, I would go with a specific setting as recommended by the other Experts myself - but I like scripting, so have no issues with dynamic aspects and mass processing ;-).
ASKER
Best solution
Given all the ways to access email, it is difficult to stop other than turning the Exchange Server off each night (not practical).