Chekcing After Hour Business Email - Constitutes Overtime pay ( a big no no).

Recently, the HR Department wanted me to prevent employees from being able to check their business email through OWA, as this (I guess) poses issues about overtime pay and employees accessing their business emails.  My question, is what is the best method to not allow access to business emails after hours?  I know that there are login settings that effect a user's time and day for logging onto the network, but not certain it that effects access to business emails as well.
danberry1010Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Probably the easiest way is just make clear that evening business email is frowned upon and in no case will overtime be paid. Do not check company email after 6:00pm and before 7:00am (or whatever hours).

Given all the ways to access email, it is difficult to stop other than turning the Exchange Server off each night (not practical).
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Since in most cases a firewall is between Exchange (resp. the IIS hosting the intranet site for it), that firewall can apply business hour rules on ingress SSL poilcies, cutting off any connection attempt outside of allowed hours.
0
Tom CieslikIT EngineerCommented:
The simplest way to restrict users to work /access emails after hours logon Hours button in Account tab / User Properties in Active Directory Users and Computers.

This setting will prevent from users authentication so OWA will not work too

Capture.JPG
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

mbkitmgrCommented:
If this relates to Moble devices (Tablets/Phones) create a powershell script scheduled to run at the required times with

To Block
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $false

Then at the time you need them to regain access

To Reinstate
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $true

Ironically we were looking for the same thing :).  I had posted to a few forums, but checked my Powershell reference - should have RTFM (read the flaming manual) first
0
mbkitmgrCommented:
And for OWA

To Block
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$False

To Reinstate
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$True
1
masnrockCommented:
If your concern is logging into the network at all, then go with Tom's solution. If your concern revolves around only remote logins, then I would look into what your firewall can do in terms of schedule. Some of the only ports that need to remain open all the time such as port 25 in order to prevent the interruption of mail flow. Regardless, you're going to need an enforceable policy (which John named) that requires management and HR backing.
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Tom, my suggestion will not cut off email. I'm explicitly talking about the SSL (HTTPS) ports, and those are not used for sending or receiving mails.
However, it is an all-or-nothing approach, not allowing for detailled setup for specific users - which has not been asked for. If there is no need for exceptions or different business schedules, it is the best solution as being very simple and effortless.
Having said that, I would go with a specific setting as recommended by the other Experts myself - but I like scripting, so have no issues with dynamic aspects and mass processing ;-).
0
danberry1010Author Commented:
Best solution
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.