Rely on the process? That's only ever effective if you enforce the process as well. To do that in this case, have you considered a "catch-all" process that goes behind and for all users except this small list, will ensure that pop3 is disabled?
Shouldn't be a tough script to come up with and to run that as a scheduled job would be a low maintenance alternative to enforce the process I would think. Maybe even a free Joeware hat (or at least contributing author mention) in it if you make it CLI to Python/Perl/C+-#. ;) -Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy SCHAN Sent: Friday, February 11, 2005 1:00 PM To: [email protected] Subject: RE: [ActiveDir] OT: POP3 on Exchange 2003 Thanks again. Right now, the client hasn't even worked out their delegation model (or OU structure, for that matter), so all account creation is squarely in the hands of the Operations group at the moment. So, if we enable POP3 the feasibale approach for now is likely going to be to rely on their following process and disabling POP3 on user accounts as they create them, and look at the overall provisioning requirements a little later, with this as one requirement. It's unfortunate we have to go through this to support a handful of applications; I'm going to try to meet again with the application owners to see if we have any other alternatives. Andy >From: "Tony Murray" <[EMAIL PROTECTED]> >Reply-To: [email protected] >To: <[email protected]> >Subject: RE: [ActiveDir] OT: POP3 on Exchange 2003 >Date: Fri, 11 Feb 2005 14:40:40 +0100 > >FWIW, if you did want to do this with some custom provisioning (or even >after mailbox-enabling a user) it seems the protocolSettings attribute >is the one you need to manipulate. > >There's not a great deal of information available about >protocolSettings, but there's some here: > >http://redmondmag.com/columns/article.asp?EditorialsID=638 > >http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e >2 k3/_clb_enumerating_exchange_object_properties_with_adsi_ado_vb.asp > >And here's a sample script for setting mailbox limits by OU and by >group, which you could perhaps rework for the protocolSettings >attribute. > >http://blogs.brnets.com/michael/archive/2004/11/18/244.aspx > >Tony > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Andy SCHAN >Sent: 11 February 2005 13:53 >To: [email protected] >Subject: RE: [ActiveDir] OT: POP3 on Exchange 2003 > >Thanks for the reply. That's the conclusion I'd come to, but I was >hoping someone with a bigger brain than mine would prove me wrong :-) > > > > >Thanks, >Andy Schan >Schan Consulting, Inc. >[EMAIL PROTECTED] >Home: 613-443-0334 >Cell: 613-851-8443 > > > > > >From: "joe" <[EMAIL PROTECTED]> > >Reply-To: [email protected] > >To: <[email protected]> > >Subject: RE: [ActiveDir] OT: POP3 on Exchange 2003 > >Date: Thu, 10 Feb 2005 23:19:12 -0500 > > > >I don't believe you can't set this as a default with the native tools. >You > >would need to use some custom provisioning to do this. > > > > joe > > > > > > > >-----Original Message----- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On Behalf Of > >[EMAIL PROTECTED] > >Sent: Tuesday, February 08, 2005 9:08 AM > >To: [email protected] > >Subject: [ActiveDir] OT: POP3 on Exchange 2003 > > > >Greetings, everyone: > > > >Sorry for the off-topic post, but I've asked this on the E2K3 mailing >list > >and didn't get any answers. At any rate, it's as much an AD challenge >as an > >Exchange one. > > > >I'm working on the final stages of an Exchange 2003 migration, and it >turns > >out we're going to have to enable POP3 on our mailbox servers to >support a > >handful of applications that > > > >were written for the Exchange 5.5 environment. Enabling POP3 isn't > >difficult, and neither is configuring our FE servers to support it, > >but doing this on a limited scale seems to be a bit of a challenge. > > > >What I'd like to do is enable POP3 on the mailbox servers, but ensure >that > >only the handful of AD accounts used by the apps have it enabled at > >the > > >user > > > >object level. I'd also like to ensure that all new users created > >ahave >POP3 > >disabled by default. I can do a bulk edit of all existing users to >disable > >POP3 using ADModify or some other method, but how can I ensure that > >all >new > >accounts have POP3 disabled by default when they're created? Once you > >select for an Exchange mailbox to be created while > > > >creating the account, it comes up with all Exchange features enabled, > >including POP3. Once I enable POP3 on the mailbox server, I've opened > >Pandora's box. Relying on the delegates to disable POP3 after they >create > >the account isn't feasible. > > > >Any insight anyone can offer would be appreciated. > > > >Andy Schan > >MCSE: W2K3, NT 4.0; MCSE: Messaging > > > >List info : http://www.activedir.org/List.aspx > >List FAQ : http://www.activedir.org/ListFAQ.aspx > >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > >List info : http://www.activedir.org/List.aspx > >List FAQ : http://www.activedir.org/ListFAQ.aspx > >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
