Another post, another large PowerShell script. This script is an attempt to make modifying the Mobile Device Mailbox Policies. It is menu driven:
… and provides access to all the settings that can be configured on the policy. Note that some changes could trigger an Enterprise CAL requirement, so plan ahead before making changes. The script will not allow the creation of a new policy, nor will it assign one to users. If there is interest, I may add that later. For now this is simply for changing settings on the policies.
In Action
The script is split up into multiple parts and multiple menus. The groupings were done for logical reasons as well as to mimic a previous grouping for these settings. Let’s look at the menu structure:
As you can see all the options for the Mobile Device Mailbox Policy are available. You can change most settings at will, for example if I wanted to set one of the Password Policy options like Require Device Encryption, I would enter the ‘Configure Password Policy’ menu, select option 4 for ‘Configure Device Encryption Enabled’ and then change the setting to what I needed:
Looking closer at the screenshot, you will see that the script also checks the value before and after to make sure the results are what you want them to be. Now if we wanted to change an SMIME option, we can go to the SMIME menu from the main menu (Option 9 from the main menu) and let’s change the ‘Allow SMIME Soft Certs’ setting:
The script functions used by this script were built in a similar fashion to the last large scripts I’ve written recently The cookie cutter approach has allowed me to build a script of this size in a matter of hours and not days.
The Entire Script
<#
.SYNOPSIS
Configure all options on the Mobile Device Mailbox Polices
.DESCRIPTION
.NOTES
Version : 1.0
Wish list : Keep track of changes for auditing or reporting purposes (other than a transcript file)
: Add the ability to create a brand new policy from the same script
: Log changes to Event Logs?
Rights Required : Local admin on server
Sched Task Req'd : No
Exchange Version : 2013
Author : Just A UC Guy [JAUCG]
Email/Blog/Twitter : ( ) http://justaucguy.wordpress.com/
Dedicated Blog : http://justaucguy.wordpress.com/
Disclaimer : You are on your own. This was not written by, support by, or endorsed by Microsoft.
Info Stolen from : None, all hand written code.
.LINK
[TBD]
.EXAMPLE
.\Changes-OWAAuthSettings
.INPUTS
None. You cannot pipe objects to this script.
#>
param(
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[string] $strFilenameTranscript = $MyInvocation.MyCommand.Name + " " + (hostname)+ " {0:yyyy-MM-dd hh-mmtt}.log" -f (Get-Date),
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false)]
[string] $TargetFolder = "c:\Install",
# [string] $TargetFolder = $Env:Temp
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[bool] $WasInstalled = $false,
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[bool] $RebootRequired = $false,
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[string] $opt = "None",
[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)]
[bool] $HasInternetAccess = ([Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]'{DCB00C01-570F-4A9B-8D69-199FDBA5723B}')).IsConnectedToInternet)
)
Start-Transcript -path .\$strFilenameTranscript | Out-Null
$error.clear()
Clear-Host
Pushd
write-host " "
write-host "WARNING: Changing some options may require a Premium CAL for Exchange." -ForegroundColor Red
write-host " "
write-host "Choose Option 1 to choose the policy to modify - REQUIRED." -ForegroundColor Green
write-host " "
write-host " "
start-sleep 2
[string] $menu = @'
***********************************************************
Mobile Device Mailbox Policy
***********************************************************
(1) Choose which policy to modify - REQUIRED!
(2) Configure General Settings
(3) Configure Sync Settings
(4) Configure Device Settings
(5) Configure Password Policy
(6) Configure Device Applications
(7) Configure Device Features
(8) Configure File and SharePoint Access
(9) Configure Device SMIME
(99) Exit
Select an option.. [1-9 or 99]?
'@
[string] $menu2 = @'
***********************************************************
General Settings Sub Menu
***********************************************************
(1) Set IsDefault
(2) Change Policy Name
(3) Change the Device Policy Refresh Interval
(4) Change the Allow Non Provisionable Devices
(5) Exit to the main menu
Select an option.. [1-5]?
'@
[string] $menu4 = @'
***********************************************************
Configure Sync Settings Sub Menu
***********************************************************
(1) Configure AllowHTMLEmail
(2) Configure Max Attachment Size
(3) Configure Max Calendar Age Filter
(4) Configure Max Email Age Filter
(5) Configure Max Email Body Truncation Size
(6) Configure Max Email HTML Body Truncation Size
(7) Configure Attachments Enabled
(8) Configure Require Manual Sync When Roaming
(9) Exit to the main menu
Select an option.. [1-9]?
'@
[string] $menu5 = @'
***********************************************************
Configure Device Settings Sub Menu
***********************************************************
(1) Configure Allow Storage Card
(2) Configure Allow Camera
(3) Configure Allow Bluetooth
(4) Configure Allow WiFi
(5) Configure Allow Internet Sharing
(6) Configure Allow Remote Desktop
(7) Configure Allow Desktop Sync
(8) Configure Require Storage Card Encryption
(9) Exit to the main menu
Select an option.. [1-9]?
'@
[string] $menu6 = @'
***********************************************************
Confgure Password Policy Sub Menu
***********************************************************
(1) Configure Password Enabled
(2) Configure Allow Simple Password
(3) Configure Alphanumeric Password Required
(4) Configure Device Encryption Enabled
(5) Configure Password Expiration
(6) Configure Password History
(7) Configure Password Recovery Enabled
(8) Configure Require Device Encryption
(9) Configure MaxPassword Failed Attempts
(10) Configure Min Password Complex Characters
(11) Configure Min Password Length
(12) Configure Max Inactivity TimeLock
(13) Exit to the main menu
Select an option.. [1-13]?
'@
[string] $menu7 = @'
***********************************************************
Configure Device Applications Sub Menu
***********************************************************
(1) Configure Allow Browser
(2) Configure Allow Consumer Email
(3) Configure Allow Unsigned Applications
(4) Configure Allow Unsigned Installation Packages
(5) Configure Approved Application List
(6) Configure Unapproved InROM Application List
(7) Exit to the main menu
Select an option.. [1-7]?
'@
[string] $menu8 = @'
***********************************************************
Configure Device Features Sub Menu
***********************************************************
(1) Configure Allow External Device Management
(2) Configure Allow IrDA
(3) Configure Allow POP IMAP Email
(4) Configure Allow Text Messaging
(5) Configure Irm Enabled
(6) Exit to the main menu
Select an option.. [1-8]?
'@
[string] $menu9 = @'
***********************************************************
Configure File And Share Point Access Sub Menu
***********************************************************
(1) Configure UNC Access Enabled
(2) Configure WSS Access Enabled
(3) Exit to the main menu
Select an option.. [1-3]?
'@
[string] $menu10 = @'
***********************************************************
Configure Device SMIME Sub Menu
***********************************************************
(1) Configure Allow SMIME Encryption Algorithm Negotiation
(2) Configure Allow SMIME Soft Certs
(3) Configure Require Encrypted SMIME Messages
(4) Configure Require Encryption SMIME Algorithm
(5) Configure Require Signed SMIME Algorithm
(6) Configure Require Signed SMIME Messages
(7) Exit to the main menu
Select an option.. [1-7]?
'@
# Functions that configure each option for the mailbox policy
function AllowApplePushNotifications {
write-host " "
write-host "Allow Apple Push Notifications - Before:" -foregroundcolor green
$AllowApplePushNotification = $value.AllowApplePushNotifications
write-host 'AllowApplePushNotification = '$AllowApplePushNotification
write-host " "
write-host "Change Allow Apple Push Notifications Value? " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Apple Push Notifications to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowApplePushNotifications $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowApplePushNotifications $false }
write-host " "
write-host "Allow Apple Push Notifications - After:" -foregroundcolor cyan
$value = get-MobileDeviceMailboxPolicy;foreach ($line in $value) {$line.servername+","+$line.AllowApplePushNotifications}
}
} # End of AllowApplePushNotifications
# Device Settings Functions
function AllowStorageCard {
write-host " "
write-host "Allow Storage Card - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowStorageCard
write-host " "
write-host "Change Allow Storage Card Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Storage Card to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowStorageCard $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowStorageCard $false }
write-host " "
write-host "Allow Storage Card - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowStorageCard = $value.AllowStorageCard
$AllowStorageCard
}
} # End of AllowStorageCard
function AllowCamera {
write-host " "
write-host "Allow Camera - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowCamera
write-host " "
write-host "Change Allow Camera Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Camera to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowCamera $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowCamera $false }
write-host " "
write-host "Allow Camera - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowCamera = $value.AllowCamera
$AllowCamera
}
} # End of AllowCamera
function AllowBluetooth {
write-host " "
write-host "Allow Bluetooth - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowBluetooth
write-host " "
write-host "Change Allow Bluetooth Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Bluetooth to (d) Disable, (h) HandsfreeOnly or (a) Allow"
if ($answer -eq "d") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBluetooth Disable }
if ($answer -eq "h") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBluetooth Handsfreeonly }
if ($answer -eq "a") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBluetooth Allow }
write-host " "
write-host "Allow Bluetooth - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowBluetooth = $value.AllowBluetooth
$AllowBluetooth
}
} # End of AllowBluetooth
function AllowWiFi {
write-host " "
write-host "Allow WiFi - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowWiFi
write-host " "
write-host "Change Allow WiFi Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow WiFi to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowWiFi $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowWiFi $false }
write-host " "
write-host "Allow WiFi - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowWiFi = $value.AllowWiFi
$AllowWiFi
}
} # End of AllowWiFi
function AllowInternetSharing {
write-host " "
write-host "Allow Internet Sharing - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowInternetSharing
write-host " "
write-host "Change Allow Internet Sharing Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Internet Sharing to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowInternetSharing $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowInternetSharing $false }
write-host " "
write-host "Allow Internet Sharing - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowInternetSharing = $value.AllowInternetSharing
$AllowInternetSharing
}
} # End of AllowInternetSharing
function AllowRemoteDesktop {
write-host " "
write-host "Allow Remote Desktop - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowRemoteDesktop
write-host " "
write-host "Change Allow Remote Desktop Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Remote Desktop to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowRemoteDesktop $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowRemoteDesktop $false }
write-host " "
write-host "Allow Remote Desktop - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowRemoteDesktop = $value.AllowRemoteDesktop
$AllowRemoteDesktop
}
} # End of AllowRemoteDesktop
function AllowDesktopSync {
write-host " "
write-host "Allow Desktop Sync - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowDesktopSync
write-host " "
write-host "Change Allow Desktop Sync Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Desktop Sync to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowDesktopSync $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowDesktopSync $false }
write-host " "
write-host "Allow Desktop Sync - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowDesktopSync = $value.AllowDesktopSync
$AllowDesktopSync
}
} # End of AllowDesktopSync
function RequireStorageCardEncryption {
write-host " "
write-host "Require Storage Card Encryption - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).RequireStorageCardEncryption
write-host " "
write-host "Change Require Storage Card Encryption Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Require Storage Card Encryption to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireStorageCardEncryption $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireStorageCardEncryption $false }
write-host " "
write-host "Require Storage Card Encryption - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$RequireStorageCardEncryption = $value.RequireStorageCardEncryption
$RequireStorageCardEncryption
}
} # End of RequireStorageCardEncryption
# Configure Sync Settings
function AllowHTMLEmail {
write-host " "
write-host "Allow HTML Email - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowHTMLEmail
write-host " "
write-host "Change Allow HTML Email Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow HTML Email to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowHTMLEmail $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowHTMLEmail $false }
write-host " "
write-host "Allow HTML Email - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowHTMLEmail = $value.AllowHTMLEmail
$AllowHTMLEmail
}
} # End of AllowHTMLEmail
function MaxAttachmentSize {
write-host " "
write-host "Max Attachment Size - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).MaxAttachmentSize
write-host " "
write-host "Change Max Attachment Size Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Max Attachment Size"
get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MaxAttachmentSize $answer
write-host " "
write-host "Max Attachment Size - After:" -foregroundcolor cyan
(Get-MobileDeviceMailboxPolicy $policy).MaxAttachmentSize
}
} # End of MaxAttachmentSize
# DEVICE APPLICATIONS
function AllowBrowser {
write-host " "
write-host "Allow Browser - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowBrowser
write-host " "
write-host "Change Allow Browser Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Browser to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBrowser $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBrowser $false }
write-host " "
write-host "Allow Browser - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowBrowser = $value.AllowBrowser
$AllowBrowser
}
} # End of AllowBrowser
function AllowConsumerEmail {
write-host " "
write-host "Allow Consumer Email - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowConsumerEmail
write-host " "
write-host "Change Allow Consumer Email Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Consumer Email to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowConsumerEmail $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowConsumerEmail $false }
write-host " "
write-host "Allow Consumer Email - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowConsumerEmail = $value.AllowConsumerEmail
$AllowConsumerEmail
}
} # End of AllowConsumerEmail
function AllowUnsignedApplications {
write-host " "
write-host "Allow Unsigned Applications - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowUnsignedApplications
write-host " "
write-host "Change Allow Unsigned Applications Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Unsigned Applications to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowUnsignedApplications $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowUnsignedApplications $false }
write-host " "
write-host "Allow Unsigned Applications - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowUnsignedApplications = $value.AllowUnsignedApplications
$AllowUnsignedApplications
}
} # End of AllowUnsignedApplications
function AllowUnsignedInstallationPackages {
write-host " "
write-host "Allow Unsigned Installation Packages - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowUnsignedInstallationPackages
write-host " "
write-host "Change Allow Unsigned Installation Packages Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Unsigned Installation Packages to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowUnsignedInstallationPackages $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowUnsignedInstallationPackages $false }
write-host " "
write-host "Allow Unsigned Installation Packages - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowUnsignedInstallationPackages = $value.AllowUnsignedInstallationPackages
$AllowUnsignedInstallationPackages
}
} # End of AllowUnsignedInstallationPackages
function ApprovedApplicationList {
write-host " "
write-host "Approved Application List - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).ApprovedApplicationList
write-host " "
write-host "Change Approved Application List Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Approved Application List to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -ApprovedApplicationList $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -ApprovedApplicationList $false }
write-host " "
write-host "Approved Application List - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$ApprovedApplicationList = $value.ApprovedApplicationList
$ApprovedApplicationList
}
} # End of ApprovedApplicationList
function UnapprovedInROMApplicationList {
write-host " "
write-host "Unapproved In ROM Application List - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).UnapprovedInROMApplicationList
write-host " "
write-host "Change Unapproved In ROM Application List Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Unapproved In ROM Application List to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -UnapprovedInROMApplicationList $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -UnapprovedInROMApplicationList $false }
write-host " "
write-host "Unapproved In ROM Application List - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$UnapprovedInROMApplicationList = $value.UnapprovedInROMApplicationList
$UnapprovedInROMApplicationList
}
} # End of UnapprovedInROMApplicationList
# DEVICE Features
function AllowExternalDeviceManagement {
write-host " "
write-host "Allow External Device Management - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowExternalDeviceManagement
write-host " "
write-host "Change Allow External Device Management Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow External Device Management to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowExternalDeviceManagement $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowExternalDeviceManagement $false }
write-host " "
write-host "Allow External Device Management - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowExternalDeviceManagement = $value.AllowExternalDeviceManagement
$AllowExternalDeviceManagement
}
} # End of AllowExternalDeviceManagement
function AllowIrDA {
write-host " "
write-host "Allow IrDA - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowIrDA
write-host " "
write-host "Change Allow IrDA Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow IrDA to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowIrDA $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowIrDA $false }
write-host " "
write-host "Allow IrDA - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowIrDA = $value.AllowIrDA
$AllowIrDA
}
} # End of AllowIrDA
function AllowPOPIMAPEmail {
write-host " "
write-host "Allow POP IMAP Email - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowPOPIMAPEmail
write-host " "
write-host "Change Allow POP IMAP Email Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow POP IMAP Email to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowPOPIMAPEmail $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowPOPIMAPEmail $false }
write-host " "
write-host "Allow POP IMAP Email - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowPOPIMAPEmail = $value.AllowPOPIMAPEmail
$AllowPOPIMAPEmail
}
} # End of AllowPOPIMAPEmail
function AllowTextMessaging {
write-host " "
write-host "Allow Text Messaging - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowTextMessaging
write-host " "
write-host "Change Allow Text Messaging Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Text Messaging to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowTextMessaging $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowTextMessaging $false }
write-host " "
write-host "Allow Text Messaging - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowTextMessaging = $value.AllowTextMessaging
$AllowTextMessaging
}
} # End of AllowTextMessaging
function IrmEnabled {
write-host " "
write-host "Irm Enabled - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).IrmEnabled
write-host " "
write-host "Change Irm Enabled Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Irm Enabled to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -IrmEnabled $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -IrmEnabled $false }
write-host " "
write-host "Irm Enabled - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$IrmEnabled = $value.IrmEnabled
$IrmEnabled
}
} # End of IrmEnabled
# SMIME Section
function AllowSMIMEEncryptionAlgorithmNegotiation {
write-host " "
write-host "Allow SMIME Encryption Algorithm Negotiation - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowSMIMEEncryptionAlgorithmNegotiation
write-host " "
write-host "Change Allow SMIME Encryption Algorithm Negotiation Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow SMIME Encryption Algorithm Negotiation to (a) AllowAnyAlgorithmNegotiation, (b) BlockNegotiation or (o) OnlyStrongAlgorithmNegotiation"
if ($answer -eq "a") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMEEncryptionAlgorithmNegotiation AllowAnyAlgorithmNegotiation }
if ($answer -eq "b") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMEEncryptionAlgorithmNegotiation BlockNegotiation }
if ($answer -eq "o") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMEEncryptionAlgorithmNegotiation OnlyStrongAlgorithmNegotiation }
write-host " "
write-host "Allow SMIME Encryption Algorithm Negotiation - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowSMIMEEncryptionAlgorithmNegotiation = $value.AllowSMIMEEncryptionAlgorithmNegotiation
$AllowSMIMEEncryptionAlgorithmNegotiation
}
} # End of AllowSMIMEEncryptionAlgorithmNegotiation
function AllowSMIMESoftCerts {
write-host " "
write-host "Allow SMIME Soft Certs - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowSMIMESoftCerts
write-host " "
write-host "Change Allow SMIME Soft Certs Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow SMIME Soft Certs to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMESoftCerts $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMESoftCerts $false }
write-host " "
write-host "Allow SMIME Soft Certs - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowSMIMESoftCerts = $value.AllowSMIMESoftCerts
$AllowSMIMESoftCerts
}
} # End of AllowSMIMESoftCerts
function RequireEncryptedSMIMEMessages {
write-host " "
write-host "Require Encrypted SMIME Messages - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).RequireEncryptedSMIMEMessages
write-host " "
write-host "Change Require Encrypted SMIME Messages Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Require Encrypted SMIME Messages to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptedSMIMEMessages $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptedSMIMEMessages $false }
write-host " "
write-host "Require Encrypted SMIME Messages - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$RequireEncryptedSMIMEMessages = $value.RequireEncryptedSMIMEMessages
$RequireEncryptedSMIMEMessages
}
} # End of RequireEncryptedSMIMEMessages
function RequireEncryptionSMIMEAlgorithm {
write-host " "
write-host "Require Encryption SMIME Algorithm - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).RequireEncryptionSMIMEAlgorithm
write-host " "
write-host "Change Require Encryption SMIME Algorithm Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Require Encryption SMIME Algorithm to (t) TripleDES, (d) DES, (2128) RC2128bit, (264) RC264bit or (240) RC240bit"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm TripleDES }
if ($answer -eq "d") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm DES }
if ($answer -eq "2128") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm RC2128bit }
if ($answer -eq "264") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm RC264bit }
if ($answer -eq "240") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm RC240bit }
write-host " "
write-host "Require Encryption SMIME Algorithm - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$RequireEncryptionSMIMEAlgorithm = $value.RequireEncryptionSMIMEAlgorithm
$RequireEncryptionSMIMEAlgorithm
}
} # End of RequireEncryptionSMIMEAlgorithm
function RequireSignedSMIMEAlgorithm {
write-host " "
write-host "Require Signed SMIME Algorithm - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).RequireSignedSMIMEAlgorithm
write-host " "
write-host "Change Require Signed SMIME Algorithm Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Require Signed SMIME Algorithm to (s) SHA1 or (m) MD5"
if ($answer -eq "s") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEAlgorithm SHA1 }
if ($answer -eq "m") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEAlgorithm MD5 }
write-host " "
write-host "Require Signed SMIME Algorithm - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$RequireSignedSMIMEAlgorithm = $value.RequireSignedSMIMEAlgorithm
$RequireSignedSMIMEAlgorithm
}
} # End of RequireSignedSMIMEAlgorithm
function RequireSignedSMIMEMessages {
write-host " "
write-host "Require Signed SMIME Messages - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).RequireSignedSMIMEMessages
write-host " "
write-host "Change Require Signed SMIME Messages Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Require Signed SMIME Messages to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEMessages $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEMessages $false }
write-host " "
write-host "Require Signed SMIME Messages - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$RequireSignedSMIMEMessages = $value.RequireSignedSMIMEMessages
$RequireSignedSMIMEMessages
}
} # End of RequireSignedSMIMEMessages
# Configure General Setting
function isdefault {
write-host " "
write-host "Is Default - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).IsDefault
write-host " "
write-host "Change the IsDefault value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set IsDefault to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -isdefault $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -isdefault $false }
write-host " "
write-host "Is Default - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$IsDefault = $value.IsDefault
$IsDefault
}
} # End of IsDefault function
function Name {
write-host " "
write-host "Policy Name - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).Name
write-host " "
write-host "Change Policy Name? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "What is the new name for the policy"
get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -IsDefault $answer
write-host " "
write-host "Policy Name - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$name = $value.name
$name
}
} # End of Name funciton
function DevicePolicyRefreshInterval {
write-host " "
write-host "Device Policy Refresh Interval - Before:" -foregroundcolor green
Get-MobileDeviceMailboxPolicy $policy |ft DevicePolicyRefreshInterval
write-host " "
write-host "Change Device Policy Refresh Interval? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Enter a new Device Policy Refresh in this format [dd.hh:mm:ss]"
get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -DevicePolicyRefreshInterval $answer
write-host " "
write-host "Device Policy Refresh - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
Get-MobileDeviceMailboxPolicy $policy |ft DevicePolicyRefreshInterval
}
} # End of Device Policy Refresh
function AllowNonProvisionableDevices {
write-host " "
write-host "Allow Non Provisionable Devices - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowNonProvisionableDevices
write-host " "
write-host "Change Allow Non Provisionable Devices setting? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Require Signed SMIME Messages to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEMessages $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEMessages $false }
write-host " "
write-host "AllowNonProvisionableDevices - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
Get-MobileDeviceMailboxPolicy $policy |ft DevicePolicyRefreshInterval
$AllowNonProvisionableDevices
}
} # End of Non Provisional Devices
# Password Policy
function PasswordEnabled {
write-host " "
write-host "PasswordEnabled - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).PasswordEnabled
write-host " "
write-host "Change PasswordEnabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set PasswordEnabled to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordEnabled $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordEnabled $false }
write-host " "
write-host "PasswordEnabled - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$PasswordEnabled = $value.PasswordEnabled
$PasswordEnabled
}
} # End of PasswordEnabled
function AllowSimplePassword {
write-host " "
write-host "Allow Simple Password - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AllowSimplePassword
write-host " "
write-host "Change Allow Simple Password Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Allow Simple Password to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSimplePassword $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSimplePassword $false }
write-host " "
write-host "Allow Simple Password - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AllowSimplePassword = $value.AllowSimplePassword
$AllowSimplePassword
}
} # End of AllowSimplePassword
function AlphanumericPasswordRequired {
write-host " "
write-host "Alphanumeric Password Required - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).AlphanumericPasswordRequired
write-host " "
write-host "Change Alphanumeric Password Required Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Alphanumeric Password Required to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AlphanumericPasswordRequired $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AlphanumericPasswordRequired $false }
write-host " "
write-host "Alphanumeric Password Required - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$AlphanumericPasswordRequired = $value.AlphanumericPasswordRequired
$AlphanumericPasswordRequired
}
} # End of AlphanumericPasswordRequired
function DeviceEncryptionEnabled {
write-host " "
write-host "Device Encryption Enabled - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).DeviceEncryptionEnabled
write-host " "
write-host "Change Device Encryption Enabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Device Encryption Enabled to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -DeviceEncryptionEnabled $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -DeviceEncryptionEnabled $false }
write-host " "
write-host "Device Encryption Enabled - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$DeviceEncryptionEnabled = $value.DeviceEncryptionEnabled
$DeviceEncryptionEnabled
}
} # End of DeviceEncryptionEnabled
function PasswordRecoveryEnabled {
write-host " "
write-host "Password Recovery Enabled - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).PasswordRecoveryEnabled
write-host " "
write-host "Change Password Recovery Enabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Password Recovery Enabled to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordRecoveryEnabled $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordRecoveryEnabled $false }
write-host " "
write-host "Password Recovery Enabled - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$PasswordRecoveryEnabled = $value.PasswordRecoveryEnabled
$PasswordRecoveryEnabled
}
} # End of PasswordRecoveryEnabled
function RequireDeviceEncryption {
write-host " "
write-host "Require Device Encryption - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).RequireDeviceEncryption
write-host " "
write-host "Change Require Device Encryption Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Require Device Encryption to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireDeviceEncryption $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireDeviceEncryption $false }
write-host " "
write-host "Require Device Encryption - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$RequireDeviceEncryption = $value.RequireDeviceEncryption
$RequireDeviceEncryption
}
} # End of RequireDeviceEncryption
function PasswordExpiration {
write-host " "
write-host "Password Expiration - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).PasswordExpiration
write-host " "
write-host "Change Password Expiration Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Password Expiration to (u) Unlimited or [ddd.hh:mm:ss] day time format "
if ($answer -eq "u") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordExpiration unlimited }
if ($answer -ne "u") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordExpiration $answer }
write-host " "
write-host "Password Expiration - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$PasswordExpiration = $value.PasswordExpiration
$PasswordExpiration
}
} # End of PasswordExpiration
function PasswordHistory {
write-host " "
write-host "Password History - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).PasswordHistory
write-host " "
write-host "Change Password History Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Password History to a number between 0 and 50 "
get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordHistory $answer
write-host " "
write-host "Password History - After:" -foregroundcolor cyan
(Get-MobileDeviceMailboxPolicy $policy).passwordhistory
}
} # End of PasswordHistory
function MaxPasswordFailedAttempts {
write-host " "
write-host "Max Password Failed Attempts - Before:" -foregroundcolor green
$value = Get-MobileDeviceMailboxPolicy $policy
$value.MaxPasswordFailedAttempts
write-host " "
write-host "Change Max Password Failed Attempts Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
write-host " "
$answer = read-host "Set Max Password Failed Attempts to a number between 4 and 16"
if (($answer -lt 4) -or ($answer -gt 16)) {write-host " ";write-host "The number is too small or too large. Please try it again." -ForegroundColor red
} else { get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MaxPasswordFailedAttempts $answer }
write-host " "
write-host "Max Password Failed Attempts - After:" -foregroundcolor cyan
(Get-MobileDeviceMailboxPolicy $policy).MaxPasswordFailedAttempts
}
} # End of MaxPasswordFailedAttempts
function MinPasswordComplexCharacters {
write-host " "
write-host "Min Password Complex Characters - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).MinPasswordComplexCharacters
write-host " "
write-host "Change Min Password Complex Characters Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Min Password Complex Characters to a number between 1 and 4"
if ($answer -lt 5) {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MinPasswordComplexCharacters $answer }
if ($answer -gt 4) {write-host " ";write-host "The number is too large. Please try it again." -ForegroundColor red }
write-host " "
write-host "Min Password Complex Characters - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$MinPasswordComplexCharacters = $value.MinPasswordComplexCharacters
$MinPasswordComplexCharacters
}
} # End of MinPasswordComplexCharacters
function MinPasswordLength {
write-host " "
write-host "Min Password Length - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).MinPasswordLength
write-host " "
write-host "Change Min Password Length Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Min Password Length to a number between 1 and 16 "
if ($answer -lt 17) {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MinPasswordLength $answer
} else {write-host " ";write-host "The number is too large. Please try it again." -ForegroundColor red}
write-host " "
write-host "Min Password Length - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$MinPasswordLength = $value.MinPasswordLength
$MinPasswordLength
}
} # End of MinPasswordLength
function MaxInactivityTimeLock {
write-host " "
write-host "Max Inactivity Time Lock - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).MaxInactivityTimeLock
write-host " "
write-host "Change Max Inactivity Time Lock Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set Max Inactivity Time Lock to a timespan in hours, minutes and seconds[hh:mm:ss]"
get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MaxInactivityTimeLock $answer
write-host " "
write-host "Max Inactivity Time Lock - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$MaxInactivityTimeLock = $value.MaxInactivityTimeLock
$MaxInactivityTimeLock
}
} # End of MaxInactivityTimeLock
function UNCAccessEnabled {
write-host " "
write-host "UNC Access Enabled - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).UNCAccessEnabled
write-host " "
write-host "Change UNC Access Enabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set UNC Access Enabled to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -UNCAccessEnabled $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -UNCAccessEnabled $false }
write-host " "
write-host "UNC Access Enabled - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$UNCAccessEnabled = $value.UNCAccessEnabled
$UNCAccessEnabled
}
} # End of UNCAccessEnabled
function WSSAccessEnabled {
write-host " "
write-host "WSS Access Enabled - Before:" -foregroundcolor green
(Get-MobileDeviceMailboxPolicy $policy).WSSAccessEnabled
write-host " "
write-host "Change WSS Access Enabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
if ($set -eq "y") {
$answer = read-host "Set WSS Access Enabled to (t) True or (f) False"
if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -WSSAccessEnabled $true }
if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -WSSAccessEnabled $false }
write-host " "
write-host "WSS Access Enabled - After:" -foregroundcolor cyan
$value = Get-MobileDeviceMailboxPolicy $policy
$WSSAccessEnabled = $value.WSSAccessEnabled
$WSSAccessEnabled
}
} # End of WSSAccessEnabled
# Each sub menu - which call the above functions
function ConfigureGeneralSettings {
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu2
switch ($opt) {
1 {IsDefault}
2 {Name}
3 {DevicePolicyRefreshInterval}
4 {AllowNonProvisionableDevices}
5 {$opt = 5}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 5)
}
function ConfigureSyncSettings {
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu4
switch ($opt) {
1 {AllowHTMLEmail}
2 {MaxAttachmentSize}
3 {MaxCalendarAgeFilter}
4 {MaxEmailAgeFilter}
5 {MaxEmailBodyTruncationSize}
6 {MaxEmailHTMLBodyTruncationSize}
7 {AttachmentsEnabled}
8 {RequireManualSyncWhenRoaming}
9 {$opt = 9}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 9)
}
function ConfigureDeviceSettings {
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu5
switch ($opt) {
1 { AllowStorageCard }
2 { AllowCamera }
3 { AllowBluetooth }
4 { AllowWiFi }
5 { AllowInternetSharing }
6 { AllowRemoteDesktop }
7 { AllowDesktopSync }
8 { RequireStorageCardEncryption }
9 {$opt = 9}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 9)
}
function ConfgurePasswordPolicy {
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu6
switch ($opt) {
1 {PasswordEnabled}
2 {AllowSimplePassword}
3 {AlphanumericPasswordRequired}
4 {DeviceEncryptionEnabled}
5 {PasswordExpiration}
6 {PasswordHistory}
7 {PasswordRecoveryEnabled}
8 {RequireDeviceEncryption}
9 {MaxPasswordFailedAttempts}
10 {MinPasswordComplexCharacters}
11 {MinPasswordLength}
12 {MaxInactivityTimeLock}
13 {$opt = 13}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 13)
}
function ConfigureDeviceApplications {
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu7
switch ($opt) {
1 {AllowBrowser}
2 {AllowConsumerEmail}
3 {AllowUnsignedApplications}
4 {AllowUnsignedInstallationPackages}
5 {write-host "Not ready";# ApprovedApplicationList
}
6 {write-host "Not ready";# UnapprovedInROMApplicationList
}
7 {$opt = 7}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 7)
}
function ConfigureDeviceFeatures {
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu8
switch ($opt) {
1 {AllowExternalDeviceManagement}
2 {AllowIrDA}
3 {AllowPOPIMAPEmail}
4 {AllowTextMessaging}
5 {IrmEnabled}
6 {$opt = 6}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 6)
}
function ConfigureFileAndSharePointAccess {
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu9
switch ($opt) {
1 {UNCAccessEnabled}
2 {WSSAccessEnabled}
3 {$opt = 3}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 3)
}
function ConfigureDeviceSMIME {
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu10
switch ($opt) {
1 {AllowSMIMEEncryptionAlgorithmNegotiation}
2 {AllowSMIMESoftCerts}
3 {RequireEncryptedSMIMEMessages}
4 {RequireEncryptionSMIMEAlgorithm}
5 {RequireSignedSMIMEAlgorithm}
6 {RequireSignedSMIMEMessages}
7 {$opt = 7}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 7)
}
Do {
if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}
$opt = Read-Host $menu
switch ($opt) {
1 {write-host " "; write-host "Current Mobile Device Mailbox Policies:" -ForegroundColor cyan;(Get-MobileDeviceMailboxPolicy).name
write-host " ";write-host "Which policy would you like to modify? "-ForegroundColor green -NoNewline
$policy = read-host
$value = Get-MobileDeviceMailboxPolicy $policy
}
2 { cls;ConfigureGeneralSettings }
3 { cls;ConfigureSyncSettings }
4 { cls;ConfigureDeviceSettings }
5 { cls;ConfgurePasswordPolicy }
6 { cls;ConfigureDeviceApplications }
7 { cls;ConfigureDeviceFeatures }
8 { cls;ConfigureFileAndSharePointAccess }
9 { cls;ConfigureDeviceSMIME }
99 {# Exit
popd
$path = (Get-Item -Path ".\" -Verbose).FullName
write-host " "
write-host "Changes made are tracked in the Transcript file here: " -NoNewline
write-host "$path\$strFilenameTranscript" -ForegroundColor green
write-host " "
Write-Host "Exiting..." -ForegroundColor Red
write-host " "
Stop-Transcript
}
default {Write-Host "You haven't selected any of the available options. "}
}
} while ($opt -ne 99)
