I've been tasked with restricting all of our 1500 users from using IMAP or POP3, except for users in one OU, who will have access to these protocols. We're in a mixed E2k3 / E2k7 org, Win2k3 AD. I know you can select everyone in an OU in ADUC,right-click and choose Exchange Tasks - ManageExchange Features is one of the choices; you can do on everyone at once in that OU. Not too hard; we have about 20 - 30 OUs with users in them, that's managable. But - does anyone have a ready-made script that could do this? Part 2 - anyone know of a way to make new users have these 2 protocols DISabled by default at creation? or are we stuck running a script every week to disable hew-hires that were created by HelpDesk that past week? Thanks in advance.

Well... it's easyin Exchange 2007 but bit difficult in Exchange 2003... In Exchange 2007 that can be done for all users on a server with below command. (giving you example for POP only, same can be done for IMAP) Code SnippetGet-Mailbox -Server "ServerName" | Set-CASMailbox -POPEnabled $false You can enable it for users which are in OU "POPEnabled" with below command and same can be written in script for multiple OUs... Code Snippet Get-Mailbox | Where-Object {($_.Identity -like 'Contoso.com/POPEnabled/*') -and ($_.ExchangeVersion -like '0.1*')} | Set-CASMailbox -POPEnabled $True PART 2: It can not be set Disabled by default while creating new users but as you told, it can be scheduled with a script to run every midnight (or every week)... Code Snippet Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin Get-User -ResultSize Unlimited | Where {($_.WhenCreated -gt (get-date).adddays(-1))} | Set-CASMailbox -POPEnabled $false Regarding how to schedule a script, point 3 in below article can be checked. Exchange 2007 & Display Name Format Note: This article is for another issue but method of scheduling above script can be referred from it. Hope this helps...

Thanks very much Amit - great info: I will use it. Does anyone have suggestions to help with E2k3, which is where the vast majority of our users are located? Again - Thanks in advance.

Hi, For exchange 2003 users, we can disable the pop3 and imap4 by using Admodify: Using ADModify to Change Exchange Specific AD User Attributes in Bulk http://www.msexchange.org/articles/ADModify-Change-Exchange-Specific-AD-User-Attributes.html For new users with pop3 disabled, we can use the following workaround: ++++++++++++++++++++++++++++++++++++++++++++++++++++ Create a user account in Active Directory Users and Computers and in the account properties, on the Exchange Features tab, set the POP3/IMAP4 to Disabled and save the changes to the account. When you want to create any future users that do not have access to POP3/IMAP4, simply right click on the account in Active Directory Users and Computers and select Copy then fill out the appropriate user account information and mailbox. The new user account will be set with POP3/IMAP4 protocol disabled just like the template account you copied it from. Mike