It’s always difficult to protect sensitive emails being leaked out from any organization. In order to avoid this there are few things that can be blocked on the global settings from the server end.
If we have the auto forwarding and autoreply option enabled on the default remote domain then any users can create an external contact in his local outlook profile and then he can forward all his emails to his external ids. Here is the possibility again where sensitive data being leaked out from organization.
The default remote domain will have autoforward and autoreply disabled . That is the recommended configuration.
We need to disable the autoforwarding, autoreply option in the default remote domain. If in case if we are forwarding any emails to trusted partners or vendors through any application we can specifically create a custom remote domain for them and enable auto forwarding for that particular remote domain alone. By doing this no end users will be able to redirect, forward or forwardas attachment their internal emails to their external ID’s.
We can check that by running the below command
Get-RemoteDomain | ft Auto*
If it is enabled run the below commands to disable them
Set-RemoteDomain -Identity default -AutoForwardEnabled $false Set-RemoteDomain -Identity default -Autoreplyenabled $false
Recently I was looking for a solution for this kind of issue and came up with an idea of a script that can be used to pull out users who have redirect, forward or forwardas attachment options enabled in their outlook rules.
I have created a script which can be used to pull out this kind of information. The below script will run on all mailboxes in entire organization and will pull out users who have external rules set, and then it will send an email to administrator in CSV format by which he can see who all has this option enabled.
***************************************************
Set-Adserversettings -viewentireforest $true
foreach ($mbx in (Get-Mailbox -ResultSize unlimited)) { Get-InboxRule -Mailbox $mbx.DistinguishedName | where {($_.ForwardTo -ne $null) -or ($_.redirectto -ne $null) -or ($_.forwardasattachment -ne $null)} | select MailboxOwnerID,Name,ForwardTo | export-csv d:\ForwardRule.csv} -Notypeinformation
Send-MailMessage -To alias@domain.com -cc alias@domain.com -From anyid@domain.com -Subject “Forward To” -Attachments d:\ForwardRule.csv -SmtpServer specifytransportserver
*******************************************************
Copy the above text in a notepad and then save them as ps1. Navigate to the location where you saved it and then you can execute the command
Things you need to modify in the above script
Set the drive location for the csv file in a place where you wish to save.
For sending email in the to and cc field give user for whom you need this report to be sent
From address specify the address from where it needs to be sent and give the mailbox server as smtp server if it’s 2013 or hub server if it is 2010 or 2007.
Here is the example
Just copy the code in text file and save it in ps1 format.
navigated to the location and ran.
Received the email
When we open the csv file the output is displayed for users who have forwardto,redirectto and forwardasattachment option set in outlook rules for external id’s.
Note:
This command pulls out rules from user’s mailbox only if they are enabled. If the user has a rule created and if he has disabled it temporarily then it won’t fetch that information.
Thanks
Sathish Veerapandian
MVP – Exchange Server
Good one Bro.. Just a small update to the PowerShell script.. When you generate the report for obtaining ForwardTO results change the current object in the above shell to @{Name=”ForwardTo”;Expression={$_.ForwardTo}} to get the complete result … Also you can include the NoTypeInformation swtich to the csv report generation which makes the report look nice with the required data.
LikeLike
Hi Ravi,
Thanks for your reply ..I have already tried the first suggestion (@{Name=”ForwardTo”;Expression={$_.ForwardTo}} ) .
It will work perfectly fine if we pull out information only for forwardTo parameter
But combined parameter with redirectto ,forwardasatachment and forwardto will not work. My combined script will work fine . You can paste me the screenshots if you come across any errors in my script and its much appreciated.
It would be great if you could give me an example of an csv report which makes to look nice with required data with the parameter notypeinformation which end user’s could understand.
LikeLike
Bro, I updated this only for the ForwardTo parameter which i use for a multi value property to get the output in a proper format in my scripts and not for the other ones 🙂 Yours is all good just shared this thought as an add-on. To know more on notype information I referred check this blog post http://blogs.technet.com/b/heyscriptingguy/archive/2011/09/23/use-powershell-to-work-with-csv-formatted-text.aspx Thanks 🙂
LikeLike
Hey Ravi
Command updated with notypeinformation to remove the system string value. Thanks a lot for your addon Buddy. Much appreciated 🙂
LikeLike