Using system policies to manage Exchange

System policies are like recipient policies, except better. They allow you to implement policies across your entire organization without having to touch each individual store.

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.


Have you ever tried to implement mailbox quotas in an Exchange organization? If so, you know you have to apply them separately to each individual Information Store. Unfortunately, this limitation doesn't just apply to mailbox quotas. Most policies in Exchange have to be applied individually at the mailbox store, public folder store or server level.

This isn't a big deal for smaller companies. (After all, what does it matter if mailbox quotas have to be applied individually to each Information Store if you've only got one Information Store?) But it can create an unnecessary burden for Exchange administrators at larger companies.

An enterprise-grade Exchange organization can contain dozens of servers with up to 20 different stores on each. If you are an administrator in an organization of that size, do you really want to have to apply policies individually to every single store?

Not only does creating the policies become tedious work, there is a good chance that a store might be accidentally skipped. Furthermore, as your company's security needs change, you might find yourself having to go back and make frequent changes to the policies you worked so hard to create.

Fortunately, there is a better way.

Exchange allows you to create system policies. System policies are similar to recipient policies, except that a system policy can apply to mailbox stores, public folder stores or to servers.

Let's suppose, for example, you want to implement mailbox quotas across your entire organization. Rather than assigning the mailbox quotas to each mailbox store individually, you could create a system policy that would contain the quotas, and then assign the system policy to the necessary storage groups.

Yes, it is almost as much work to assign the mailbox stores to the new system policy as it would be to just apply the mailbox quotas directly to the mailbox stores. However, once you have associated your mailbox stores with a system policy, you don't have to do it ever again (unless you want to add or remove a store).

So although the initial setup is time-consuming, maintenance is a breeze. If you ever want to modify the quota limit or add other restrictions to the policy, you can do it in one place rather than having to apply it individually to each store.

How to create a system policy:

  1. Open Exchange System Manager.

  2. Right click on your administrative group and select New -> System Policy Container. Exchange will create a folder named System Policies beneath your administrative group.

  3. Now, right click on the System Policies folder and select New -> Mailbox Store Policy. (You can also use this operation to create a public store policy or a server policy.)

  4. After you tell Exchange you want to create a mailbox store policy, you will see a screen asking which property pages you want the new policy to contain. I recommend selecting all of them.

    Remember, just because you select a property page doesn't mean you have to use it. Besides, choosing all of the property pages up front will keep you from having to create another system policy later if your needs change.

    Make your selections and click OK. You will then see an empty properties sheet that looks a lot like a mailbox store properties sheet.

  5. Enter a name for the policy on the General tab. I recommend using a name that describes the policy's function. (If you were implementing mailbox quotas, you would select the Limits (Policy) tab and fill in the desired quotas at this point as well.)

  6. Click OK, and the new policy will be created.

    Although you have created the new policy, you still have to apply it to the necessary mailbox stores.

  7. Right click on the new system policy (found in Exchange System Manager beneath the System Policies container) and select Add Mailbox Store.

  8. Now enter the name of the mailbox stores that you want to place under control of the new policy.

In case you are wondering, it is possible to add a mailbox store to multiple system policies. If a conflict results, Exchange will inform you that one of the policies overrides the other.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.


Do you have comments on this tip? Let us know.
This was first published in April 2005

Dig deeper on Microsoft Exchange Server Information Store

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close