Announcement

Collapse
No announcement yet.

how to disable OAB in Exchange 2007

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to disable OAB in Exchange 2007

    This may be a silly question, but how do I disable OAB in Exchange 2007? The company I work for does not want OAB to be an option, I believe I can block downloading of OAB in GPO, but I would like to completely disable the creation of OABs if possible.

  • #2
    Re: how to disable OAB in Exchange 2007

    The only question I have to ask is why?

    I suspect someone in the company doesn't understand its role.
    Do you not have ANY laptops at all?
    There will be no offline working at all? Even by the CEO?

    To answer your question, the OAB generation cannot be disabled. It will always occur. The most you could do is change Outlook to to use live information rather than the OAB, but that could have an impact on the performance of the server (depending on how many users).

    However I am most curious as to why someone would want to disable the OAB.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: how to disable OAB in Exchange 2007

      They do not want address book information downloaded to laptops

      Comment


      • #4
        Re: how to disable OAB in Exchange 2007

        If you do that, then Outlook will be useless on laptops unless the laptop is connected to the internet and you are allowing remote access to Exchange (RPC over HTTPS), VPN etc. Then the "benefit" of blocking OAB access has gone.

        If they are simply looking to stop the GAL from getting outside the company, then they are wasting their time. It will get out no matter what they do.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: how to disable OAB in Exchange 2007

          Originally posted by Sembee View Post
          If you do that, then Outlook will be useless on laptops unless the laptop is connected to the internet and you are allowing remote access to Exchange (RPC over HTTPS), VPN etc. Then the "benefit" of blocking OAB access has gone.

          If they are simply looking to stop the GAL from getting outside the company, then they are wasting their time. It will get out no matter what they do.

          Simon.
          Thank you for the reply. I believe they are indeed looking to stop the GAL from getting outside the company. You stated that it will get out no matter what they do - is this because of the GAL in OWA and GAL availablility via RPC over HTTPS and VPN, yes? I think thier reasoning is "ok to access those ways but don't want local copy of GAL on laptops"

          Comment


          • #6
            Re: how to disable OAB in Exchange 2007

            Hi there,

            I think we can achieve this functionality by adding the "Deny" AD Permission OR removing the existing permission for Authenticated users from the OAB object. For Ex

            Get-GlobalAddressList 'Default Global Address List' | Add-ADPermission -User 'Authenticated Users' -AccessRights GenericRead -ExtendedRights Open-Address-Book -Deny:$True";

            This command will deny the access to Default GAL for all authenticated users. Try this for your required OAB.

            best regards,
            Laeeq Qazi

            Comment


            • #7
              Re: how to disable OAB in Exchange 2007

              Originally posted by kedarroy View Post
              Thank you for the reply. I believe they are indeed looking to stop the GAL from getting outside the company. You stated that it will get out no matter what they do - is this because of the GAL in OWA and GAL availablility via RPC over HTTPS and VPN, yes? I think thier reasoning is "ok to access those ways but don't want local copy of GAL on laptops"
              This is a waste of time. Seriously. Someone needs to knock some sense in to whoever wants this.
              If the users can read the GAL then they can export it. If they have live access to it then there is nothing to stop the users from exporting it.
              Or if they can access their email but not the OAB, then all that will happen is the users will right click on the GAL entries and choose Add to Address Book and keep their own copy of the GAL. I had this happen at a client because the OAB wasn't working properly, and even after I had fixed the GAL they continued to do it.
              I also think there will be further implications - it wouldn't surprise me if other functionality of Exchange will fail - the Free/Busy data immediately springs to mind.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: how to disable OAB in Exchange 2007

                I have to agree with Sembee here. You need to find out why they want to restrict access. If it is for specific accounts then they can be hidden. If it is just to stop people being able to see peoples email addresses then you can tell them it is easy to work it out from a single address (i.e. [email protected] as an email means it is likely that Daniel's email is [email protected] )
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment

                Working...
                X