Every organization has legal or ethical obligations
that require the enforcement of rules around electronic communications.
Many of these situations can be damaging to organizations and pose legal
risks that can cost the organization a lot of money. Sometimes it's
necessary to implement some form of monitoring or restriction to limit
the damage to the company and to protect the people involved.
1. Perform Basic Message Policy Configuration
Exchange Server 2010 is
very flexible in how policies can be applied to messages and what
actions can be taken based on those policies. The underlying engine for
enforcing policies on messages at a basic level is the transport rule.
In this section, I'll help you understand what transport rules are and
show you how to configure basic rules based on predefined criteria
inside Exchange.
1.1. Understand Transport Rules
When a message is sent by a
user in Exchange, it always passes through a Transport server. This
occurs even when the mailboxes are on the same server or even in the
same database. This design helps ensure that all messages flowing
through an organization run through a common process before being
delivered.
When a Transport server
processes a message, it can apply transport rules to the message.
Transport rules allow specific policies to be applied to messages, and
an action can be taken based on those policies. For example, you could
create a transport rule that notifies Bob's manager when Bob sends an
email to Joe. You can even have more complex transport rules that do
things such as filter information based on certain keywords contained in
the message.
You can create transport
rules for both Hub Transport and Edge Transport servers. In Exchange
Server 2010, transport rules created for Hub Transport servers exist at
the organization level. These rules are replicated to every Hub
Transport server, and each server applies them to messages that flow
through its transport pipeline. This ensures that you don't have to
configure transport rules separately on each Hub Transport server.
When you create a
transport rule on an Edge Transport server, the rule is stored in the
server's Active Directory Lightweight Directory Service store and only
applies to that server. Edge servers do not replicate transport rules.
1.2. Configure Transport Rules
Transport rules are flexible
and you can create rules to meet a variety of conditions. To illustrate
how to create and customize a transport rule, I'm going to walk you
through the process of creating a rule that notifies Bob Jones's
manager, John Morris, when Bob sends an email to anyone in a competitor
organization name Fabrikam Motors.
Open the EMC and browse to the Organization Configuration => Hub Transport node in the Console tree.
In the Actions pane, click the New Transport Rule action. This launches the New Transport Rule wizard.
In the Introduction screen, type a name for the Transport Rule in the Name field. Click Next to continue.
In
the Conditions dialog box, select the conditions that cause this rule
to be applied. In this example, I will select the From People condition
and the When A Specific Recipient's Address Contains Specific Words
condition.
When you
select these conditions, they are added to the text box in the bottom
half of the dialog box. You can click on the blue, underlined text in
this box to specify the conditions that the rule must match. For
example, click on the term "people" to select the people who will
trigger this rule. Figure 1 illustrates how I have configured the conditions for our example scenario.
After you have set the conditions, click the Next button.
On
the Actions screen, you will determine what actions are taken on the
message. When you select an action from the list, the action is added
into the rule description text box below it.
In
this scenario, I added the action Add The Sender's Manager As A
Specific Recipient Type and adjusted the recipient type to BCC in the
rule description field, as shown in Figure 2.
NOTE
In this example,
the transport rule determines who Bob's manager is based on his account
in Active Directory. I could have also defined John Morris as a specific
BCC'd recipient on the message if I'd wanted to.
Click the Next button to continue after setting up your actions.
On
the Exceptions screen, you can define an exception for this rule. For
example, there may be cases when you don't want this rule to apply. This
example will not use any exceptions. Click Next to continue.
At the Create Rule screen, click New to create the rule.
On the Completion screen, click Finish to complete the process and close the wizard.
1.3. Disable Transport Rules
You can temporarily
suspend the application of a transport rule by disabling it. Disabling
the rule keeps the rule in place but ensures that it's not applied to
any users. To disable a transport rule in EMC, follow these steps:
Open the EMC and browse to the Organization Configuration => Hub Transport node in the Console tree.
In the Work area, select the Transport Rules tab. A list of current transport rules is displayed.
Select the transport rule that you want to disable.
In the Actions pane, click the Disable Rule task under the Action menu for the rule that you selected. This is shown in Figure 3.
You will get a warning dialog box, asking you if you are sure that you want to disable the rule. Click Yes to continue.
You can also disable a transport rule using the Disable-TransportRule cmdlet in the EMS. The following example demonstrates this command:
Disable-TransportRule "Potential Leak" -Confirm:$false
