Exchange 2013 DLP Testing - Allowing Social Security numbers

Similar Messages

• Format columns for phone #, social security numbers?

  How can I format a column (or row) to contain phone numbers (1-123-456-7890)
  or social security numbers (123-45-6789)?

  Try - Cells Inspector > Cell Format > Custom.
  This was a quickie try with no extensive testing, so I bet you could do better. This format will take a 10-digit number and format it as shown.
  Have fun,
  Jerry

• Instlaling exchange 2013 for testing purposes

  i would like to start testing exchange 2013. That why i installed a virtual member server on my workstation but i am confused concerning the network cards.
  What should i do, add an extra network card that connects through nat to my isp?

  Hello,
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  I'm marking the reply as answer as there has been no update for a couple of days.
  If you come back to find it doesn't work for you, please reply to us and unmark the answer.
  Cara Chen
  TechNet Community Support

• Exchange 2013 DLP with Exchange 2010 mailboxes

  Ive got an Exchange 2007/2010 environment. I've been looking at Exchange 2013 and am interested in the DLP funtionality.
  There are no plans to move mailboxes to Exchange 2013 but would it be possible to install an Exchange 2013 CAS/Mailbox server in my environment and route email through it to make use of the DLP ?
  Current environment consists of Exchange 2010 DAG, Casarray and hub transport servers, and Exchange 2007 mailbox servers, CAS and hub transports. Mail to the internet is sent to a smarthost.
  Thank you.

  Hi Maria,
  DLP Policies are actually a specific transport rule. Since the transport rules with Exchange 2010 didn’t provide such feature to monitor and check the e-mail
  content, I am afraid, in theory, it’s not possible.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Social Security Numbers - How can these be encrypted?

  Is it possible to encrypt the employee's social security number at the database level?
  If so, how is this configured? Do you use SAPCRYPTOLIB like you do credit card numbers?
  Or, do you have to purchase a third-party product?
  Side question: Is it configurable to mask the social security number on the screens, or is it necessary to use screen exits?
  Thank You

  > Hi
  >
  > We can mask the field thru table V_T588M.  Check the
  > module pool of the infotype by pressing F1 in the
  > field - then check tools - pick the field of program
  > name (first field).
  >
  > When we enter into this table(V_T588M), it will ask
  > for the module pool.  Give the number picked above,
  > then it takes you to that infotype screen fields.
  >  Just see the particular field & make it as hide.
  >
  > Ur problem will be solved.
  >
  > Sirisha
  Sirisha -
  I do not want to hide the field - just mask some of the numbers.
  For example, the SSN should display as XXX-XX-1234.
  I don't see that you can do this with V_T588M.

• Exchange 2013 - The name of the security certificate is invalid or does not match the name of the site

  Hi,
  I know this question has been asked a ton of times, but I haven't found any instance of this question asked for exchange 2013.  Yes, I've seen Exchange 2010, Exchange 2007, but not Exchange 2013.  The symptoms are all similar.  Here is a description:
  1 Exchange 2013 server, all roles installed.
  External domain name:  associates.com
  Internal AD domain name:  associates.local
  Client installed a third party SSL certificate, but did not purchase a SAN or UC certificate, so there is one namespace on the SSL cert, and that represents the external OWA name:  mail.associates.com
  Now, when internal OUtlook 2010 clients start, they get the "The name of the security certificate is invalid or does not match the name of the site."
  I'm just wondering if http://support.microsoft.com/kb/940726 still applies to Exchange 2013 to fix this issue.  Does this article apply to Exchange 2013?  If so, I will follow the above
  article.  If not, please direct me to any articles for Exchange 2013 that addresses this.
  the autodiscoverserviceuri points to: 
  https://netbiosnameofmailserver.associates.local/Autodiscover/Autodiscover.xml
  Thanks!
  A

  Yes, the http://support.microsoft.com/kb/940726 still applies to Exchange2013.
  As per my understanding on this post;
  - Poster's Exchange2013 has no SAN certificate.. (usually used for local address like; NETBIOS.Domain.lan).  Be reminded that SSL providers will no longer accepts .LAN or .LOCAL in very near future.
  - By default it uses local url for EWS, Autodiscover, etc.. (if you don't have SAN certificate installed in your CAS server, you would see the certi warning)
  Anyway, I just want to share my case after applying the said work around long time ago (maybe some of you might encounter it as well): my Outlook still showed the certificate warning (I was just keep clicking the YES button).. I was wondering
  that time what was wrong with my virtual directory settings.. until I decided to click "NO" for an answer to that certificate warning message, then voila! it didn't bug me anymore.  Oh by the way, the certificate warning usually give you a hint
  what triggers it like; "autodiscover.Domain.lan" on the first line of message, but in my case it just "NETBIOS.Domain.lan" (didn't make any sense, did it?).. Well, unfortunately I didn't have the chance to figure out what triggered that event.. 

• Authorization to Social Security Numbers

  We need to for SOX compliance remove view access of Social Security number from all Time Administrators.  I have changed all headers on Time entry info types removing the SSN.    We have found that without some access to info type 002 (Personnel Data) Time Evaluation will not run and TA have no search access to employees.  Any knowledge you can pass on for this problem would be greatly appreciated.

  > Hi
  >
  > We can mask the field thru table V_T588M.  Check the
  > module pool of the infotype by pressing F1 in the
  > field - then check tools - pick the field of program
  > name (first field).
  >
  > When we enter into this table(V_T588M), it will ask
  > for the module pool.  Give the number picked above,
  > then it takes you to that infotype screen fields.
  >  Just see the particular field & make it as hide.
  >
  > Ur problem will be solved.
  >
  > Sirisha
  Sirisha -
  I do not want to hide the field - just mask some of the numbers.
  For example, the SSN should display as XXX-XX-1234.
  I don't see that you can do this with V_T588M.

• Exchange 2013 Health Mailbox filling up security logs

  I'm doing security audits and having the Exchange 2013 Health Mailbox fill up my security logs.  I've read that if I delete the mailboxes and re-create them and restart the service the errors will go away.  My question is how do I delete them?
   I found the full mailbox name with this command.  
  get-mailbox -monitoring | select-object -expandproperty name
  Do I use this method?
  Remove-Mailbox -Identity contoso\johnor this one?Remove-Mailbox -Identity contoso\john -Permanent $trueOr something else?
  Thanks!
  Fernando

  I did help on the setup in Exchange server folder.  Looks like prepares Active Directory forest for Exchange Install.  /PrepareAD, /p  So this is what I'm supposed to run?
  C:\Program Files\Microsoft\Exchange Server\V15\Bin>setup /?
  Welcome to Microsoft Exchange Server 2013 Cumulative Update 3 Unattended Setup
  For detailed help, type one of the following options:
    Setup /help:Install         - Install Exchange server roles.
    Setup /help:Upgrade         - Upgrade an existing Exchange server.
    Setup /help:Uninstall       - Uninstall Exchange server roles.
    Setup /help:RecoverServer   - Recover an existing Exchange server.
    Setup /help:PrepareTopology - Prepare your topology for Exchange.
    Setup /help:Delegation      - Delegate server installations.
    Setup /help:UmLanguagePacks - Add or remove Unified Messaging
                                  language packs.
  C:\Program Files\Microsoft\Exchange Server\V15\Bin>Setup /help:PrepareTopology
  Welcome to Microsoft Exchange Server 2013 Cumulative Update 3 Unattended Setup
  Microsoft Exchange Server 2013 Setup Parameter Help
  Prepare Topology Usage:
      Setup /PrepareAD [<OptionalParameters>]
        /IAcceptExchangeServerLicenseTerms
      Setup /PrepareSchema [<OptionalParameters>]
        /IAcceptExchangeServerLicenseTerms
      Setup /PrepareDomain [<OptionalParameters>]
        /IAcceptExchangeServerLicenseTerms
      Setup /PrepareDomain:<domainA, domainB> [<OptionalParameters>]
        /IAcceptExchangeServerLicenseTerms
      Setup /PrepareAllDomains [<OptionalParameters>]
        /IAcceptExchangeServerLicenseTerms
  --Prepare Topology Required Parameters--
  /PrepareAD, /p
      Prepares the Active Directory forest for the Exchange
      installation.
  Fernando

• Why does Firefox remember Social Security numbers?

  I do not think this is normal operation, so I am unsure if this is Firefox's fault or the website's fault. I was just doing something on Paypal.com and when it came time to fill in my social security number, it had "suggestions" pop up under the fields with my SSN that it remembered before. Things like SS# and credit card numbers should not be remembered like this because it's a major security issue for if someone else uses my computer.
  I do not want to disable remembering fields entirely because that feature is useful to me. Names, addresses, phone numbers, emails, is all okay to be auto-filled in, but not something as extremely sensitive as SS#'s.
  Again, sorry if this is Paypal's fault. I will be contacting them instead if it is.
  Thank you for any information you can provide.

  SSN's might get stored as part of '''form history''' and not recognized as such, depending upon how the Field Name of the on-page form is labeled. Clear your '''Form and Search History''' or don't save that data to begin with.
  https://support.mozilla.org/en-US/kb/remove-recent-browsing-search-and-download-history
  Or get in the habit of opening a New Private Window when confronted with the need to insert SSN's which might get saved in Form History.

• Exchange 2013 Sp1 Test-PopConnectivity issues in coexistence

  I'm having issues with Pop3 in a coexistence environment with 2007. The 2013 roles are split- cas servers and mailbox servers.
  If I run "Test-PopConnectivity -ClientAccessServer:cas01 -MailboxCredential:(Get-Credential domain\test.exchange) |fl"
  I get the error "Service MSExchangePOP3 was not found on <mailboxserver>" and a DR Watson is created.
  Ok I know there is a front end and a back end component to Pop3. This error is expecting to find the front end component on a mailbox server? So is it just an issue because the roles are split or is it to do with proxying through the CAS not being enabled?
  Pop3 does not use a send connector- just a receive connector right? So how would it Proxy- if it does
  Confused
  Tony

  Hi,
  Is “cas01” the front end server?
  Did you use the exchange 2013 MailboxCredential to test the Pop Connectivity?
  Make sure the pop is enalbed for users and the pop services are started.
  Proxy and redirection for POP and IMAP:
  http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
  Thanks,
  Simon Wu
  TechNet Community Support

• Using IronPort c series to find SSN social security numbers

  We have IronPort C-series, M-series, and IEA appliances and are currently manually encrypting e-mails with the [send secure] subject string.  All of that is working great.   What we are now looking at is using the SSN smart tag in a content filter to start cleaning up our outgoing e-mails.  Currently I only have 'notify' as an action so that we can see where and how much of a problem we have.  That has run for a while and now we are getting ready to start possibly bouncing the mail back to the sender or automatically encrypting the outgoing e-mail with our IEA appliances.  The question that I have is currently not all of our internal users are licensed for the IEA so I can't just encypt everything that the SSN smart tag finds.    OK, so I can bounce the e-mail back to the users that are not licensed...   Sounds good...  well, what about false positives?  How do they get the e-mail sent that IronPort is stopping because of SSN false positives?
  I've thought of a couple of ideas but would be interested in hearing what the other admins have come up with that works for them.     THANKS.
  OH, does anyone know where CISCO put the old Knowledgebase?   I thought there was some great information there.
  Jason

  I use outbound mail content filters and reg-ex. you have to have a regex that includes multiple seperators. I use these again for subject fields. While these are not perfect, they work quite well with very low false positives. You could continue to make more RegEX's but these seem to work for me.
  Message Body or Attachment
  body-contains("*ssn", 1)
  Message Body or Attachment
  body-contains("[0-9][1-9][1-9]\[0-9][1-9]\[0-9][0-9][0-9][1-9]\W",  1)
  Message Body or Attachment
  body-contains("[0-9][1-9][1-9]/[0-9][1-9]/[0-9][0-9][0-9][1-9]\W", 1)
  Message Body or Attachment
  body-contains("[0-9][1-9][1-9]\\[0-9][1-9]\\[0-9][0-9][0-9][1-9]\W",  1)
  Message Body or Attachment
  body-contains("[0-9][1-9][1-9]\.[0-9][1-9]\.[0-9][0-9][0-9][1-9]\W",  1)
  Message Body or Attachment
  body-contains("[0-9][1-9][1-9]\-[0-9][1-9]\-[0-9][0-9][0-9][1-9]\W",  1)
  Here is the subject field example, i have subject field filters with identical RegEx to the filters above. All of these i put in one content filter and apply to outbound email. I also look for other items of interest, such as CC and Contract numbers
  Subject Header
  subject == "[0-9][1-9][1-9]\[0-9][1-9]\[0-9][0-9][0-9][1-9]\W"

• It is there an alternative to the Test-SystemHealth powershell cmdlet for Exchange 2013?

  Hello
  The Powershell cmdlet Test-SystemHealth, that was available on Exchange 2010, is no longer available on Exchange 2013.
  Test-SystemHealth cmdlet gathered data about the Microsoft Exchange system and analyzed the data according to best practices.
  Are there any alternatives to this for Exchange 2013?
  Thanks!

  Haven't really played with it too much, but check out Get-ServerHealth
  http://technet.microsoft.com/en-us/library/jj218703(v=exchg.150).aspx
  Looks to have replaced Test-SystemHealth.

• Migration Exchange 2010 to Exchange 2013 in a different site

  Hi all, I have
  an Exchange 2010 with these characteristics
  Site A
  - 2 Servers DAG for mailboxes
  - 2 Servers Client Access and
  Hub Transport in Microsoft
  NLB
  - 2 Domain Controllers Windows
  Server 2008 R2
  I want to upgrade to Exchange 2013 but in another
  Site, Site B. When the migration is complete,
  the mail system will only be in Site
  B.
  The connection between Site A and Site
  B is a reliable connection.
  Is there any problem to upgrade Exchange 2013
  to another Site, other than Site
  A?
  regards
  Microsoft Certified IT Professional Server Administrator

  Hi all, I have
  an Exchange 2010 with these characteristics
  Site A
  - 2 Servers DAG for mailboxes
  - 2 Servers Client Access and
  Hub Transport in Microsoft
  NLB
  - 2 Domain Controllers Windows
  Server 2008 R2
  I want to upgrade to Exchange 2013 but in another
  Site, Site B. When the migration is complete,
  the mail system will only be in Site
  B.
  The connection between Site A and Site
  B is a reliable connection.
  Is there any problem to upgrade Exchange 2013
  to another Site, other than Site
  A?
  regards
  Microsoft Certified IT Professional Server Administrator
  It is like any other Migration (Same Forest) You just need to make sure that AD is been replicated from Site A (Exchange 2010) to Site B (Exchange 2013).
  No Network or replication issue between the sites. Having more than 1 DC on Site B would be good idea.
  Once you have all these set, rest of the things are same.
  Extend the AD Schema.
  Deploy the Exchange Server 2013 CU6
  Create the Cert request for 2013.
  Install Cert on Exchange 2013.
  Configure the Virtual Directories for Exchange 2013.
  Test the Coexistence between 2010 and 2013.
  Perform the Cutover from 2010 to 2013.
  Test the Cutover and start the Test migration phase.
  Once the test phase is fine, start the full fledge migration.
  Move Mailbox and Public Folder Database.
  Cheers,
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Exchange 2013 installation error

  i have a server running server standard 2012 r2 recently upgraded from server standard 2003
  it is a dc,dchp,dns.
  i am trying to install exchange server 2013 standard during the installation i get the following error message.
  and am unable to continue.
  The following error was generated when "$error.Clear();
      install-ExchangeSchema -LdapFileName ($roleInstallPath + "Setup\Data\"+$RoleSchemaPrefix + "schema0.ldf")
  " was run: "There was an error while running 'ldifde.exe' to import the schema file 'C:\Windows\Temp\ExchangeSetup\Setup\Data\PostWindows2003_schema0.ldf'. The error code is: 8224. More details can be found in the error file: 'C:\Users\Administrator.example\AppData\Local\Temp\ldif.err'".

  Hi,
  Agree with Amit. And I also find some information for your reference:
  Error 8224 is easily resolved by checking the Windows Firewall Profile and either.
  A. Disable Domain Profile firewall as well as Private and Public Profles. 
  B. Disable or turn off Windows Firewall and change the state of the service to Manual.
  More details in the following thread:
  Exchange 2013 Error 8224
  http://social.technet.microsoft.com/forums/exchange/en-US/318ef90d-59be-49b2-9202-688f80074418/exchange-2013-error-8224
  Thanks
  Mavis
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Need to add dashes (-) to Social Security Number

  I need to add dashes to Social Security Numbers. The current numbers look like 123456789. They should look like:
  123-45-6789. How do I add the dashes?
  Thanks,
  Rick

  Create a formula like (basic syntax):
  formula = left({ssn},3) + "-" + mid({ssn}, 4,2) + "-" + right({ssn}, 4)
  and place the fomula where you want to see the SSN with dashes.  (If the field is numeric, you'll need to add CStr()...)
  HTH,
  Carl