New retention tag in default MRM policy (question/recommendations)

Similar Messages

• Displaying assigned retention tag/policy in Outlook 2013 Inbox default vies

  Hi,
  I don't know if this is the right place to post this questions. If it is not please forgive me and direct me to the right forum. I know that I can check if the email message has a retention tag/policy applied if I open it in Inspector window. It is
  listed under subject.
  My problem is that I don't know the way how to display the retention tag/policy in the Inbox default view next to the the properties like: subject, from, received etc. So the users don't need to open the message to check if they applied the retention tag.
  This way they can look at every message in the inbox and see which message has the retention tag missing.  I assume I will have to employ some coding and I am OK with that.
  Can I write a outlook add-in that will query for retention tag for each message and display it in the column along with other mapi properties? I need a advice example how to programmatically extract the PR_POLICY_TAG and convert it from binary to string.
  Than I can change the default view xml to include this property I assume.
  Any help is greatly appreciated.
  Thanks,
  Goran

  If an item has been tagged for retention then they will be available you can see this using a Mapi editor like MFCmapi or OutlookSpy. The PolicyTag would only give you the GUID of the policy and you would have to pull the Name from the UserConfig item in
  the mailbox which can be little more complicated.  With CFG file's there is
  http://www.slipstick.com/exchange/adding-extended-mapi-fields-to-outlook/#trouble that's about all that I know off. There is also an Outlook development group you can ask this in
  http://social.msdn.microsoft.com/Forums/office/en-US/home?forum=outlookdev
  Cheers
  Glen

• Default Folders Policy/Items retention period not respected ?

  Hello, 
  We have Exchange Server 2007 SP3 and we've set up a default folders policy to erase all mailbox content older than 31 days. 
  However in three mailboxes we've sampled this policy isn't properly applied : the mailboxes had mails newer than 31 days deleted ( some 20 days, some 28 days, mine had only 14 days old mails !
  Can you please explain to me why this is happening? 

  Thank you sir Allen
  I ran the commands you mentioned
  [PS] C:\Documents and Settings\Administrateur>Get-Mailbox "alias" | FL Identit
  y, ManagedFolderMailboxPolicy
  Identity                   : domain.com/Users/alias 
  ManagedFolderMailboxPolicy : TestPolicy
  [PS] C:\Documents and Settings\Administrateur>Get-ManagedFolderMailboxPolicy "TestPolicy" | FL Identity,ManagedFolderLinks
  Identity           : TestPolicy
  ManagedFolderLinks : {Entire Mailbox, Tasks, Notes, Journal, Contacts, Calendar
  [PS] C:\Documents and Settings\Administrateur>Get-ManagedContentSettings -FolderName "Entire Mailbox"
  Name                      MessageClass              ManagedFolderName
  testrem                   *                         Entire Mailbox
  [PS] C:\Documents and Settings\Administrateur>Get-ManagedContentSettings -FolderName "Tasks"
  Name                      MessageClass              ManagedFolderName
  Preventing Del            IPM.Task*                 Tasks
  I set the entire Mailbox to be deleted after 31 days, then creating managed content settings on tasks, agenda and contacts and uncheked the item retention period so that these items do not get deleted.
  tried to go with only deleting items from the inbox but it didn't delete those in custom folders(each user creates his own)... the other method worked though

• Apply retention tag to folder automatically

  We are planning to migrate some mailboxes from Exchange 2007, which uses MRM 1.0, to Exchange 2010, which uses MRM 2.0 (Retention Tags and Policies).
  Currently, with Exchange 2007/MRM 1.0 (Managed Folders), there is a "Retained Messages" folder that contains messages users want to keep.
  Messages in this folder will *not* be deleted after 18 months (expiration date for messages *elsewhere* in the mailbox).
  Good news is that even if we uncheck the Managed Folder Mailbox policy (in the mailbox properties), the "Retained Messages" folder remains (apparently as long as there are messages inside) and this "Retained Messages" folder
  does migrate with the rest of the mailbox in test migrations to Exchange 2010.
  The next part is the tricky part...
  We intend to apply a Retention Policy to the migrated mailbox that currently has only one tag "Never Delete" (this is one of the built-in tags).
  Before applying a default retention tag to the migrated mailboxes, we want to ensure that the "Never Delete" tag is applied to the migrated "Retained Messages" folder.
  Of course, we could ask users to apply this tag and once it is applied, we could add a default tag to the policy that would delete messages after they attain a certain age (180 days, 18 months, whatever).
  Is there a way we could apply this tag automatically, and avoid deletion of old messages, in case users forget to apply the "Never Delete" tag?
  I saw this discussion...
  https://social.technet.microsoft.com/Forums/exchange/en-US/97657e0c-c7f1-4c8e-bd7f-c7ecc9760e9c/push-a-folder-to-all-clients-apply-retention-tag-to-the-folder?forum=exchangesvrgenerallegacy
  but am wondering if anything has developed since.
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Hi David,
  According to your description, my understanding is that you want to make sure “Never Delete” tag is applied to all “Retained Message” folder in all mailbox. Then when the mailbox is applied with other Default Policy tag, this “Retained Message” folder would
  not be effected. Is it right?
  Please confirm if the “Never Delete” tag is a personal tag created in Exchange 2010. Based on my knowledge, if it is a personal tag, the user can apply it in Outlook or OWA client instead of server side.
  Additionally, there is a blog indicates that we can using Exchange Web Services to Apply a Personal Tag to a Custom Folder. I am not sure whether it works. Just hope it would be helpful for you:
  http://blogs.technet.com/b/exchange/archive/2013/05/20/using-exchange-web-services-to-apply-a-personal-tag-to-a-custom-folder.aspx
  Migrate from Managed Folders
  http://technet.microsoft.com/en-us/library/dd298032(v=exchg.141).aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• Custom Retention policies for default folders in Outlook

  Hello,
  The following are the steps I've taken to create a retention policy for a user.Exchange 2013, outlook 2013
  The problem is that even if I create a retention tag for a default folder, I cannot implement it. I've gotten retention tags for user created folders to work, but not the default folders.
  Login to microsoft 365 as exchange Administrator
  Click Admin > Exchange
  Click ‘Compliance Management’ on left side
  Click ‘Retention Tags’
  Create desired retention tag by folder (choose default folder or user created folder)
  Save each tag as it is created
  Click ‘Retention Policies’
  Click ‘New’ to create a new policy
  Add desired tags to policy and click save
  To apply Retention Policy click ‘Recipients’ on left side
  Click ‘mail boxes’
  12. 
  Select user and click edit > mailbox features
  13. 
   Select desired retention policy
  14. 
  Save
  Using this method I created a retention tag to delete mail in the junk mail folder after 14 days. I added the 14 day junk mail retention tag to a retention policy and applied
  it to a user. But whenever I look at the junk mail folder it shows that the email will be deleted in 30 days --- not 14.
  What am I doing wrong?

  Hi,
  We can try to use managed folders to specify retention settings for default folders such as Inbox, Deleted Items, and Sent Items. See:
  http://technet.microsoft.com/en-us/library/ee364744(v=exchg.141).aspx
  Also check this:
  http://blogs.technet.com/b/theexchangeguy/archive/2012/06/04/retention-polices-and-tags-101.aspx
  Since this question is more related to Exchange server, it's better to post your question to Exchange forum:
  http://social.technet.microsoft.com/Forums/en-US/category/exchangeserver/ 
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents,
  and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.
  Thank you for your understanding.
  Best Regards,
  Steve Fan
  TechNet Community Support

• Does "default retry policy" mean what I define in web.config?

  Warning: Do not use the information listed in the comments below. Most of it is wrong and/or out of date!
  Hi all;
  The docs for
  ReliableSqlConnection(connectionString) state:
  Initializes a new instance of the ReliableSqlConnection class with a given connection string. Uses the
  default retry policy for connections and commands unless retry settings are provided in the connection string.
  Question 1:
  If I have the following in my web.config, does this set the default retry policy? Or is the default set in the libabry and I have to explicitly pass this defined policy?
  <RetryPolicyConfiguration defaultRetryStrategy="Fixed Interval Retry Strategy"
  defaultSqlConnectionRetryStrategy="Backoff Retry Strategy"
  defaultSqlCommandRetryStrategy="Incremental Retry Strategy"
  defaultAzureStorageRetryStrategy="Fixed Interval Retry Strategy"
  defaultAzureServiceBusRetryStrategy="Fixed Interval Retry Strategy">
  <incremental name="Incremental Retry Strategy" retryIncrement="00:00:01"
  retryInterval="00:00:01" maxRetryCount="10" />
  <fixedInterval name="Fixed Interval Retry Strategy" retryInterval="00:00:01"
  maxRetryCount="10" />
  <exponentialBackoff name="Backoff Retry Strategy" minBackoff="00:00:01"
  maxBackoff="00:00:30" deltaBackoff="00:00:10" maxRetryCount="10"
  fastFirstRetry="false"/>
  </RetryPolicyConfiguration>
  Question 2:
  If this does set the default, how do I set this in a cloud service as it does not have a web.config?
  thanks - dave
  What we did for the last 6 months -
  Made the world's coolest reporting & docgen system even more amazing

  Sorry, did not work. I got the NuGet package shown below (the search returned 5+ pages of results - you guys really need to uniquely name your packages).
  On the call to GetDefaultSqlConnectionRetryPolicy() I get:
  System.Configuration.ConfigurationErrorsException occurred
  HResult=-2146232062
  Message=An error occurred creating the configuration section handler for RetryPolicyConfiguration: Could not load file or assembly 'Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling, Version=5.0.1031.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified. (c:\src\EnforcedVacation\UnitTestRepository\bin\Debug\UnitTestRepository.dll.config line 5)
  Source=System.Configuration
  BareMessage=An error occurred creating the configuration section handler for RetryPolicyConfiguration: Could not load file or assembly 'Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling, Version=5.0.1031.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified.
  Filename=c:\src\EnforcedVacation\UnitTestRepository\bin\Debug\UnitTestRepository.dll.config
  Line=5
  StackTrace:
  at System.Configuration.BaseConfigurationRecord.FindAndEnsureFactoryRecord(String configKey, Boolean& isRootDeclaredHere)
  at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
  at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
  at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
  at System.Configuration.ConfigurationManager.GetSection(String sectionName)
  at Microsoft.Practices.EnterpriseLibrary.Common.Configuration.SystemConfigurationSource.DoGetSection(String sectionName)
  at Microsoft.Practices.EnterpriseLibrary.Common.Configuration.FileBasedConfigurationSource.GetSection(String sectionName)
  at Microsoft.Practices.EnterpriseLibrary.TransientFaultHandling.Configuration.RetryPolicyConfigurationSettings.GetRetryPolicySettings(IConfigurationSource configurationSource)
  at Microsoft.Practices.EnterpriseLibrary.TransientFaultHandling.RetryPolicyFactory.CreateDefault()
  at Microsoft.Practices.EnterpriseLibrary.TransientFaultHandling.RetryPolicyFactory.GetOrCreateRetryManager()
  at Microsoft.Practices.EnterpriseLibrary.TransientFaultHandling.RetryPolicyFactory.GetDefaultSqlConnectionRetryPolicy()
  at UnitTestRepository.TestUtilities.GetConnection() in c:\src\EnforcedVacation\UnitTestRepository\TestUtilities.cs:line 41
  InnerException: System.IO.FileNotFoundException
  HResult=-2147024894
  Message=Could not load file or assembly 'Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling, Version=5.0.1031.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified.
  Source=System.Configuration
  FileName=Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling, Version=5.0.1031.0, Culture=neutral, PublicKeyToken=null
  FusionLog==== Pre-bind state information ===
  LOG: DisplayName = Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling, Version=5.0.1031.0, Culture=neutral, PublicKeyToken=null
  (Fully-specified)
  LOG: Appbase = file:///c:/src/EnforcedVacation/UnitTestRepository/bin/Debug
  LOG: Initial PrivatePath = NULL
  Calling assembly : (Unknown).
  ===
  LOG: This bind starts in default load context.
  LOG: Using application configuration file: c:\src\EnforcedVacation\UnitTestRepository\bin\Debug\UnitTestRepository.dll.config
  LOG: Using host configuration file:
  LOG: Using machine configuration file from C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config.
  LOG: Policy not being applied to reference at this time (private, custom, partial, or location-based assembly bind).
  LOG: Attempting download of new URL file:///c:/src/EnforcedVacation/UnitTestRepository/bin/Debug/Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling.DLL.
  LOG: Attempting download of new URL file:///c:/src/EnforcedVacation/UnitTestRepository/bin/Debug/Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling/Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling.DLL.
  LOG: Attempting download of new URL file:///c:/src/EnforcedVacation/UnitTestRepository/bin/Debug/Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling.EXE.
  LOG: Attempting download of new URL file:///c:/src/EnforcedVacation/UnitTestRepository/bin/Debug/Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling/Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling.EXE.
  StackTrace:
  at System.Configuration.TypeUtil.GetTypeWithReflectionPermission(IInternalConfigHost host, String typeString, Boolean throwOnError)
  at System.Configuration.RuntimeConfigurationRecord.RuntimeConfigurationFactory.Init(RuntimeConfigurationRecord configRecord, FactoryRecord factoryRecord)
  at System.Configuration.RuntimeConfigurationRecord.RuntimeConfigurationFactory.InitWithRestrictedPermissions(RuntimeConfigurationRecord configRecord, FactoryRecord factoryRecord)
  at System.Configuration.RuntimeConfigurationRecord.CreateSectionFactory(FactoryRecord factoryRecord)
  at System.Configuration.BaseConfigurationRecord.FindAndEnsureFactoryRecord(String configKey, Boolean& isRootDeclaredHere)
  InnerException:
  What I added:
  What we did for the last 6 months -
  Made the world's coolest reporting & docgen system even more amazing

• Block Inheritance and Default Domain Policy

     Hello to all, I will run a cross-forest migration and target forest has a Default Domain Policy. Target domain is Windows 2003 Functional Level, but has almost all DCs on Windows 2008. As first level OUs represents country codes (USA, GBR, FRA,
  etc) and a new country will be created I want to block GPOs from Domain level. The task itself is very easy, just configure "Block Inheritance" on the new country OU. Important: Default Domain Policy is >> not set << to "Enforce"
  on target domain.
     Question: the security configurations (account, password, local policies) from Default Domain Policy will be blocked? If yes, how domain users below this new country OU will have basic configurations for them (password complexity, password length,
  certificates, etc) ?
     Regards, EEOC.

     Question: the security configurations (account, password, local policies) from Default Domain Policy will be blocked? If yes, how domain users below this new country OU will have basic configurations for them (password complexity, password length,
  certificates, etc) ?
  The Domain security policy for passwords etc, is domain-wide, and cannot be blocked.
  It applies to, and is controlled by, the Domain Controllers.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Exchange 2010 Retention Tags

  Hi folks,
  I wonder if anyone can help please. I have applied a retention tag to automatically move staff emails to the Archive mailbox after 12 months and this policy has been in place now for a couple of years.
  The company now wish for me to apply some option retention tags for staff allowing them to choose to e.g. Archive after 2 years, 5 years etc...
  My question is that if a user chooses a folder in their live mailbox and selects Archive after 5 years, does that apply to emails just in the live mailbox or will the messages move back from their Archive mailbox to their live mailbox until the chosen Archive
  period expires?
  I hope this makes sense.
  Many thanks
  Danny

  If you have items in the archive, there is  no automated process to move those back into the live mailbox.  So if you archive everything older than 1 year now, and change the setting to 5 years, you will see nothing moved to or from this folder
  for the next four years.

• What personal retention tag is applied to folders

  I am trying to use the code below to view the retention tags applied to folders in a given user's mailbox:
  http://blogs.msdn.com/b/akashb/archive/2013/06/14/generating-a-report-which-folders-have-a-personal-tag-applied-to-it-using-ews-managed-api-from-powershell-exchange-2010.aspx
  My environment:
  2 x Exchange 2010 SP3 RU8v2 servers with CA, MB and HT roles. They are in a DAG.
  1 x KEMP VLM-200 load balancer.
  I downloaded and installed the EWS managed API:
  http://www.microsoft.com/en-us/download/confirmation.aspx?id=35371
  And I have seen what seems like every imaginable error message:
  - The response received from the service didn't contain valid XML.
  --> So I changed DNS so the URI in the script would connect directly to one of the two Exchange servers - and not the KEMP. Other solutions did not seem to work. This is a test env so I can "mess" with DNS.
  - The request failed. The remote server returned an error: (403) Forbidden.
  --> I think I solved this by adding https to the URI (the s in https was missing).
  - The request failed. The remote server returned an error: (401) Unauthorized.
  --> Not sure what I did here anymore (this has been taking me literally hours). But this error was replaced with the following:
  - The account does not have permission to impersonate the requested user.
  --> I was able to apparently solve this by granting a brand new user (not member of any admin groups with Deny permissions) the permissions described in this article:
  https://msdn.microsoft.com/en-us/library/bb204095%28v=exchg.80%29.aspx
  Even though that is for Exchange 2007 and I have 2010.
  That seemed to work because that error messages no longer appears but... now this one appears again:
  - The request failed. The remote server returned an error: (401) Unauthorized.
  I've tried after granted the new user full permissions to the mailbox in question and without those permissions.
  So in the end, I'm going in circles and I don't know how to make this work.
  How can I see WHY the user is not authorized?
  Does the user have to be a member of specific groups? I intentionally did NOT add them to any admin type groups because of what was stated in the MSDN article on impersonation (some admin groups have DENY permissions on user mailboxes).
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  These are the only lines of the code I have edited:
  # Set the Credentials
  $service.Credentials = new-object Microsoft.Exchange.WebServices.Data.WebCredentials("newuser1","Passwordabc123","mydomain.lan")
  # Change the URL to point to your cas server
  $service.Url= new-object Uri(https://mail.mydomain.net/EWS/Exchange.asmx)
  I have also tried:
  $service.Credentials = new-object Microsoft.Exchange.WebServices.Data.WebCredentials([email protected],"Passwordabc123")
  Yes, I have mydomain.lan (original domain name) and mydomain.net (for email).
  For better or worse, newuser1 is only a member of domain users (but currently has full access permissions to target mailbox).
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• How do I move the policy from Default domain policy to a custom policy.

  I want to implement a new password policy.  In the past we had a fairly loose policy, now I want to implement minimum length and complexity.  I know how to set this up in Computer Config Policies windows settings security settings and account policies
  password policy. However after I set it up I notice that it is not being applied.  I have run gpupdate, and even waited several days but still it's not taking effect.  I have created what im calling a custom gpo calling it "password policy". 
  It is situated under domains/mydomain.com .  There are a number of other policies here.
  When I run gpresult /h c:\temp\gpreport.html  its all a bit confusing. It looks like it being applied but then further down it says under Group policies Applied GPOs Denied GPOs Pssword Policy mydomain.com empty. ??
  But let me ask this first off .
  The previous administrator I think has the password policy set up in the "default domain policy"
  Is it possible that the default domain policy which IS indeed set differently is overriding my custom "password policy"
  If this is so how can I make it so  my custom password policy is applied over the default domain policy.
  Or what other answers could it be.

  Hi,
  Based on your requirement you can create Fine Grained Password Policies.
  This feature introduced in Windows Server 2008 allows you to override password policy set at the Default Domain Policy for specific users or groups.
  Checkout the below link for creating Fine Grained Password Policies from GUI in Windows Server 2012,
  http://blogs.technet.com/b/reference_point/archive/2013/04/12/fine-grained-password-policies-gui-in-windows-server-2012-adac.aspx
  Regards,
  Gopi
  JiJi
  Technologies

• Windows 8 and Default Domain Policy modification issue

  Hi,
  I'm unable to edit the default domain policy from my new Windows 8 desktop.  It's the only Win8 in the environment so I'm not able to easily test another one unfortunately.  The error I receive is:
  Group Policy Error
  Failed to open the Group Policy Object.  You might not have the appropriate rights.
  Details: The volume for a file has been externally altered so that the opened file is no longer valid.
  I have checked from a Win7 and a 2003 machine and can access and edit the GPO without issue using the same account.  The Win8 desktop is a fresh install with the RSAT tools installed, Exchange 2010 tools and a few basic applicaitons (non of which stick
  out as having anything to do with AD management).
  It only occurs if I click edit on the GPO.  I'm able to successfully view the policy and edit the permissions etc.  Have rebooted and the machine is current with patches as of now.
  thanks
  Andy
  Cheers Andy

  Hi,
  According to your description, the issue only occurred when you click to edit the GPO. And only occurred on Windows 8. I would like suggest you to follow below suggestions to narrow down the issue:
  1. Check out whether the issue only occurred to Default domain policy object.
  2. Test on another new installed Windows 8 client with only RSAT installed.
  3. Create another new account and add it to domain admin group to test again.
  4. Run dcdiag on DCs to check out whether the replications work fine.
  Hope this helps.
  Regards,
  Yan Li
  If you have any feedback on our support, please click
  here
  Cataleya Li
  TechNet Community Support

• Default domain policy got corrupted and can't reverse to old system state?

  Initially we had two servers which was 2003 and 2008, after adding additional two more servers (server 2012) in the network and then demoted the old servers. and that was quite while ago. after carefully looking a the default policy I have noticed that there
  so many policies was applied on default policy object which led me to disable them and created a backup for both domain controller and the domain policy.
  now the problem is stupidly run
  dcgpofix  thought it will restore the domain policy to it's original state but it did not instead it came up with an empty default policy template and inside there is no security policy which i can edit. However i did tried to restore the old policy which
  i backed up but i get an access denied error.
  Now i realise that the original default policy was from server 2003 and the current schema domain functional level is 2012.  Currently
  I can not login to any newly added computers to the domain via domain administrator account.
  Please help! Is there any way to create a new default domain policy?

  Hi thanks for your input,
  but that doesn't resolves my issue. However I have managed to fix it by modifying the Default policy systemflags and then run the command gpfixup.exe /ignoreschema /target :domain.com.
  and after that I was able to restore my old gp from earlier backup. 

• Retention tags not working if mailbox has another language than english

  Hi folks
  I've created a retention tag (type: Inbox ) in exchange 2013 which deletes all mails older than 14 days. works perfectly for mailboxes with english standart folders, but if i apply the policy to an mailbox with german or french language, the emails
  are not getting deleted. i think the problem is that the inbox folder is called "Posteingang" in the german mailboxes.
  is there a workaround to use my retention tag for other languages as well?
  Thanks!

  Hm, that sounded interesting enough for a test, but since I'm an O365 guy, I run the test against EO. Works OK even after I rename the folders, the only thing I did was to simply run the Start-ManagedFolderAssistant cmdlet to speed up the process.
  EO is usually few versions ahead of on-prem, so either this has been fixed (and the fix is coming with CU7 or later), or we are simply missing something in your scenario. Have you verified that the policy is actually recognized as 14 days by the client,
  for the non-English mailboxes? Double-check the tag and policy, and run the Start-ManagedFolderAssistant just in case.

• NIS+ default passwd policy, such as aging, length

  How to set NIS+ default passwd policy, such as aging, length?
  /etc/default/passwd only affect the local account. Where is the config file for NIS+? Is there a NIS+ table for the passwd policy?
  If there is no config file or NIS+ table for such setting, where is the default value when a new user is added?
  Message was edited by:
  kdust

  -- Second Update --
  After policy installation I got several problems with PeopleSoft configuration. Which finally were solved.
  1. Some URL's has to be defined as not enforced.
  com.sun.am.policy.amFilter.notenforcedList[1]=/ps/images/*
  com.sun.am.policy.amFilter.notenforcedList[2]=*.css
  com.sun.am.policy.amFilter.notenforcedList[3]=*.ico
  2. In versions older than PeopleSoft 8.4.2 the policy agent modified the file
  /opt/fs/webserv/peoplesoft/applications/peoplesoft/PORTAL/WEB-INF/psftdocs/ps/configuration.properties to add the properties:
  byPassSignon=TRUE
  defaultUserid="DEFAULT_USER"
  defaultPWD="your password"
  signon_page=amsignin.html
  signonError_page=amsignin.html
  logout_page=amsignin.html
  expire_page=amsignin.html
  However, in the newer versions of PeopleSoft this properties are controled from the online Peoplesoft console. Which are set on:
  PeopleTools --> WebProfile ---> WebProfileConfiguration --> [PROFILE] --> Security --> In section "Public Users" the parameters that has to be changed are:
  Allow Public Access (cheked)
  User ID : DEFAULT_USER
  Password : your password
  HTTP Session Inactivity : (SSO TIMEOUT)
  and:
  PeopleTools --> WebProfile ---> WebProfileConfiguration --> [PROFILE] --> Look and Feel -->
  In section "SignOn/Logout" set the following values:
  Signon Page : amsignin.html
  Signon Error Page : amerror.html
  Logout Page : amsignout.html
  Note: After making any changes on the console; restart PIA (weblogic instance).
  With this the SSO with PeopleSoft is working Ok.
  Message was edited by:
  LpzYlnd

• How to avoid applying Default domain policy?

  Hello! Hope to get some ideas on the following:
  I have one PC that I DO NOT want to apply default domain policy to. I have created a separate OU in AD with one security group, that contains only that one PC.
  I made sure that pc is a member of only that group and not domain computers or any other groups.
  I have created a separate GPO for this PC and linked in to the domain.
  I am seeing in the gpresult /r  that both the new  GPO is applied to the workstation and the default domain gp as well.
  Default domain policy is designed to be applied to all authenticated users.
  I have create a separate user for that workstation that is not a member  of authenticated users.It is only a member of domain users.
  Ultimately I want default domain policy to be filtered out and the gpo specific to this pc to be applied.
  Any ideas?

  > Default domain policy is designed to be applied to all authenticated users.
  >
  > I have create a separate user for that workstation that is not a member
  > of authenticated users.It is only a member of domain users.
  You cannot exclude any computer or user from being an authenticated user...
  > Ultimately I want default domain policy to be filtered out and the gpo
  > specific to this pc to be applied.
  Then simply block inheritance on the OU this computer lives in, and link
  the specific GPO to that OU.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))