by santesp at 2012-09-06 07:28:48
Hello all.by DonJ at 2012-09-06 15:05:17
I’m very new to powershell so please pardon the ignorance.
Here is my situation:
My company currently has our sales force equipped with iPads. We manage them through an MDM and everything works fine. The problem is that we have noticed that several employees have hooked up their personal devices to activesync to get corporate email on their devices. We want to close this off.
I already have the information to block iphones, android devices, etc.
The road block I’m hitting is that I want to block personal iPads but not our business iPads.
As a test, I wanted to block all iphones and then just allow a couple of people’s phones to see if it works. It seems fairly easy to do for one person but I will need to do something simialr for about 200+ people. I read about the powershell commands that can grab data from CSV files so I was wondering how to incorporate that.
This code doesn’t work, but in simple terms this is what i would want it to do:
import-csv c:\temp\test.csv | set-casmailbox –identity {$.name} –activesyncalloweddeviceid {$.device}
*the CSV file has 2 columns: name (contains alias name) and device (contains deviceID)
So my question is… how would I go about writing a command/script to whitelist device IDs for multiple users at a time?
Thank you very much in advance and sorry for the long winded post.
You’re only missing a small piece.by jewrican at 2012-09-06 19:21:57
Approach it this way: Put only ONE DATA LINE in your CSV file, and see if your command works. If it does, then just do this:import-csv c:\temp\test.csv | foreach-object {set-casmailbox –identity {$.name} –activesyncalloweddeviceid {$.device}}
The addition of ForEach-Object lets PowerShell work with multiple data lines, one at a time, in the CSV.
we had a similar yet different need to restrict AS devices. I decided to use a throttling policy to manage this.by santesp at 2012-09-10 07:43:22
I set the default throttling policy to allow no AS devices and then created identical policies that allowed 1 device, 2 devices, 3 devices etc.
I then set the user to the appropriate throttling policy. Hope this helps.
[quote="DonJ"]You’re only missing a small piece.by DonJ at 2012-09-10 07:50:13
Approach it this way: Put only ONE DATA LINE in your CSV file, and see if your command works. If it does, then just do this:import-csv c:\temp\test.csv | foreach-object {set-casmailbox –identity {$.name} –activesyncalloweddeviceid {$.device}}
The addition of ForEach-Object lets PowerShell work with multiple data lines, one at a time, in the CSV.[/quote]
Hi Don,
Someone had mentioned this as well:
[code2=powershell]Import-Csv c:\users.csv | % {Set-CASMailbox -Identity $.name –activesyncalloweddeviceid $.device}[/code2]
Is the "%" doing the same function as "foreach-object"?
% is an alias to ForEach-Object. So that’s basically the same.by santesp at 2012-09-10 07:59:52
Thank you.by santesp at 2012-09-10 08:37:44
I actually ran this test on thursday night. I had 3 users and their iPhone serial numbers in the file and ran that. Seems to have run fine (no errors given).
I then ran
[code2=powershell]new-activesyncdeviceaccessrule –querystring iphone –characteristic Devicemodel -accesslevel block[/code2]
It started blocking the phones but then it also blocked the ones that I had initially whitelisted through that CSV.
I then ran the script manually for just my phone and it seemed to work again.
I guess that means that I have to run the script after creating that access rule?
[quote="jewrican"]we had a similar yet different need to restrict AS devices. I decided to use a throttling policy to manage this.
I set the default throttling policy to allow no AS devices and then created identical policies that allowed 1 device, 2 devices, 3 devices etc.
I then set the user to the appropriate throttling policy. Hope this helps.[/quote]
Forgot to thank you for the suggestion there.