In a recent project we faced an interesting problems using the Windows 8 Mail App.
Windows 8 include a built-in email app named Mail (also referred to as Windows 8 Mail or the Windows 8 Mail app). We used a Standard User Account without any local Admin privileges, logged on to the Domain and tried to add our Exchange information to the mail app. After adding our Account information an error is popping up “To sync firstname.lastname@example.org, you will need to change this PC’s settings to match the mail server’s security settings.”
After some investigation about this error we found out there are few settings Enterprises need to prepare before using the mail app in an environment with logged down user rights.
The Windows 8 Mail to allows users using ActiveSync (EAS) for Exchange synchronization. If you add your account to the Mail application your Exchange policies will pushed down and the stronger policy will take presence (http://blogs.technet.com/b/exchange/archive/2012/11/26/supporting-windows-8-mail-in-your-organization.aspx). If your EAS is stronger than your Domain or local policy the Windows Policy Engine requires admin access to apply policy changes, since non-admins are not allowed to make changes to computer/account configurations, you will get the issue documented above.
In a next step you have to compare the policy that is applied on the device(s) against what is being requested by the Exchange server.
Control the corresponding Group Policy (Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options /) to have the same settings as you have configured in Exchange. If both are identical you can add your Exchange Account without getting any popup.
AllowSimpleDevicePassword : Windows Policy Engine would try to apply this policy, MaxInactivityTimeDeviceLock : Windows Policy Engine would try to apply this policy, MaxDevicePasswordFailedAttempts : Windows Policy Engine would try to apply this policy, DevicePasswordExpiration : Windows Policy Engine would try to apply this policy, DevicePasswordHistory : Windows Policy Engine would try to apply this policy, RequireDeviceEncryption : Windows Policy Engine would try to apply this policy, MinDevicePasswordComplexCharacters : domain accounts, password length and complex characters are not governed by EAS, MinDevicePasswordLength : domain accounts, password length and complex characters are not governed by EAS,
This post was contributed by Lutz Seidemann, a Solution Architect with Microsoft Consulting Services.
Hi - It seems to be impossible to define a user display name in outgoing mail. The Win 8 mail app seems to magically grab it from somewhere and completely ignores what is defined in account settings 'Your Name'. This seems bafflingly amateurish. I have no idea how to report the issue. Maybe you do. Thanks.
Is there a way to configure the mail app with a script? Best would be powershell.
So add Accounts automatically for the domain users.
Thanks for this, I also found this link helpful when trying to link the Activsync Policies to Group Policy settings.
thanks for this article.
I found a solution to set the EAS policys without Admin privileges.
Once you configure successfully a Client you can see your EAS-Policies at:
You can distribute these DWORDs (no subkeys) via GPO, after that the users where able to confiure the MailApp without Admin privileges