Schedule a Transport Rule to be Enabled or Disabled at a Specific Time of Day / Day of the Week

The Problem:

In Exchange 2003, you could configure Exchange to delay the sending of large attachments until after hours, which was very useful if you have users that don’t think twice before creating an email and attaching dozens of their most recent photographs in the email, then adding 20 or 30+ recipients to the email and hitting send – causing your Exchange server to go into melt-down as it tries its best to push all the emails out as quickly as possible.

So – having upgraded to Exchange 2007 or Exchange 2010 you may have discovered that this options doesn’t exist any more, so you may find from time-to-time that your Internet connection suddenly grinds to a halt and if you dig hard enough, you may find the problem is sitting in your outbound Queues on your Exchange Server.

So – what to do about this?

Half a Solution:

You can create an Exchange Transport Rule to force large emails to be approved (before they are sent out), by a Manager or a Moderator which at least enables the Manager / Moderator to have to Approve the email before they clog up the Exchange Queues but as we are now living in a 24×7 age, if you don’t want to have to approve / reject the emails in the evenings or over the weekend, there is no option in the Transport Rule to schedule the times that the Rule applies!  Quite frustrating, especially over a long weekend.

The Whole Solution:

The answer (well, my answer) to this is to create two Powershell Scripts, two batch files and a two Scheduled Tasks to Enable / Disable the Transport Rule at specific times (Disable after hours on Weekdays / Enable before work starts on Weekdays).

Start by creating a new folder on your Exchange server called Scripts on any drive you like (I will be using E:\scripts in my example).

Then open up Notepad and copy / paste the scripts below (one script per file) and then save the files as DisableTransportRule.ps1 and EnableTransportRule.ps1 in the E:\Scripts folder.

The PowerShell Scripts:

Disable Transport Rule:

# Script to Disable a Transport Rule
Disable-TransportRule “Rule_Name” -confirm:$false

Enable Transport Rule:

# Script to Enable a Transport Rule
Enable-TransportRule “Rule_Name” -confirm:$false

The Batch Files:

Open up Notepad and copy / paste the single line commands below (one command per file) and then save the files as DisableRule.bat and EnableRule.bat in the E:\Scripts folder.

Disable Transport Rule Batch File:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command “. ‘C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1’; Connect-ExchangeServer -auto; e:\Scripts\DisableTransportRule.ps1”

Enable Transport Rule Batch File:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command “. ‘C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1’; Connect-ExchangeServer -auto; e:\Scripts\EnableTransportRule.ps1”

Scheduled Tasks:

Open up Server Manager and Expand Configuration> Task Scheduler.  In the Actions Pane, click on Create Task…..


On the General Tab, Name the Task according to the rule you want to run e.g., Disable Transport Rule, then Select ‘Run whether user is logged on or not” and “Run with highest privileges”.

On the Triggers Tab, Click on New and Select “Weekly” and enable the days of the week you want the rule to run e.g., Mon to Fri.  Set the time you want the rule to run e.g., 18:00:00 hours and tick the “Enabled” box and click OK.

On the Actions Tab, Click on New and the default option is to Start a Program.  Leave this selected and in the Program/script: window, click on Browse and select ‘e:\scripts\disable.bat’, then in the Start in (optional): box, enter ‘e:\scripts’ and click on OK.

We don’t need to add anything to the Conditions Tab or the Settings Tab, so click OK and then enter the relevant username / password for the account you want to use to run the Scheduled Task as (usually an Administrator account).

Repeat the above for the Enable.bat file.

One last step:

Before these commands will run properly, you need to run the following command in the Exchange Management Shell:

Set-ExecutionPolicy RemoteSigned

This command allows Powershell to interact with the Exchange Management Shell.


So – you should now have two Scheduled Tasks that Disable your Transport Rule at a specified time on specific days (mine are Disabled at 18:00:00 hrs Mon – Fri) and another Scheduled Task to Enable the Transport Rule at a specific time one specific days (mine are enabled at 07:30:00 hrs Mon-Fri), so now, after hours and at weekends, you won’t have to approve emails for your Exchange organisation and if someone sends out an email with large attachments to multiple users, there is less impact on the rest of the workforce.



How To Configure Exchange 2010 To Delay Sending Of Emails With Large Attachments Until Approved By Moderator

Have you ever had a user on your network send out an email with a large attachment (or several large attachments) to a large number of recipients and brought your Exchange Server and Internet Connection to its knees as Exchange tries to send out all the messages with attachments as quickly as possible, flooding your outbound connection?

Well if that sounds familiar, then here is one way around the problem by use of Transport Rules.

With Exchange 2003 – you can make use of the option to delay large emails until after  hours, but this doesn’t exist in Exchange  2010, so you have to come up with an alternative plan to prevent this from happening.

The plan here is to setup a Transport Rule to send a message to the Administrator asking them to Approve or Reject the message containing the large attachment before Exchange starts to try and send the message(s) out, crippling your connection.

Open up Exchange System Manager and navigate to Organization Transport> Hub Transport> Transport Rules:

Once there, click on the New Transport Rule Wizard, give the new Rule a name and a Description to help you understand what the Rule does then click Next:

Select “From Users that are Inside or Outside The Organization”:

Then select “Sent to users that are inside or outside the organization, or partners”:

You then need to change the selection in Step 2 from Sent to users that are ‘Inside the organization’ to Outside the Organization:

Click OK.  The scroll down to the bottom of the list in Step 1 and select “When the size of any attachment is greater than or equal to limit”:

Once selected, click on the ‘0 B (0 bytes)’ in Step 2 and set the message size that you want to trigger the rule:

In the example above, I have set the size to 4Mb (4,096 Kb). Click OK after setting the size and then click on Next.

We now get to choose the Action to operate when the Criteria chosen is met and the action here is to forward the message to addresses for moderation:

Click on addresses in Step 2 and select your internal Recipient who is to receive the message to Accept / Reject:

Then click on the Add button to select the Internal Recipient:

Once you have selected the relevant recipient, click OK:

Then click on Next and add any Exceptions (if you wish) and click on Next:

We now see the completed rule:

Click on New to create the Rule.  Once completed, click on Finish to complete the Wizard:

You should now see the new Rule in the Transport Rules:

When the Rule is Triggered by an internal user sending a message with an attachment greater than 4Mb, the message will be forwarded to the chosen account for approval.  If approved, then the message will be sent out.  If rejected, the sender will receive a message advising that the message was not able to be sent and the Moderator can add a note as to why if they wish.

If you prefer doing things via the command line (Exchange Management Console), then you can use the following command to achieve the same result:

New-TransportRule -Name ‘Transport Rule Name‘ -Comments ‘Transport Rule Comment To Describe What It Does.‘ -Priority ‘0’ -Enabled $true -FromScope ‘InOrganization’ -SentToScope ‘NotInOrganization’ -AttachmentSizeOver ‘4 MB (4,194,304 bytes)’ -ModerateMessageByUser ’’ -ModerateMessageByManager $false