Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Blocking Attachments with Outlook Web Access
Page 1 | Page 2 | Page 3 | Page 4

To learn more about these settings and how to walk through the changes, see Microsoft’s Customizing Outlook 2003 to Help Prevent Viruses article: http://office.microsoft.com/en-us/assistance/CH011480701033.aspx

OK, so what does any of this have to do with Outlook Web Access? The answer is nothing at all. These tools only apply to the MAPI client and do not cross over into OWA. Instead, we have a different set of tools that offers completely different restrictions and without the same level of granularity. Every Exchange Server 2003 machine has values in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA key that can be used to help control the way people access attachments in OWA.

The two most important security values are the acceptable file types. As with Outlook, file types listed as Level 1 are considered to be high-risk and blocked from access. Level 2 files cannot be accessed directly, but can be saved to a disk. Consider this a security “speedbump” in that while it does not allow one-click access to the file you are not blocked from accessing the file.

The Level1FileTypes should exist on your backend server already and have the following default attachment types listed: ade,adp,app,asx, bas,bat,chm,cmd,com,cpl,crt,csh,exe,fxp,hlp,hta,inf, ins,isp,js,jse,ksh,lnk,mda,mdb,mde,mdt,mdw,mdz, msc,msi,msp,mst, ops,pcd,pif,prf,prg,reg,scf,scr,sct,shb,shs,url,vb,vbe,vbs,wsc,wsf,wsh,xml,asp,aspx,cer,its,mad,maf, mag,mam,maq,mar, mas,mat,mau,may,maw,pst,tmp,vsmacros,vss,vst,vsw,wsm

Should you want to block access to another attachment such as a zipped file, you need only to add “,zip” to the end of this list. New OWA (for users on that mailbox server) will no longer be able to access ZIP files in OWA once this change is made.

As I mentioned before, files listed as Level2FileTypes can be saved to the user’s hard drive. You can add attachment types to this list if you want to restrict one-click access to a certain type of file, but you do not want to block the file altogether. Make sure the attachment you list is not included in the Level 1 list or access will still be blocked.

Note: To learn more about the specific OWA controls, see http://support.microsoft.com/default.aspx?scid=kb;en-us;830827  

Blocking Attachments with Outlook Web Access
Page 1 | Page 2 | Page 3 | Page 4

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008