How to Deploy Message Classification for Outlook 2007

How to Deploy Message Classificatio...

Applies to: Exchange Server 2007 SP1, Exchange Server 2007 Topic Last Modified: 2009-01-07

Microsoft Office Outlook 2007 requires a local file (Classifications.xml) that contains definitions of the message classifications that Microsoft Exchange Server 2007 supports before Outlook users can apply message classifications to their messages. The Exchange administrator must also create a new registry key that enables message classification and references the Classifications.xml file on the Outlook user's computer.

This topic describes how to create the registry key and related registry settings that are required to enable message classification on the computer where Outlook 2007 is run, and how to create the Classifications.xml file.

Creating the Outlook 2007 Registry Key

The following registry key and related registry settings must be created on all Outlook 2007 computers from which users who have mailboxes hosted on Exchange 2007 send message classifications:

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Policy]
"AdminClassificationPath"="c:\\Classifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001

Note:
The `Policy` key is not present in Outlook 2007 and therefore must be created.

Caution:
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

You must change the AdminClassificationPath path to refer to the location where you will copy the Classifications.xml file. You can change the AdminClassificationPath path to point to any location that is available to Outlook 2007. This includes a network share. However, we recommend that the path is a location on the local computer for any Outlook 2007 computer that is running in cached mode so that the Outlook 2007 computer can read the instructions and enable message composition even when offline.

The EnableClassifications DWORD value enables and disables message classification functionality in Outlook 2007 for the given user. To enable message classification functionality, set this DWORD value to 00000001. To disable message classification functionality, set this DWORD value to 00000000.

The TrustClassifications DWORD lets you qualify the assertions made on classified messages when the messages are sent to users who have mailboxes on Exchange Server 2003 or earlier.

You should enable TrustClassifications only for users who have mailboxes that are controlled by Exchange 2007. To enable TrustClassifications, set this DWORD value to 00000001. Because TrustClassifications are enabled only for users who have mailboxes controlled by Exchange 2007, Outlook 2007 recipients can rely on the assertions or instructions in the message classification.

Outlook also supports message classifications between users who run Exchange 2003 or earlier. Because Exchange 2003 does not support or recognize message classifications, the content and validity of the message classifications cannot be guaranteed. Therefore, disabling TrustClassifications prepends the text The sender claims: to the message classification to protect users from incorrectly assuming that their organization has processed the classification. To disable TrustClassifications, set this DWORD value to 00000000.

The message classifications in the Classifications.xml file are the only message classifications that will be available to Outlook users when they send messages in Outlook 2007. However, the message classifications in the Classifications.xml file do not restrict the set of classifications that a user can receive.

For example, a user can receive an e-mail with a message classification that is not present in their version of the Classifications.xml file. If the user forwards the message classification, the message retains its classification, assuming that the RetainClassificationEnabled parameter on the originating message classification instance was set to $True, even though the recipient who forwards the message does not have the specific message classification in the local Classifications.xml file.

In an Exchange 2007 environment, only classifications that are registered in the Active Directory directory service will be sent to recipients.

Creating the Classifications.xml File

Use the Export-OutlookClassification.ps1 script to generate the Classifications.xml file for the Outlook 2007 computer.

The Export-OutlookClassification.ps1 script is copied to the Program Files\Microsoft\Exchange Server\Scripts directory that is installed when you run Exchange Setup. You must run the script from the Scripts directory.

To export all existing message classifications to a Classifications.xml file, run the following command:

./Export-OutlookClassification.ps1 > c:\exports\Classifications.xml

In this command, c:\exports is the directory where you are writing the Classifications.xml file.

To export all existing message classifications of a specific locale to a Classifications.xml file, run the following command:

./Export-OutlookClassification.ps1 -Locale "en" >Classifications.xml

In this command, "en" is the locale code. The Locale parameter takes a data type of CultureInfo.

For more information about the CultureInfo data type, see the table of predefined culture names and identifiers at CultureInf o Class. If the locale does not exist, no message classifications are written to the Classifications.xml file.

Important:
You must specify the name of the Classifications.xml file. Although the script will let you export a file of any name, we recommend that you name the exported file `Classifications.xml`.

Before You Begin

To run the Get-MessageClassification cmdlet and the Export-OutlookClassification.ps1 script, the account you use must be delegated the following:

Exchange View-Only Administrators role

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedure

To create the Classifications.xml file

Open the Exchange Management Shell and run the following script from the Program Files\Microsoft\Exchange Server\Scripts directory:
```
./Export-OutlookClassification.ps1 > c:\exports\Classifications.xml
```
This script will export all message classifications into Classifications.xml. If you do not want all classifications in the XML file, you must manually remove them by removing the specific <Classification> element from Classification.xml.

After you have exported the appropriate message classifications, you must copy the resulting Classifications.xml file onto the end-users' computers to the AdminClassificationPath path that you specified in the registry setting that was discussed earlier. Finally, you must restart Outlook so that the Classifications.xml file is picked up by Outlook.

All message classifications are exported to the Classifications.xml file. Active Directory enforces permissions when message classifications are executed by Exchange. If users try to use a message classification that they do not have permissions to use, the message will not be acted upon by the message classification infrastructure.

If you do not want all message classifications to be displayed to all Outlook users, you must manually edit the Classifications.xml file to exclude the classifications that you do not want to display. Each classification is enclosed in a Classification element in the Classifications.xml file. Each Classification element is identified by the GUID and name. To remove a classification, you must delete the entire Classification element that is associated with the classification.

For More Information

For more information, see the following topics: