How to Manage Segmentation in Outlook Web Access: Exchange 2007 Help

How to Manage Segmentation in Outlo...

Collapse All

How to Manage Segmentation in Outlook Web Access

Applies to: Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007 Topic Last Modified: 2008-12-09

This topic describes how to manage segmentation in Microsoft Office Outlook Web Access for Microsoft Exchange Server 2007. Segmentation lets you enable and disable many features in Outlook Web Access by using the Exchange Management Console or the Exchange Management Shell.

By default, segmentation changes take effect after 60 minutes of inactivity for users who are logged on to Outlook Web Access or when a user logs on to Outlook Web Access. To force the changes to take effect immediately, restart Internet Information Services (IIS) by running the iisreset/noforce command on the Client Access server.

Before You Begin

To perform this procedure, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedure

To use the Exchange Management Console to configure Outlook Web Access segmentation

In the Exchange Management Console, click Server Configuration, and then click Client Access.
In the work pane, select owa (Default Web Site), and then, in the action pane, click Properties.
On the owa (Default Web Site) Properties page, click the Segmentation tab.
The Segmentation window provides a list of features for Outlook Web Access that you can enable or disable for all users.
To enable or disable a feature for Outlook Web Access for all users, select a feature, and then click Enable or Disable.
The status for all features is displayed in the center section in the Segmentation window.

Segmentation in the Exchange Management Console and the Exchange Management Shell

The following table lists the segmentation options that are available through the Exchange Management Console and by using Exchange Management Shell parameters. You can use the Set-OwaVirtualDirectory cmdlet together with the parameters listed in the table to enable or disable the features on the Segmentation tab that were discussed earlier in step 3.

Note:
The Public Folders, Recover Deleted Items, Rules, and S/MIME segmentation features are available only in Exchange 2007 Service Pack 1 (SP1). For an overview of the Outlook Web Access features that were added for Exchange 2007 SP1, see What's New in Exchange Server 2007 SP1.

Segmentation options that can be set in the Exchange Management Console and by using Exchange Management Shell parameters

Exchange Management Console	Exchange Management Shell Parameter	Description
All Address Lists	AllAddressListsEnabled	If it is enabled, this option lets users see all address lists in the Exchange organization. If it is disabled, the user will see only the default global address list.
Calendar	CalendarEnabled	If it is enabled, this option lets users see Calendar folders by using Outlook Web Access. If it is disabled, the Calendar is still available by using Outlook, but will not be visible from Outlook Web Access.
Change Password	ChangePasswordEnabled	If it is enabled, this option lets users change their Active Directory account password by using Outlook Web Access. Note: To enable users to change passwords that have expired or have been set to User must change at next logon, see Implementing the Change Password feature with Outlook Web Access.
Contacts	ContactsEnabled	If it is enabled, this option lets users see Contacts folders by using Outlook Web Access. If it is disabled, Contacts folders are still available by using Outlook, but will not be visible from Outlook Web Access.
E-mail Signature	SignaturesEnabled	If it is enabled, this option lets users use the Outlook Web Access Options to manage signatures for outgoing e-mail messages.
Exchange ActiveSync Integration	ActiveSyncIntegrationEnabled	If it is enabled, this option lets users manage a mobile device by using the Options feature in Outlook Web Access. If it is disabled, the option is not visible.
Journal	JournalEnabled	If it is enabled, this option lets users see the Journal folder by using Outlook Web Access. If it is disabled, the Journal is still available by using Outlook, but will not be visible from Outlook Web Access.
Junk E-mail Filtering	JunkEmailEnabled	If it is enabled, this option enables users to control the junk e-mail settings for their mailbox from Outlook Web Access. If it is disabled, the user will be unable to control the junk-email settings from Outlook Web Access, but any settings that are set by an administrator or set by using Outlook will still be applied.
Notes	NotesEnabled	If it is enabled, this option makes the Notes folder visible in Outlook Web Access. Outlook Web Access provides view-only access to Notes.
Premium Client	PremiumClientEnabled	If it is enabled, this option lets users access the Outlook Web Access Premium client. If it is disabled, only Outlook Web Access Light will be available.
Public Folders	PublicFoldersEnabled	If this is enabled, this option lets users browse or read items in public folders by using Outlook Web Access. Note: This feature is available only in Exchange 2007 SP1.
Recover Deleted Items	RecoverDeletedItemsEnabled	If this is enabled, this option lets users view, recover, or delete permanently items that have been deleted from the Deleted Items folder by using Outlook Web Access. Note: This feature is available only in Exchange 2007 SP1.
Reminders and Notifications	RemindersAndNotificationsEnabled	If it is enabled, this option lets users receive reminders for calendar items and tasks and notifications for new messages when they are using Outlook Web Access Premium. If it is disabled, users will not receive reminders and notifications. Reminders and notifications are not available in Outlook Web Access Light.
Rules	RulesEnabled	If this is enabled, this option lets users view, create, or modify server side rules by using Outlook Web Access. Note: This feature is available only in Exchange 2007 SP1.
S/MIME	SMimeEnabled	If this is enabled, this option lets users download the S/MIME control for Outlook Web Access and use it to read and compose signed and encrypted messages. Note: This feature is available only in Exchange 2007 SP1.
Search Folders	SearchFoldersEnabled	If it is enabled, this option lets users see the Search Folders icon in the Outlook Web Access navigation pane and lets users access any search folders that exist on the server. If it is disabled, the Search Folders icon remains visible in Outlook Web Access. But the folders will not be available. For more information about how to create search folders, see the Outlook Help.
Spelling Checker	SpellCheckerEnabled	If it is enabled, this option lets users check spelling in Outlook Web Access. This feature is not available in Outlook Web Access Light.
Tasks	TasksEnabled	If it is enabled, this option makes the Tasks features in Outlook Web Access available to users. This feature is not available in Outlook Web Access Light.
Theme Selection	ThemeSelectionEnabled	If it is enabled, this option lets users select a theme by using the Options feature in Outlook Web Access. This feature is not available in Outlook Web Access Light.
Unified Messaging Integration	UMIntegrationEnabled	If it is enabled, this option lets users manage their Unified Messaging settings by using Outlook Web Access.

Per-User Segmentation

Exchange 2007 allows for easier implementation of Outlook Web Access per-user segmentation. To configure per-user segmentation in earlier versions of Exchange, you must set the msExchMailboxFolderSet attribute on the particular user's Active Directory object by using a tool such as the ADSI Edit tool. In Exchange 2007, you can use the Set-CASMailbox cmdlet to configure per-user segmentation.

Note:
You can use the Set-CASMailbox cmdlet to configure per-user settings for Exchange ActiveSync, Outlook Web Access, MAPI, POP, and IMAP.

The following two cmdlets are available to retrieve or configure user settings:

Get-CASMailbox
This cmdlet retrieves the settings for a particular user.
Set-CASMailbox
This cmdlet configures settings for a particular user.

Both cmdlets take the identity parameter. The identity parameter specifies the particular user's domain name and user name, such as contoso\user1. Also, because many components share the Get-CASMailbox and Set-CASMailbox cmdlets, Exchange uses a naming convention to specify the properties that are being retrieved or configured.

Each property has a prefix to specify the component name to which it belongs. For example, Outlook Web Access properties have an OWA prefix. MAPI properties have a MAPI prefix. To view the Outlook Web Access segmentation settings for a user, run the following command at the Exchange Management Shell:

Get-CASMailbox -identity "contoso\<user1>" | fl OWA*

When you run this command, you see results that resemble the following:

OWAEnabled : True

OWACalendarEnabled :

OWAContactsEnabled :

OWATasksEnabled :

OWAJournalEnabled :

OWANotesEnabled :

OWARemindersAndNotificationsEnabled :

OWAPremiumClientEnabled :

OWASpellCheckerEnabled :

OWASearchFoldersEnabled :

OWASignaturesEnabled :

OWAThemeSelectionEnabled :

OWAJunkEmailEnabled :

OWAUMIntegrationEnabled :

OWAWSSAccessOnPublicComputersEnabled :

OWAWSSAccessOnPrivateComputersEnabled :

OWAUNCAccessOnPublicComputersEnabled :

OWAUNCAccessOnPrivateComputersEnabled :

OWAActiveSyncIntegrationEnabled :

OWAAllAddressListsEnabled :

OWAChangePasswordEnabled :

Each property in virtual directory segmentation has a corresponding per-user segmentation property. By default, per-user segmentation properties are not set. This is why most of the properties in the previous results do not contain any values.

When you configure per-user segmentation, the commands that you use set bits in an integer that is named msExchMailboxFolderSet. The first time that you modify a per-user segmentation setting, all the bits in the msExchMailboxFolderSet integer must be set to a particular value. By default, Exchange sets every value to False unless you explicitly set the value(s) to True.

Therefore, you may experience unexpected behavior when you try to configure a particular value. For example, assume that you run the following cmdlet to disable the Change Password feature in Outlook Web Access:

Set-CASMailbox -identity "contoso\<user1>" -OWAChangePasswordEnabled:$false

After you run this command, you see the following results when you view the properties for the particular user:

OWAEnabled : True

OWACalendarEnabled : False

OWAContactsEnabled : False

OWATasksEnabled : False

OWAJournalEnabled : False

OWANotesEnabled : False

OWARemindersAndNotificationsEnabled : False

OWAPremiumClientEnabled : False

OWASpellCheckerEnabled : False

OWASearchFoldersEnabled : False

OWASignaturesEnabled : False

OWAThemeSelectionEnabled : False

OWAJunkEmailEnabled : False

OWAUMIntegrationEnabled : False

OWAWSSAccessOnPublicComputersEnabled : False

OWAWSSAccessOnPrivateComputersEnabled : False

OWAUNCAccessOnPublicComputersEnabled : False

OWAUNCAccessOnPrivateComputersEnabled : False

OWAActiveSyncIntegrationEnabled : False

OWAAllAddressListsEnabled : False

OWAChangePasswordEnabled : False

In this example, although you had intended to disable only the Change Password feature, Exchange sets all the unset features to False. Therefore, for an msExchMailboxFolderSet attribute that has not been set, you must explicitly configure every feature.

In the previous example, to disable only the Change Password feature on an unset msExchMailboxFolderSet attribute and to leave all the other features enabled, you have to explicitly configure each feature. To do this, you must run the following command:

set-CASMailbox -identity "contoso\<user1>" -OWAChangePasswordEnabled:$false `
 -OWAPremiumClientEnabled:$true `
 -OWACalendarEnabled:$true `
 -OWAContactsEnabled:$true `
 -OWATasksEnabled:$true `
 -OWAJournalEnabled:$true `
 -OWANotesEnabled:$true `
 -OWARemindersAndNotificationsEnabled:$true `
 -OWASpellCheckerEnabled:$true `
 -OWASearchFoldersEnabled:$true `
 -OWASignaturesEnabled:$true `
 -OWAThemeSelectionEnabled:$true `
 -OWAJunkEmailEnabled:$true `
 -OWAUMIntegrationEnabled:$true `
 -OWAWSSAccessOnPublicComputersEnabled:$true `
 -OWAWSSAccessOnPrivateComputersEnabled:$true `
 -OWAUNCAccessOnPublicComputersEnabled:$true `
 -OWAUNCAccessOnPrivateComputersEnabled:$true `
 -OWAActiveSyncIntegrationEnabled:$true `
 -OWAAllAddressListsEnabled:$true

After you set all the bits on the msExchangeMailboxFolderSet attribute, you can configure each individual bit without having to specify values for the other bits.

Important considerations

Consider the following when you use per-user segmentation with Outlook Web Access:

Per-user segmentation overrides virtual directory segmentation. For example, when you use the Set-CASMailbox cmdlet to set OWAChangePasswordEnabled to True for a user, the user will always have access to the Change Password feature, regardless of what option is set on the virtual directory.
You cannot use the Set-CASMailbox cmdlet to clear per-user segmentation settings. Instead, you must use ADSI Edit or a similar tool to change the msExchMailboxFolderSet attribute on the user's Active Directory object.

The OWAEnabled property is not part of Outlook Web Access segmentation. Instead, OWAEnabled is a setting in the ProtocolSettings attribute on the user's Active Directory object. The OWAEnabled property is used to allow or to block access to Outlook Web Access as a whole.

For More Information

For more information about how to manage Outlook Web Access, see the following topics:

For more information about syntax and instructions for using the Exchange Management Shell to manage Outlook Express segmentation, see Set-OwaVirtualDirectory.