How to Manage Public and Private Computer File Access

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to manage direct file access for Microsoft Office Outlook Web Access in Microsoft Exchange Server 2007 for both public and private computers. Direct file access lets users open files that are attached to e-mail messages, and files that are stored in Microsoft Windows SharePoint Services document libraries and in Windows file shares.

By default, public computer direct file access is enabled for new installations and upgrades of Outlook Web Access. Therefore, when users in your organization select This is a public or shared computer or This is a private computer on the Outlook Web Access logon page, they will be able to access files that are attached to e-mail messages.

When you enable private or public computer file access for users, you can use the Exchange Management Console to specify individual file types and MIME types. The following table lists the file name extensions and MIME types that, by default, are set to Allow, Block, or Force Save for the \owa virtual directory.

  • Allow   File and MIME types in the Allow list can be opened from Outlook Web Access, if the application that is needed to open the files is installed on the client computer. Allow overrides Block and Force Save.

  • Block   File and MIME types in the Block list cannot be opened. Block overrides Force Save, and is overridden by Allow.

  • Force Save   File and MIME types in the Force Save list must be saved to the client computer before they can be opened. Force Save is overridden by Allow and Block.

    Note

    Although it appears that you can set the values for private and public computer access individually, you cannot. When you specify behavior for private access, you also set it for public access.

The following table shows default file name extensions and MIME values for the Allow, Block, and Force Save settings for the \owa virtual directory. these apply to Exchange 2007 RTM and Exchange 2007 RTM-based servers that have been upgraded to Exchange 2007 SP1.

Option Description Default file name extensions Default MIME types

Allow

This option specifies the file types that are always enabled for direct file access.

.avi, .bmp, .doc, .docm, .docx, .gif, .jpg, .mp3, .one, .pdf, .png, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pub, .rpmsg, .rtf, .tif, .txt, .vsd, .wav, .wma, .wmv, .xls, .xlsb, .xlsm, .xlsx, .zip

Note

.tiff support is included with Exchange 2007 SP1.

image/jpeg, image/png, image/gif, image/bmp

Block

This option specifies the file types that are always blocked from direct file access.

.ade, .adp, .app, .asp, .aspx, .asx, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .der, .exe, .fxp, .hlp, .hta, .htc, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .mht, .mhtml, .msc, .msh, .msh1, .msh1xml, .msh2, .msh2xml, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst, .vsw, .ws, .wsc, .wsf, .wsh, .xml

Note

.gadget support is included with Exchange 2007 SP1

application/hta, application/javascript, application/msaccess, application/prg, application/x-javascript, application/xml, text/javascript, text/scriplet, text/xml, x-internet-signup

Force Save

This option specifies the files that users can access only after they have saved them to the local computer.

.ade, .adp, .app, .asp, .aspx, .asx, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .dcr, .dir, .exe, .fxp, .hlp, .hta, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .sql, .swf, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst, .vsw, .ws, .wsc, .wsf, .wsh

Note

.gadget support is included with Exchange 2007 SP1.

Application/futuresplash, Application/octet-stream, Application/x-director, Application/x-shockwave-flash

There is also a default setting for unknown file types. You can set the setting for unknown file types to one of the following values:

  • Allow

  • Block

  • Force Save

Always Blocked

The following files are always blocked by Outlook Web Access, regardless of the file access settings in the Outlook Web Access virtual directory:

  • .mht files.

  • Non-XML file types that contain XML content.

If a user tries to open an allowed file type, not an XML file type, that contains any embedded XML, Outlook Web Access will block the file and not allow it to be opened or saved to the user's local computer.

Outlook Web Access will block .mht files even if .mht is in the allowed files list. Files that are of the.mht type cannot be opened or saved to the user's local computer.

Before You Begin

To perform the following procedures, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedure

To use the Exchange Management Console to configure Direct File Access policy settings for Outlook Web Access

  1. In the Exchange Management Console, click Server Configuration, and then click Client Access.

  2. In the action pane, in Outlook Web Access, click Properties.

  3. On the Outlook Web Access Properties page, click either the Public Computer File Access tab or the Private Computer File Access tab.

  4. Under Direct file access, select the check box next to Enable direct file access to let users download attachments.

  5. To modify the types of attachments that you want users to be able to access, click the Customize button next to Customize direct file access.

  6. On the Direct File Access Settings page, do one of the following:

    • To set the file types and MIME types that you want users to access, click the Allow button, and then set the file name extensions and MIME values on the Allow List page.

    • To set the file types and MIME types that you want to block users from accessing, click the Block button, and then and set the file name extensions and MIME values on the Block List page.

    • To set the file types and MIME types that you want to force users to save before they access them, click the Force Save button, and then set the file name extensions and MIME values on the Force Save List page.

    • For unknown file types, select an option from the list in the Unknown Files box. Select Allow, Block, or Force Save.

  7. Click OK to save your settings.

To use the Exchange Management Shell to configure attachments policy settings for Outlook Web Access

  • Run the following command:

    Set-OwaVirtualDirectory
    
  • Use the syntax in the following example to prevent users on public computers from downloading files:

    Set-OwaVirtualDirectory -identity "owa (Default Web Site)" -DirectFileAccessOnPublicComputersEnabled $false
    

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

For More Information

For more information about file access in Outlook Web Access, see Managing File and Data Access for Outlook Web Access.

For more information about how to manage Outlook Web Access on the computer that is running Exchange 2007, see Managing Outlook Web Access.