Managing Outlook Web Access Advanced Features

Applies to: Exchange Server 2007 SP1, Exchange Server 2007 Topic Last Modified: 2007-07-30

You can manage advanced features in Microsoft Office Outlook Web Access in Microsoft Exchange Server 2007 by using the Exchange Management Console and the Exchange Management Shell. In Exchange 2007, you can enable and disable Outlook Web Access features for your whole organization or for individual users by using segmentation. To increase protection against spammers, you can disable Web beacons in Outlook Web Access. If the default language and character settings for Outlook Web Access at initial logon are not appropriate for your users, you can change them by using the language and character settings. If users will be using Outlook Web Access over a slow network connection, you can enable Gzip compression to improve the performance of Outlook Web Access on the client computer.

Segmentation of Features in Outlook Web Access

Segmentation lets you enable and disable features that are available to users in Exchange 2007 Outlook Web Access. By default, any mail-enabled user in your Exchange 2007 organization can access their mailbox by using Outlook Web Access. Depending on the needs of your organization, you can use segmentation to configure the following restrictions for user access:

Restrict access to Outlook Web Access for specific users.
Control access to certain Outlook Web Access features for specific users.
Disable an Outlook Web Access feature completely.

Many features can be set for an Outlook Web Access virtual directory by using the Exchange Management Console. You can use the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell to enable or disable the same features that you can enable and disable by using the Exchange Management Console, in addition to many other Outlook Web Access features for an Outlook Web Access virtual directory. For example, to disable the Reminders feature in Outlook Web Access, you can use the RemindersandNotificationsEnabled parameter. The Reminders feature enables users to receive new mail notifications. You can also modify other Outlook Web Access features, such as Tasks, Contacts, and Themes.

For more information about the parameters that you can use to configure segmentation for all users, see Set-OwaVirtualDirectory.

For more information about the features that can be configured by using the Exchange Management Console, see How to Manage Segmentation in Outlook Web Access.

For more information about how to enable and disable features for specific users, see Set-CASMailbox.

Segmentation Features in Exchange Server 2003 and Exchange Server 2007

Table 1 lists the differences between Outlook Web Access segmentation in Exchange Server 2003 and Exchange 2007.

Table 1 Outlook Web Access segmentation in Exchange Server 2003 and Exchange Server 2007

Type	Exchange Server 2003	Exchange Server 2007
Segmentation basis	Segmentation can be performed for individual users and for individual servers. The segmentation setting for each Outlook Web Access feature is stored as a DWORD value in the registry. If the DWORD value is 1, the Outlook Web Access feature is enabled. If the DWORD value is 0, the Outlook Web Access feature is disabled. By default, all features are enabled.	Segmentation can be performed for individual users and for individual virtual directories. You can administer the user and virtual directory segmentation settings for each Outlook Web Access feature by using the Exchange Management Shell. Unlike in Exchange Server 2003, segmentation settings in Exchange 2007 are not configured by editing the registry.
Storing segmentation values	The DWORD values that are set for users and for servers are the same. However, they are stored in different locations. The server DWORD value is stored in a registry key. The user DWORD value is stored in the msExchMailboxFolderSet Active Directory attribute on the user object. By default, the msExchMailboxFolderSet attribute exists, but the value is not configured.	The segmentation value that is set for an Outlook Web Access virtual directory is stored on the virtual directory object. The segmentation value that is set for a user is stored in the msExchMailboxFolderSet Active Directory attribute on the user object. By default, the msExchMailboxFolderSet attribute exists for each user, but the value is not configured. Use the Set-CASMailbox cmdlet to configure values for individual users.
New features in Outlook Web Access in Exchange 2007 that can be segmented	Not applicable	You can segment the following new Outlook Web Access features: Unified Messaging integration Microsoft Windows SharePoint Services and Windows file shares integration Microsoft Exchange ActiveSync integration from Mobile Settings on the Options page

Type

Exchange Server 2003

Exchange Server 2007

Segmentation basis

Segmentation can be performed for individual users and for individual servers. The segmentation setting for each Outlook Web Access feature is stored as a DWORD value in the registry.

If the DWORD value is 1, the Outlook Web Access feature is enabled. If the DWORD value is 0, the Outlook Web Access feature is disabled.

By default, all features are enabled.

Segmentation can be performed for individual users and for individual virtual directories. You can administer the user and virtual directory segmentation settings for each Outlook Web Access feature by using the Exchange Management Shell.

Unlike in Exchange Server 2003, segmentation settings in Exchange 2007 are not configured by editing the registry.

Storing segmentation values

The DWORD values that are set for users and for servers are the same. However, they are stored in different locations.

The server DWORD value is stored in a registry key.
The user DWORD value is stored in the msExchMailboxFolderSet Active Directory attribute on the user object.

By default, the msExchMailboxFolderSet attribute exists, but the value is not configured.

The segmentation value that is set for an Outlook Web Access virtual directory is stored on the virtual directory object.
The segmentation value that is set for a user is stored in the msExchMailboxFolderSet Active Directory attribute on the user object.

By default, the msExchMailboxFolderSet attribute exists for each user, but the value is not configured. Use the Set-CASMailbox cmdlet to configure values for individual users.

New features in Outlook Web Access in Exchange 2007 that can be segmented

Not applicable

You can segment the following new Outlook Web Access features:
- Unified Messaging integration
- Microsoft Windows SharePoint Services and Windows file shares integration
- Microsoft Exchange ActiveSync integration from Mobile Settings on the Options page

Understanding Web Beacons

A Web beacon is a file object, such as a transparent graphic or an image, which is put on a Web site or in an e-mail message. Web beacons are typically used together with HTML cookies to monitor user behavior on a Web site or to validate a recipient's e-mail address when an e-mail that contains a Web beacon is opened. Web beacon configuration is set on a per virtual directory basis for each Outlook Web Access virtual directory in your organization.

Web beacons frequently come in the form of images that are downloaded onto a user's computer when the user opens a junk e-mail message. After the images are downloaded, a Web beacon notification is sent to the sender of the junk e-mail that informs the sender that the recipient e-mail address is valid. After a user opens a message that sends a Web beacon notification back to the junk e-mail sender, the user may receive junk e-mail more frequently because the junk e-mail sender has verified that the user's e-mail address is valid. Web beacons can also contain harmful code and be used to circumvent e-mail filters to deliver a spammer's message.

Note:
By default, Outlook Web Access disables all potential Web beacon content in e-mail messages.

In Outlook Web Access, an incoming e-mail message that has any content that can be used as a Web beacon, regardless of whether the message actually contains a Web beacon, prompts Outlook Web Access to display a warning message to the user to inform the user that the content has been blocked. If a user knows that a message is legitimate, they can enable the blocked content. If a user does not recognize the sender or the message, they can open the message without unblocking the content and then delete the message without triggering beacons. If your organization does not want to use this feature, you can disable the blocking option for Outlook Web Access.

Disabling Web Beacons

The configuration settings for filtering Web beacons are stored in the Active Directory directory service. You can configure how Web beacons are filtered by using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell. For more information about syntax and parameters, see Set-OwaVirtualDirectory.

The following list describes the parameters in the FilterWebBeacons property for Web beacon filtering in Outlook Web Access:

UserFilterChoice By using the UserFilterChoice parameter, you can let users decide whether they want to enable or continue to disable the blocked Web beacon content. Outlook Web Access blocks all potential Web beacon content in an e-mail message and displays the following message in the information bar when a user receives an e-mail message that contains potential Web beacon content: "To protect your privacy, Outlook Web Access has blocked some images, sounds, or other external content. To restore, Click Here." To view the blocked Web beacon content, the user can click the Click Here option.

Note:
By default, the UserFilterChoice parameter is enabled on Outlook Web Access.
ForceFilter By using the ForceFilter parameter, you can block all potential Web beacon content. Users cannot override the ForceFilter parameter to view the blocked Web beacon content.
DisableFilter By using the DisableFilter parameter setting, you can enable all Web beacon content on Outlook Web Access.

Note:
By default, the UserFilterChoice parameter is enabled on Outlook Web Access.

For more information about how to disable Web beacons, see How to Control Web Beacon and HTML Form Filtering for Outlook Web Access.

Language Settings

By using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell, you can configure the following language parameter settings on an Outlook Web Access virtual directory:

DefaultClientLanguage The DefaultClientLanguage parameter, a Regional property setting, specifies the Outlook Web Access language that is used when a user who has not selected a specific language on the Options page logs on to Outlook Web Access. This prevents the user from being able to view the initial page to set the time zone and language, but does not prevent the user from changing these settings using the Options in Outlook Web Access after they have logged on. This parameter does not apply to Microsoft Exchange 2000 Server or Exchange 2003 virtual directories.
LogonAndErrorLanguage The LogonAndErrorLanguage parameter specifies which language Outlook Web Access uses for forms-based authentication and for error messages that occur when a user’s current language setting cannot be read. This parameter applies to Exchange 2003 virtual directories.

The user can configure the language that is used by Outlook Web Access by using the Regional Settings option in the Options menu after he or she is successfully authenticated for an Outlook Web Access session. The LogonAndErrorLanguage parameter can be configured only by an administrator. The administrator must configure the LogonAndErrorLanguage parameter before the user authenticates into Outlook Web Access.

Note:
To make all Arabic, Asian, Hebrew, and Urdu text to display correctly in Outlook Web Access, support for languages that are read from right-to-left and script languages must be installed on the client computer. Other languages may also require that the appropriate language pack be installed on the client computer.

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

For more information about how to configure the language settings for an Outlook Web Access virtual directory, see How to Configure Language Settings for Outlook Web Access.

Character Settings

The Charset parameter specifies how the Web browser decodes data and appends the character set, for example, ISO-8859-15, of the content-type header in the Response object of the Web page. You can use the Response object to send output to the client.

By using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell, you can configure the character settings on an Outlook Web Access virtual directory. You can configure the following character settings on an Outlook Web Access virtual directory:

OutboundCharset The OutboundCharset parameter specifies the character set that is used on messages that are sent by users on a specific Outlook Web Access virtual directory. It accepts three settings: autodetect, alwaysutf8, and userlanguagechoice. Autodetect causes Exchange to examine the first 2 kilobytes (KB) of text and deduce the character set to use. This is the preferred method. AlwaysUTF8 causes Exchange to always use UTF-8 encoded UNICODE characters on outgoing messages. UserLanguageChoice causes Exchange to use the language that is used in the Outlook Web Access user interface to encode messages. This can be a problem if the preferred language and the language that is used on an individual message are not the same.
UseGB18030 The UseGB18030 parameter, a Regional property setting, specifies when the character set GB18030 is used. This parameter is a character-handling key in Active Directory that works in coordination with the OutboundCharset registry key. If USEGB18030 is on and OutboundCharset is set to Autodetect, Outlook Web Access will use GB18030 whenever GB18032 is detected.
UseISO8859-15 The UseISO8859-15 parameter, a Regional property setting, specifies when the character set ISO8859-15 is used. This parameter is a character-handling key in Active Directory that works in coordination with the OutboundCharset registry key. If USEISO8859-15 is on and OutboundCharset is set to Autodetect, Outlook Web Access will use ISO8859-15 whenever ISO8859-1 is detected

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

For more information about how to configure the character settings for Outlook Web Access, see How to Configure Character Settings for Outlook Web Access.

Gzip Compression Settings

Gzip compression enables data compression. Data compression helps optimize response time over slow network connections. Depending on the type of compression setting that you select, Outlook Web Access compresses static Web pages, dynamic Web pages, or both static Web pages and dynamic Web pages. Gzip compression is performed by the Client Access server.

You can configure Gzip compression settings on an Outlook Web Access virtual directory by using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell. You can use the Get-OwaVirtualDirectory cmdlet to retrieve information about the current settings on an Outlook Web Access virtual directory. For more information about syntax and parameters, see Set-OwaVirtualDirectory.

Table 2 describes the three levels of data compression settings for Outlook Web Access.

Table 2 Data compression settings for Outlook Web Access

Data compression setting	Description
High	This setting compresses static and dynamic pages.
Low	This setting compresses only static pages. By default, Gzip compression is set to low on Exchange 2007 virtual directories and on Exchange 2000 and Exchange 2003 virtual directories on Exchange 2007 servers that are hosting only the Client Access server role. Compression is not supported on Exchange 2000 and Exchange 2003 virtual directories on Exchange 2007 servers that have the Mailbox server role installed.
Off	No compression is used.

Data compression setting

Description

High

This setting compresses static and dynamic pages.

Low

This setting compresses only static pages.

By default, Gzip compression is set to low on Exchange 2007 virtual directories and on Exchange 2000 and Exchange 2003 virtual directories on Exchange 2007 servers that are hosting only the Client Access server role. Compression is not supported on Exchange 2000 and Exchange 2003 virtual directories on Exchange 2007 servers that have the Mailbox server role installed.

Off

No compression is used.

For more information about how to configure Gzip settings, see How to Configure Gzip Compression Settings.

Creating Themes for Outlook Web Access

You can customize the appearance of Outlook Web Access for your organization by creating one or more themes. After you create a theme, you can use segmentation to set the default theme. You can also use segmentation to enable or disable user access to theme selection in Outlook Web Access options.

Customizing the Forms-Based Authentication Logon Page

You can customize the appearance of the forms-based authentication page by writing a new version of the logon page that sends the same HTML form to the Outlook Web Access application as the original forms-based authentication logon page.

The forms-based authentication page is enabled for anonymous access. Therefore, you must use caution when deciding what content to display on the Outlook Web Access logon page. Do not reveal any sensitive data that may pose a security risk for your organization on the Outlook Web Access logon page.

If you customize the logon page, your changes may be overwritten when you install hot fixes and service packs on the Client Access server that is providing the logon page.

For More Information

For more information about Outlook Web Access advanced features, see the following topics: