Managing Outlook Web Access


Topic Last Modified: 2005-05-25

Outlook Web Access for Exchange 2003 includes significant improvements related to the user interface and administration. For information about the user experience improvements in Outlook Web Access, see "Client Features" in What's New in Exchange Server 2003.

You use both Exchange System Manager and the IIS snap-in to manage Outlook Web Access. Use:

  • Exchange System Manager to modify settings for access control to Outlook Web Access.

  • The IIS snap-in to control the authentication settings for the virtual directories for Outlook Web Access, including \Exchange, \Exchweb, and \Public.

The IIS snap-in to enable SSL for Outlook Web Access. For more information about using SSL with Outlook Web Access, see "Configuring Exchange Server 2003 for Client Access" in the Exchange Server 2003 Deployment Guide.

The following sections show how to use Exchange System Manager and the IIS snap-in to do management tasks associated with Outlook Web Access.

You can enable users in your corporate network to access Outlook Web Access, while at the same time denying access to external clients. The steps you need to follow to do this involve creating a new recipient policy and creating a new HTTP virtual server. After you complete these steps, users whose e-mail addresses do not have the same SMTP domain as the HTTP virtual server will not be able to log on and access Outlook Web Access. Also, as long as you do not use the SMTP domain as the default domain, external users cannot determine what the SMTP domain is because the domain does not appear in the From field when users send e-mail messages outside the organization.

For detailed steps on how to enable Outlook Web Access for internal clients only, see How to Enable Outlook Web Access for Internal Clients Only.

Besides enabling Outlook Web Access for users in your corporate network, you can also prevent specific internal users from accessing Outlook Web Access. You do this by disabling the HTTP and NNTP protocols for those users.

For detailed steps on how to disable Outlook Web Access for specific users, see How to Disable Outlook Web Access for Specific Users.

When using Microsoft Internet Explorer 5 or later to access Outlook Web Access, new installations and upgrades to Exchange 2003 use the browser's language settings to determine the character set to use to encode information, such as e-mail messages and meeting requests.

If you upgrade a server running Exchange 2000 that was modified to use a browser's language setting, Exchange 2003 continues to function in the same manner. The following table lists the language groups and respective character sets.

Outlook Web Access language group and character sets

Language group Character set


Windows 1256



Chinese (Simplified)


Chinese (Traditional)




Eastern European
















Western European


If you expect Outlook Web Access users in your organization to send mail frequently, you can modify registry settings so that users who are running Internet Explorer 5 or later can use UTF-8 encoded Unicode characters to send mail.

Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

For detailed steps on modifying the default language setting, see How to Modify the Default Browser Language Settings for Outlook Web Access.

In Exchange 2003, Outlook Web Access makes it more difficult for people who send junk e-mail messages to use beacons to retrieve e-mail addresses. Beacons frequently come in the form of images that are downloaded onto a user's computer when the user opens a junk e-mail item. After the images download, a beacon notification is sent to the sender of the junk e-mail informing the sender that the e-mail address of your user is valid. The result is that the user will receive junk e-mail more frequently because the junk e-mail sender now knows that the e-mail address is valid.

In Outlook Web Access, an incoming message with any content that can be used as a beacon, regardless of whether the message actually contains a beacon, prompts Outlook Web Access to display the following warning message:

If users know that a message is legitimate, they can click the Click here to unblock content link in the warning message and unblock the content. If your users do not recognize the sender or the message, they can open the message without unblocking the content and then delete the message without triggering beacons. If your organization does not want to use this feature, you can disable the blocking option for Outlook Web Access.

For detailed steps for disabling the blocking of Web beacons, see How to Disable Blocking of Web Beacons.

Outlook Web Access can be configured to handle e-mail attachments as your organization requires. You have three options for how your Exchange servers handle attachments:

  • Do not allow attachments

  • Allow attachments (pending file-type filtering)

  • Allow attachment access only through specific back-end servers

Additionally, you can specify a list of front-end servers that are exceptions to the "Allow attachment access through backend servers" option thereby allowing the users that connect through the specified front-end servers to be able to accept attachments. Note that if you set the server to "Allow all attachments" or "Don't allow any attachments," this value is ignored. Also, if a request is through a front-end server specified in this list of front-end servers that can accept attachments, the attachments must still pass Level 1 and 2 restrictions.

With Outlook Web Access, you can block users from opening, sending, or receiving specified attachment types. In particular, you can:

  • Prevent users from accessing certain file type attachments   By default, all new Exchange 2003 installations block attachments of Levels 1 and 2 file types, and Levels 1 and 2 MIME types. This feature is particularly useful in stopping Outlook Web Access users from opening attachments at public Internet terminals, which could potentially compromise corporate security. If an attachment is blocked, a warning message indicating that the user cannot open the attachment appears in the InfoBar of the e-mail message.

    Outlook Web Access users who are working in their offices or connected to the corporate network from home can open and read attachments. You can enable full intranet access to attachments by providing the URL to the back-end servers and allowing attachments on the Exchange back-end servers.

  • Prevent users from sending or receiving attachments with specific file extensions that could contain viruses   This feature in Outlook Web Access matches the attachment blocking functionality in Outlook. For received messages, a warning message indicating that an attachment is blocked appears in the InfoBar of the e-mail message. For sent messages, users cannot upload any files with extensions that appear on the block list.

To change the attachment blocking settings, you must modify the registry settings on the server.

For detailed steps for modifying attachment blocking settings, see How to Modify Attachment Handling Settings.