Managing Message Classifications
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-01-03
This topic provides information about how to manage message classifications and references to documentation that will help the Exchange administrator manage message classifications. Many of the concepts that are briefly described in this topic are covered in detail in Overview of Message Classifications.
To create a new message classification instance, you must use the New-MessageClassification cmdlet in the Exchange Management Shell. For detailed parameter syntax and requirements, see New-MessageClassification.
Although the New-MessageClassification cmdlet only requires three parameters to create a new message classification, you should set additional parameters to provide a basic level of functionality.
The three required parameters are Name, DisplayName, and SenderDescription. At a minimum, you should also set a value for the RecipientDescription parameter, or set the UserDisplayEnabled parameter to
$False if you do not want to display the message classification to users, to get the functionality that you want. More information about each of these parameters is included in New-MessageClassification.
You can change any of these parameters after you create a new message classification by using the Set-MessageClassification cmdlet. For more information, see Set-MessageClassification.
After you create the default message classification instance, you can create localized versions for the various regions that you support in your organization. You can use localized message classifications to change the language of the sender description and recipient description or to change the content of the sender description and recipient description to reflect differences in regulatory requirements for different jurisdictions. If a localized version is not available for the locale of the user, the default message classification is used.
For an example of a localized message classification and more information about how to create localized versions of message classifications, see How to Create Localized Versions of Message Classifications.
The following list provides a brief description of the three properties that you can set on a message classification object for the benefit of the Microsoft Office Outlook 2007 or Microsoft Office Outlook Web Access user:
Display name This property specifies the display name for the message classification instance. The display name appears in the Permission menu in Outlook 2007 and Office Outlook Web Access and is used by Outlook and Outlook Web Access users to select the appropriate message classification before they send a message. The display name is also displayed in the recipient description that appears in the InfoBar in an Outlook 2007 message. The parameter name is DisplayName.
Sender description This property explains to the sender what the message classification is intended to achieve. The text that the Exchange administrator enters for this field is used by Outlook and Outlook Web Access users to select the appropriate message classification before they send a message. The parameter name is SenderDescription.
Recipient description This property explains to the recipient what the message classification was intended to achieve. The text that the Exchange administrator enters for this field is viewed by Outlook and Outlook Web Access users when they receive a message that has this message classification. The parameter name is RecipientDescription.
When you create a new message classification and enable the computer on which Outlook 2007 runs, the new message classification will be present in the Permission menu of Outlook 2007 and Office Outlook Web Access.
You can control Read access for the message classifications that are presented in the Permission menu of Outlook 2007 if you configure the actual message classifications that you export into the Classifications.xml file. For more information about how to create and use the Classifications.xml file, see How to Deploy Message Classification for Outlook 2007.
You can control Read access for the message classifications that are presented in the Permission menu of Outlook Web Access if you configure the Read permissions on the message classification object. By default, all message classifications are created with Read permissions for any authenticated user when you grant Read permissions to authenticated users on the message classification object in the Active Directory directory service.
You can remove Read permissions on a given message classification if you run the following command in the Exchange Management Shell. To perform this procedure, the account you use must be delegated the following:
Exchange Organization Administrator role
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
Get-MessageClassification ExAttachmentRemoved -IncludeLocales | Remove-AdPermission -User AU -AccessRights GenericRead -InheritanceType None
where ExAttachmentRemoved is the
Name value of the message classification object that you are modifying and
AU is the Authenticated Users group.
To add Read permissions, run the following command in the Exchange Management Shell:
Get-MessageClassification ExAttachmentRemoved -IncludeLocales | Add-AdPermission -User "DomainName\Group" -AccessRights GenericRead -InheritanceType None
where "DomainName\Group" is the domain group that you want to give Read permissions to.
|Do not add a "Deny" permission to the message classification because that action will make the message classification object unreadable by Exchange.|
It's very important to understand that Read permissions that are set on the message classification object do not control whether the sender can use the message classification. Read permissions on the message classification only control whether the message classification is displayed in the Permission menu in Outlook Web Access. Outlook 2007 users can send message classifications even if the user does not have Read access to the message classification. Advanced users can still send classified messages by editing the Classifications.xml file that is installed on their computer to enable message classifications in Outlook 2007.
After you create a new message classification instance, you can associate a transport rule to the message classification. You use the Exchange Management Shell to create a new transport rule and add the message classification as a condition. For information about how to use the Exchange Management Shell to create new transport rules, see New-TransportRule.
You can also use the New Transport Rule wizard in the Exchange Management Console to associate a transport rule with an existing message classification. For an example and more information, see How to Customize Default Message Classifications.
By default, Outlook Web Access 2007 fully supports message classification functionality.
For Outlook 2007, you must enable message classification on each computer where Outlook 2007 is running, and you must deploy the message classification configuration files. For more information, see How to Deploy Message Classification for Outlook 2007.