Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2011-03-19

You can use the EMC or the Shell to view or configure the properties of an Outlook Web App virtual directory.

If you use the Shell to view the properties of an Outlook Web App virtual directory, the information returned is a subset of the information that's available. For example, if you use the Get-OWAVirtualDirectory cmdlet to view properties, Exchange returns the following information:

You can also retrieve information for a specific virtual directory on a specific server by using the available parameters. For more information about the Get-OWAVirtualDirectory cmdlet parameters, see Get-OwaVirtualDirectory.

If you use the EMC to view the properties of an Outlook Web App virtual directory, you'll be able to view a complete set of properties for the Exchange server that you're on.

Looking for other management tasks related to Outlook Web App? Check out Managing Outlook Web App.

What Do You Want to Do?

Use the EMC to view or configure Outlook Web App virtual directory properties

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.

  1. In the console tree, navigate to Server Configuration > Client Access.

  2. In the result pane, click the server you want.

  3. In the work pane, click the Outlook Web App tab, right-click the virtual directory that you want to view or modify, and then click Properties.

  4. On the General tab, you can view the properties of the Outlook Web App default Web site and specify an external URL and an internal URL. View or select the following options:

    • Server   (Read-only.) Server displays the name of the server that hosts the Outlook Web App virtual directory.

    • Web site   (Read-only.) Web site displays the name of the Web site.

    • Version   (Read-only.) Version displays the version of Exchange that the virtual directory supports.

    • Modified   (Read-only.) Modified displays the last date and time that the virtual directory was modified.

    • Internal URL   In this text box, specify the URL used to access this Web site from an internal network. An internal URL is configured automatically during Exchange 2010 Setup. The default internal URL setting for an Internet-facing or non-Internet-facing Client Access server is https://<Computer Name>/owa.

    • External URL   In this text box, specify the URL used to access the Web site from the Internet. By default, External URL is blank. For Internet-facing Client Access servers, External URL should be set to the value published in DNS for that Active Directory site. For Client Access servers that don't have an Internet presence, the External URL setting should remain blank.

  5. On the Authentication tab, specify authentication methods, sign-in format, and sign-in domain:

    • Use one or more standard authentication methods   Select this option to use one or more of the following standard authentication methods:

      Integrated Windows authentication   This method requires that users have a valid Windows Server 2008, Windows Server 2003, or Microsoft Windows 2000 Server user account name and password to access information. Users aren't prompted for their account names and passwords. Instead, the server negotiates with the Windows security packages installed on the client computer. Integrated Windows authentication enables the server to authenticate users without prompting them for information and without transmitting information that isn't encrypted over the network. For this method to work, the client computer must be a member of the same domain as the servers running Exchange, or of a domain that's trusted by the domain that the Exchange server is in.

      Digest authentication for Windows domain servers   This method transmits passwords over the network as a hash value for additional security. Digest authentication can be used only in Windows Server 2008, Windows Server 2003, and Windows 2000 Server domains for users who have an account that's stored in Active Directory. For more information about Digest authentication, see the Windows Server documentation.

      Basic authentication (password is sent in clear text)   This method is a simple authentication mechanism defined by the HTTP specification that encodes a user's sign-in name and password before the user's credentials are sent to the server. To make sure that the password is as secure as possible, you should use Secure Sockets Layer (SSL) encryption between client computers and the server that has the Client Access server role installed.

    • Use forms-based authentication   Forms-based authentication provides enhanced security for Outlook Web App virtual directories located on Client Access servers.

      Forms-based authentication creates a sign-in page for Outlook Web App. You can configure the type of sign-in prompt used by forms-based authentication. For example, you can configure forms-based authentication to require users to provide their domain and user name information, in the domain\user name format on the Outlook Web App sign-in page.

      Important:
      Forms-based authentication won't provide a secure channel unless SSL is enabled.
      Complete the following:

      Domain\user name   Requires the user to enter their domain and user name in the format domain\user name. For example, for a user named Kweku in the domain Contoso, the sign-in would be contoso\kweku.

      User principal name (UPN)    If the user principal name (UPN) sign-in format is specified, the User Name field on the Outlook Web App sign-in page guides users to enter their e-mail address, for example, kweku@contoso.com. If a user's UPN isn't identical to the e-mail address, the user can't access Outlook Web App by using the PrincipalName sign-in prompt. It's a best practice to use the PrincipalName sign-in prompt only if users' UPNs match their e-mail addresses.

      User name only    The user enters their user name only, without the domain name, for example, Kweku. If you use the UserName sign-in prompt for forms-based authentication, you must also specify the DefaultDomain property. The DefaultDomain property determines the default domain to use when a user tries to access Outlook Web App. For example, if the default domain is Contoso, and a domain user named Kweku signs in to Outlook Web App, only Kweku must be entered as the user name. The server will use the default domain Contoso. If the user isn't a member of the Contoso domain, the domain and user name must be entered.

  6. On the Segmentation tab, specify the features that you want to enable or disable for Outlook Web App users on a virtual directory.

    Note:
    Segmentation settings for individual users override virtual directory settings. You can change segmentation settings for individual users by using the Set-CASMailbox cmdlet or by using Outlook Web App mailbox policies. For more information, see Managing Outlook Web App Mailbox Policies.
    View or specify the following:

    • Enable   Select a disabled feature in the list, and then click Enable to enable that feature.

    • Disable   Select an enabled feature in the list, and then click Disable to disable that feature.

    • Feature   The Feature column shows the list of features that are potentially available to Outlook Web App users on a virtual directory.

    • Status   The Status column shows whether each feature is enabled or disabled.

    • Description   This section displays a description for the selected feature in the list.

  7. On the Public Computer File Access tab, configure the file access and viewing options available if users select This is a public computer while they're signing in to Outlook Web App. File access lets a user open or view the contents of files attached to an e-mail message.

    Direct file access

    • Enable direct file access   Select this check box if you want to enable direct file access. Direct file access lets users open files attached to e-mail messages.

    • Customize   After you select Enable direct file access, click Customize to customize the direct file access settings.

      Note:
      The direct file access settings are applied to private and public computer file access. Even though the settings can be set from either the Private Computer File Access tab or the Public Computer File Access tab, you can't have different settings on the two tabs.
      In the Direct File Access Settings dialog box, specify how files will be allowed, blocked, or handled in Outlook Web App. The Allow list overrides the Block list and the Force Save list. The Block list overrides the Force Save list. Select the following:

      Allow   Click the Allow button to specify which types of files should always be allowed. The Allow list overrides the Block list and Force Save list.

      Block   Click the Block button to specify which types of files should be blocked. The Block list overrides the Force Save list and is overridden by the Allow list.

      Force Save   Click the Force Save button to specify which types of files the user must save to disk before opening. The Force Save list is overridden by the Allow and Block lists.

      Unknown Files   Using the Unknown Files list, specify how Outlook Web App handles unknown files that aren't in the Allow list, Block list, or Force Save list.

      When you click Allow, Block, or Force Save, a new window opens in which you can add file name extensions and MIME types to the list you have selected, edit them, or remove them.

      After you have selected Allow, Block, or Force Save:

      To add a file name extension or MIME type, enter it in the appropriate box, and then click Add. File name extensions must be preceded by a period (.), for example, .exe.

      To edit a file name extension or MIME type, select it, and then click Edit.

      To remove a file name extension or MIME type, select it, and then click Remove.

      After you finish modifying the lists of file name extensions and MIME types, click OK to save your changes or click Cancel to discard your changes and return to the previous window.

    WebReady Document Viewing

    • Enable WebReady Document Viewing   Select this check box if you want to enable supported documents to be converted to HTML and displayed in a Web browser.

      Note:
      WebReady Document Viewing settings are available for public and private computer file access, and can be different for each.
    • Force WebReady Document Viewing when a converter is available   Select this check box if you want to force documents to be converted to HTML and displayed in a Web browser before users can open them in the viewing application. Documents can be opened in the viewing application only if direct file access has been enabled.

    • Supported   After you select Enable WebReady Document Viewing, click Supported to select supported document types for WebReady Document Viewing.

      Select document types to view from an Internet browser

      To allow all supported document types to be viewed from an Internet browser, select All supported document types.

      To allow only specific document types to be viewed, select Specific document types.

      Add   After you select Specific document types, click Add to add a document type to the list.

      Remove   After you select Specific document types, click the document type that you want to remove, and then click the remove icon.

      Select the MIME types of documents   Using this list, add the MIME types of documents to the list of types that can be viewed from an Internet browser or remove them from the list.

      Add   After you select Specific document types, click Add to add a MIME type to the list.

      Remove   After you select Specific document types, click the MIME type that you want to remove, and then click the remove icon.

  8. On the Private Computer File Access tab, configure the file access and viewing options available if users select This is a private computer while they're signing in to Outlook Web App, or if users sign-in using an authentication method other than forms-based authentication. File access lets users open or view the contents of files attached to an e-mail message.

    Direct file access

    • Enable direct file access   Select this check box if you want to enable direct file access. Direct file access lets users open files attached to e-mail messages.

    • Customize   After you select Enable direct file access, click Customize to customize the direct file access settings.

      Note:
      The settings for direct file access are divided into public computer file access settings and private computer file access settings. You can configure these settings on either the Private Computer File Access tab or the Public Computer File Access tab. However, you can't have different settings on the two tabs.
      In the Direct File Access Settings dialog box, specify how files will be allowed, blocked, or handled in Outlook Web App. The Allow list overrides the Block list and the Force Save list. The Block list overrides the Force Save list. Select the following:

      Allow   Click the Allow button to specify which types of files should always be allowed. The Allow list overrides the Block list and the Force Save list.

      Block   Click the Block button to specify which types of files should be blocked. The Block list overrides the Force Save list and is overridden by the Allow list.

      Force Save   Click the Force Save button to specify which types of files the user must save to disk before opening. The Force Save list is overridden by the Allow and Block lists.

      Unknown Files   Using the Unknown Files list, specify how Outlook Web App handles unknown files that aren't in the Allow list, Block list, or Force Save list.

      When you click Allow, Block, or Force Save, a new window opens in which you can add file name extensions and MIME types to the list you have selected, edit them, or remove them.

      After you have selected Allow, Block, or Force Save:

      To add a file name extension or MIME type, enter it in the appropriate box, and then click Add. File name extensions must be preceded by a period (.), for example, .exe.

      To edit a file name extension or MIME type, select it, and then click Edit.

      To remove a file name extension or MIME type, select it, and then click Remove.

      After you finish modifying the lists of file name extensions and MIME types, click OK to save your changes or click Cancel to discard your changes and return to the previous window.

    WebReady Document Viewing

    • Enable WebReady Document Viewing   Select this check box if you want to enable supported documents to be converted to HTML and displayed in a Web browser.

      Note:
      WebReady Document Viewing settings are available for public and private computer file access, and can be different for each.
    • Force WebReady Document Viewing when a converter is available   Select this check box if you want to force documents to be converted to HTML and displayed in a Web browser before users can open them in the viewing application. Documents can be opened in the viewing application only if direct file access has been enabled.

    • Supported   After you select Enable WebReady Document Viewing, click Supported to select supported document types for WebReady Document Viewing.

      Select document types to view from an Internet browser

      To allow all supported document types to be viewed from an Internet browser, select All supported document types.

      To allow only specific document types to be viewed, select Specific document types.

      Add   After you select Specific document types, click Add to add a document type to the list.

      Remove   After you select Specific document types, click the document type that you want to remove, and then click the remove icon.

      Select the MIME types of documents   Using this list, add the MIME types of documents to the list of types that can be viewed from an Internet browser or remove them from the list.

      Add   After you select Specific document types, click Add to add a MIME type to the list.

      Remove   After you select Specific document types, click the MIME type that you want to remove, and then click the remove icon.

  9. On the Remote File Servers tab, specify remote file server access. Outlook Web App accesses only internal Windows file shares. A file name can also be specified by using a fully qualified domain name (FQDN) that's internal or that's included in the list of sites that are to be treated as internal.

    Outlook Web App uses a simple set of criteria to determine whether an address is internal or external. If there are no dots in a URL that a user clicks, it's treated as internal. If there are one or more dots in the URL, it's treated as internal only if the domain suffix has been added to the list of sites to be treated as internal. Specify the following:

    • Block   Click this button to specify the host names of servers that aren't allowed to be accessed through Outlook Web App.

      In the Block List dialog box, specify the types of files and the MIME types that you want to block from Outlook Web App. The options that you specify in the Block list override the settings that you specify in the Force Save list but are overridden by the settings in the Allow list.

      Note:
      The settings for direct file access are divided into public computer file access settings and private computer file access settings. You can configure these settings on either the Private Computer File Access tab or the Public Computer File Access tab. However, you can't have different settings for each tab.
      Enter the file extensions you want to block, one at a time   In this section, do the following:

      To add a file name extension, enter it in the appropriate box, and then click Add. File name extensions must be preceded by a period (.), for example, .exe.

      To edit a file name extension, select it, and then click Edit.

      To remove a file name extension, select it, and then click Remove.

      After you finish modifying the lists of file name extensions, click OK to save your changes or click Cancel to discard your changes and return to the previous window.

      Enter the MIME types of files that are blocked   In this section, do the following:

      To add a MIME type, enter it in the appropriate box, and then click Add.

      To edit a MIME type, select it, and then click Edit.

      To remove a MIME type, select it, and then click Remove.

      After you finish modifying the MIME types, click OK to save your changes or click Cancel to discard your changes and return to the previous window.

    • Allow   Click this button to specify the host names of servers allowed to be accessed through Outlook Web App.

      In the Allow List dialog box, specify the types of files and the MIME types that you want to allow in Outlook Web App. The options that you specify in the Allow list override the settings that you specify in the Block list and Force Save list.

      Note:
      The settings for direct file access are divided into public computer file access settings and private computer file access settings. You can configure these settings on either the Private Computer File Access tab or the Public Computer File Access tab. However, you can't have different settings for each tab.
      Enter the file extensions you want to allow, one at a time   In this section, do the following:

      To add a file name extension, enter it in the appropriate box, and then click Add. File name extensions must be preceded by a period (.), for example, .exe.

      To edit a file name extension, select it, and then click Edit.

      To remove a file name extension, select it, and then click Remove.

      After you finish modifying the lists of file name extensions, click OK to save your changes or click Cancel to discard your changes and return to the previous window.

      Enter the MIME types of files that are allowed   In this section, do the following:

      To add a MIME type, enter it in the appropriate box, and then click Add.

      To edit a MIME type, select it, and then click Edit.

      To remove a MIME type, select it, and then click Remove.

      After you finish modifying the MIME types, click OK to save your changes or click Cancel to discard your changes and return to the previous window.

    • Unknown Servers   Select Allow or Block in the Unknown Servers list to specify how to handle accessing files from servers that aren't in the Block and Allow lists.

    • Configure   Click this button to specify the domain suffixes of sites that are to be treated as internal. You can also add FQDNs to this list of addresses that are to be treated as internal.

      Note:
      When you add host names to the Block and Allow lists, you must enter a server name. Entering a Windows file share name won't work.

Use the Shell to configure Outlook Web App virtual directory properties

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.

This example enables forms-based authentication on the default Outlook Web App virtual directory on the server Contoso.

Copy Code
set-OwaVirtualDirectory -Identity "Contoso\owa (default web site)" -FormsAuthentication $true

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

Use the Shell to view Outlook Web App virtual directory properties

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "View Outlook Web App virtual directories" entry in the Client Access Permissions topic.

This example lets you view the properties for all Outlook Web App virtual directories in all Internet Information Services (IIS) Web sites on all computers that have the Client Access server role installed in an Exchange.

Copy Code
Get-OWAVirtualDirectory

This example lets you view the properties for an Outlook Web App virtual directory on the default IIS Web site on the local Exchange server.

Copy Code
Get-OWAVirtualDirectory -identity "<Exchange Server Name>\owa (default web site)"

This example lets you view the properties for all Outlook Web App virtual directories on an IIS Web site on a specific Exchange server.

Copy Code
Get-OWAVirtualDirectory -server <Exchange Server Name>

This example lets you view the values of the properties for every Outlook Web App virtual directory in all IIS Web sites on all Client Access servers in an Exchange organization.

Copy Code
Get-OWAVirtualDirectory | format-list

For more information about syntax and parameters, see Get-OwaVirtualDirectory.