Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2011-03-19
You can use the EMC or the Shell to view or configure the properties of an Outlook Web App virtual directory.
If you use the Shell to view the properties of an Outlook Web App virtual directory, the information returned is a subset of the information that's available. For example, if you use the Get-OWAVirtualDirectory cmdlet to view properties, Exchange returns the following information:
- Virtual directory name
- Server name
- Exchange server version
You can also retrieve information for a specific virtual directory on a specific server by using the available parameters. For more information about the Get-OWAVirtualDirectory cmdlet parameters, see Get-OwaVirtualDirectory.
If you use the EMC to view the properties of an Outlook Web App virtual directory, you'll be able to view a complete set of properties for the Exchange server that you're on.
Looking for other management tasks related to Outlook Web App? Check out Managing Outlook Web App.
What Do You Want to Do?
Use the EMC to view or configure Outlook Web App virtual directory properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.
- In the console tree, navigate to Server Configuration
> Client Access.
- In the result pane, click the server you want.
- In the work pane, click the Outlook Web App tab,
right-click the virtual directory that you want to view or modify,
and then click Properties.
- On the
General tab, you can view the properties of the Outlook Web
App default Web site and specify an external URL and an internal
URL. View or select the following options:
- Server (Read-only.) Server
displays the name of the server that hosts the Outlook Web App
virtual directory.
- Web site (Read-only.) Web site
displays the name of the Web site.
- Version (Read-only.) Version
displays the version of Exchange that the virtual directory
supports.
- Modified (Read-only.) Modified
displays the last date and time that the virtual directory was
modified.
- Internal URL In this text box, specify
the URL used to access this Web site from an internal network. An
internal URL is configured automatically during Exchange 2010
Setup. The default internal URL setting for an Internet-facing or
non-Internet-facing Client Access server is https://<Computer
Name>/owa.
- External URL In this text box, specify
the URL used to access the Web site from the Internet. By default,
External URL is blank. For Internet-facing Client Access
servers, External URL should be set to the value published
in DNS for that Active Directory site. For Client Access servers
that don't have an Internet presence, the External URL
setting should remain blank.
- Server (Read-only.) Server
displays the name of the server that hosts the Outlook Web App
virtual directory.
- On the
Authentication tab, specify authentication methods, sign-in
format, and sign-in domain:
- Use one or more standard authentication
methods Select this option to use one or more
of the following standard authentication methods:
Integrated Windows authentication This method requires that users have a valid Windows Server 2008, Windows Server 2003, or Microsoft Windows 2000 Server user account name and password to access information. Users aren't prompted for their account names and passwords. Instead, the server negotiates with the Windows security packages installed on the client computer. Integrated Windows authentication enables the server to authenticate users without prompting them for information and without transmitting information that isn't encrypted over the network. For this method to work, the client computer must be a member of the same domain as the servers running Exchange, or of a domain that's trusted by the domain that the Exchange server is in.
Digest authentication for Windows domain servers This method transmits passwords over the network as a hash value for additional security. Digest authentication can be used only in Windows Server 2008, Windows Server 2003, and Windows 2000 Server domains for users who have an account that's stored in Active Directory. For more information about Digest authentication, see the Windows Server documentation.
Basic authentication (password is sent in clear text) This method is a simple authentication mechanism defined by the HTTP specification that encodes a user's sign-in name and password before the user's credentials are sent to the server. To make sure that the password is as secure as possible, you should use Secure Sockets Layer (SSL) encryption between client computers and the server that has the Client Access server role installed.
- Use forms-based
authentication Forms-based authentication
provides enhanced security for Outlook Web App virtual directories
located on Client Access servers.
Forms-based authentication creates a sign-in page for Outlook Web App. You can configure the type of sign-in prompt used by forms-based authentication. For example, you can configure forms-based authentication to require users to provide their domain and user name information, in the domain\user name format on the Outlook Web App sign-in page.
Important: Forms-based authentication won't provide a secure channel unless SSL is enabled.
Domain\user name Requires the user to enter their domain and user name in the format domain\user name. For example, for a user named Kweku in the domain Contoso, the sign-in would be contoso\kweku.
User principal name (UPN) If the user principal name (UPN) sign-in format is specified, the User Name field on the Outlook Web App sign-in page guides users to enter their e-mail address, for example, kweku@contoso.com. If a user's UPN isn't identical to the e-mail address, the user can't access Outlook Web App by using the PrincipalName sign-in prompt. It's a best practice to use the PrincipalName sign-in prompt only if users' UPNs match their e-mail addresses.
User name only The user enters their user name only, without the domain name, for example, Kweku. If you use the UserName sign-in prompt for forms-based authentication, you must also specify the DefaultDomain property. The DefaultDomain property determines the default domain to use when a user tries to access Outlook Web App. For example, if the default domain is Contoso, and a domain user named Kweku signs in to Outlook Web App, only Kweku must be entered as the user name. The server will use the default domain Contoso. If the user isn't a member of the Contoso domain, the domain and user name must be entered.
- Use one or more standard authentication
methods Select this option to use one or more
of the following standard authentication methods:
- On the
Segmentation tab, specify the features that you want to
enable or disable for Outlook Web App users on a virtual
directory.
Note: Segmentation settings for individual users override virtual directory settings. You can change segmentation settings for individual users by using the Set-CASMailbox cmdlet or by using Outlook Web App mailbox policies. For more information, see Managing Outlook Web App Mailbox Policies.
- Enable Select a disabled feature in the
list, and then click Enable to enable that feature.
- Disable Select an enabled feature in
the list, and then click Disable to disable that
feature.
- Feature The Feature column shows
the list of features that are potentially available to Outlook Web
App users on a virtual directory.
- Status The Status column shows
whether each feature is enabled or disabled.
- Description This section displays a
description for the selected feature in the list.
- Enable Select a disabled feature in the
list, and then click Enable to enable that feature.
-
On the Public Computer File Access tab, configure the file
access and viewing options available if users select This is a
public computer while they're signing in to Outlook Web App.
File access lets a user open or view the contents of files attached
to an e-mail message.
Direct file access
- Enable direct file access Select this
check box if you want to enable direct file access. Direct file
access lets users open files attached to e-mail messages.
- Customize After you select Enable
direct file access, click Customize to customize the
direct file access settings.
Note: The direct file access settings are applied to private and public computer file access. Even though the settings can be set from either the Private Computer File Access tab or the Public Computer File Access tab, you can't have different settings on the two tabs.
Allow Click the Allow button to specify which types of files should always be allowed. The Allow list overrides the Block list and Force Save list.
Block Click the Block button to specify which types of files should be blocked. The Block list overrides the Force Save list and is overridden by the Allow list.
Force Save Click the Force Save button to specify which types of files the user must save to disk before opening. The Force Save list is overridden by the Allow and Block lists.
Unknown Files Using the Unknown Files list, specify how Outlook Web App handles unknown files that aren't in the Allow list, Block list, or Force Save list.
When you click Allow, Block, or Force Save, a new window opens in which you can add file name extensions and MIME types to the list you have selected, edit them, or remove them.
After you have selected Allow, Block, or Force Save:
To add a file name extension or MIME type, enter it in the appropriate box, and then click Add. File name extensions must be preceded by a period (.), for example, .exe.
To edit a file name extension or MIME type, select it, and then click Edit.
To remove a file name extension or MIME type, select it, and then click Remove.
After you finish modifying the lists of file name extensions and MIME types, click OK to save your changes or click Cancel to discard your changes and return to the previous window.
- Enable WebReady Document Viewing Select
this check box if you want to enable supported documents to be
converted to HTML and displayed in a Web browser.
Note: WebReady Document Viewing settings are available for public and private computer file access, and can be different for each. - Force WebReady Document Viewing when a converter is
available Select this check box if you want to
force documents to be converted to HTML and displayed in a Web
browser before users can open them in the viewing application.
Documents can be opened in the viewing application only if direct
file access has been enabled.
- Supported After you select Enable
WebReady Document Viewing, click Supported to select
supported document types for WebReady Document Viewing.
Select document types to view from an Internet browser
To allow all supported document types to be viewed from an Internet browser, select All supported document types.
To allow only specific document types to be viewed, select Specific document types.
Add After you select Specific document types, click Add to add a document type to the list.
Remove After you select Specific document types, click the document type that you want to remove, and then click the remove icon.
Select the MIME types of documents Using this list, add the MIME types of documents to the list of types that can be viewed from an Internet browser or remove them from the list.
Add After you select Specific document types, click Add to add a MIME type to the list.
Remove After you select Specific document types, click the MIME type that you want to remove, and then click the remove icon.
- Enable direct file access Select this
check box if you want to enable direct file access. Direct file
access lets users open files attached to e-mail messages.
-
On the Private Computer File Access tab, configure the file
access and viewing options available if users select This is a
private computer while they're signing in to Outlook Web App,
or if users sign-in using an authentication method other than
forms-based authentication. File access lets users open or view the
contents of files attached to an e-mail message.
Direct file access
- Enable direct file access Select this
check box if you want to enable direct file access. Direct file
access lets users open files attached to e-mail messages.
- Customize After you select Enable
direct file access, click Customize to customize the
direct file access settings.
Note: The settings for direct file access are divided into public computer file access settings and private computer file access settings. You can configure these settings on either the Private Computer File Access tab or the Public Computer File Access tab. However, you can't have different settings on the two tabs.
Allow Click the Allow button to specify which types of files should always be allowed. The Allow list overrides the Block list and the Force Save list.
Block Click the Block button to specify which types of files should be blocked. The Block list overrides the Force Save list and is overridden by the Allow list.
Force Save Click the Force Save button to specify which types of files the user must save to disk before opening. The Force Save list is overridden by the Allow and Block lists.
Unknown Files Using the Unknown Files list, specify how Outlook Web App handles unknown files that aren't in the Allow list, Block list, or Force Save list.
When you click Allow, Block, or Force Save, a new window opens in which you can add file name extensions and MIME types to the list you have selected, edit them, or remove them.
After you have selected Allow, Block, or Force Save:
To add a file name extension or MIME type, enter it in the appropriate box, and then click Add. File name extensions must be preceded by a period (.), for example, .exe.
To edit a file name extension or MIME type, select it, and then click Edit.
To remove a file name extension or MIME type, select it, and then click Remove.
After you finish modifying the lists of file name extensions and MIME types, click OK to save your changes or click Cancel to discard your changes and return to the previous window.
- Enable WebReady Document Viewing Select
this check box if you want to enable supported documents to be
converted to HTML and displayed in a Web browser.
Note: WebReady Document Viewing settings are available for public and private computer file access, and can be different for each. - Force WebReady Document Viewing when a converter is
available Select this check box if you want to
force documents to be converted to HTML and displayed in a Web
browser before users can open them in the viewing application.
Documents can be opened in the viewing application only if direct
file access has been enabled.
- Supported After you select Enable
WebReady Document Viewing, click Supported to select
supported document types for WebReady Document Viewing.
Select document types to view from an Internet browser
To allow all supported document types to be viewed from an Internet browser, select All supported document types.
To allow only specific document types to be viewed, select Specific document types.
Add After you select Specific document types, click Add to add a document type to the list.
Remove After you select Specific document types, click the document type that you want to remove, and then click the remove icon.
Select the MIME types of documents Using this list, add the MIME types of documents to the list of types that can be viewed from an Internet browser or remove them from the list.
Add After you select Specific document types, click Add to add a MIME type to the list.
Remove After you select Specific document types, click the MIME type that you want to remove, and then click the remove icon.
- Enable direct file access Select this
check box if you want to enable direct file access. Direct file
access lets users open files attached to e-mail messages.
- On the
Remote File Servers tab, specify remote file server access.
Outlook Web App accesses only internal Windows file shares. A file
name can also be specified by using a fully qualified domain name
(FQDN) that's internal or that's included in the list of sites that
are to be treated as internal.
Outlook Web App uses a simple set of criteria to determine whether an address is internal or external. If there are no dots in a URL that a user clicks, it's treated as internal. If there are one or more dots in the URL, it's treated as internal only if the domain suffix has been added to the list of sites to be treated as internal. Specify the following:
- Block Click this button to specify the
host names of servers that aren't allowed to be accessed through
Outlook Web App.
In the Block List dialog box, specify the types of files and the MIME types that you want to block from Outlook Web App. The options that you specify in the Block list override the settings that you specify in the Force Save list but are overridden by the settings in the Allow list.
Note: The settings for direct file access are divided into public computer file access settings and private computer file access settings. You can configure these settings on either the Private Computer File Access tab or the Public Computer File Access tab. However, you can't have different settings for each tab.
To add a file name extension, enter it in the appropriate box, and then click Add. File name extensions must be preceded by a period (.), for example, .exe.
To edit a file name extension, select it, and then click Edit.
To remove a file name extension, select it, and then click Remove.
After you finish modifying the lists of file name extensions, click OK to save your changes or click Cancel to discard your changes and return to the previous window.
Enter the MIME types of files that are blocked In this section, do the following:
To add a MIME type, enter it in the appropriate box, and then click Add.
To edit a MIME type, select it, and then click Edit.
To remove a MIME type, select it, and then click Remove.
After you finish modifying the MIME types, click OK to save your changes or click Cancel to discard your changes and return to the previous window.
- Allow Click this button to specify the
host names of servers allowed to be accessed through Outlook Web
App.
In the Allow List dialog box, specify the types of files and the MIME types that you want to allow in Outlook Web App. The options that you specify in the Allow list override the settings that you specify in the Block list and Force Save list.
Note: The settings for direct file access are divided into public computer file access settings and private computer file access settings. You can configure these settings on either the Private Computer File Access tab or the Public Computer File Access tab. However, you can't have different settings for each tab.
To add a file name extension, enter it in the appropriate box, and then click Add. File name extensions must be preceded by a period (.), for example, .exe.
To edit a file name extension, select it, and then click Edit.
To remove a file name extension, select it, and then click Remove.
After you finish modifying the lists of file name extensions, click OK to save your changes or click Cancel to discard your changes and return to the previous window.
Enter the MIME types of files that are allowed In this section, do the following:
To add a MIME type, enter it in the appropriate box, and then click Add.
To edit a MIME type, select it, and then click Edit.
To remove a MIME type, select it, and then click Remove.
After you finish modifying the MIME types, click OK to save your changes or click Cancel to discard your changes and return to the previous window.
- Unknown Servers Select Allow or
Block in the Unknown Servers list to specify how to
handle accessing files from servers that aren't in the Block and
Allow lists.
- Configure Click this button to specify
the domain suffixes of sites that are to be treated as internal.
You can also add FQDNs to this list of addresses that are to be
treated as internal.
Note: When you add host names to the Block and Allow lists, you must enter a server name. Entering a Windows file share name won't work.
- Block Click this button to specify the
host names of servers that aren't allowed to be accessed through
Outlook Web App.
Use the Shell to configure Outlook Web App virtual directory properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.
This example enables forms-based authentication on the default Outlook Web App virtual directory on the server Contoso.
Copy Code | |
---|---|
set-OwaVirtualDirectory -Identity "Contoso\owa (default web site)" -FormsAuthentication $true |
For more information about syntax and parameters, see Set-OwaVirtualDirectory.
Use the Shell to view Outlook Web App virtual directory properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "View Outlook Web App virtual directories" entry in the Client Access Permissions topic.
This example lets you view the properties for all Outlook Web App virtual directories in all Internet Information Services (IIS) Web sites on all computers that have the Client Access server role installed in an Exchange.
Copy Code | |
---|---|
Get-OWAVirtualDirectory |
This example lets you view the properties for an Outlook Web App virtual directory on the default IIS Web site on the local Exchange server.
Copy Code | |
---|---|
Get-OWAVirtualDirectory -identity "<Exchange Server Name>\owa (default web site)" |
This example lets you view the properties for all Outlook Web App virtual directories on an IIS Web site on a specific Exchange server.
Copy Code | |
---|---|
Get-OWAVirtualDirectory -server <Exchange Server Name> |
This example lets you view the values of the properties for every Outlook Web App virtual directory in all IIS Web sites on all Client Access servers in an Exchange organization.
Copy Code | |
---|---|
Get-OWAVirtualDirectory | format-list |
For more information about syntax and parameters, see Get-OwaVirtualDirectory.