Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2009-08-20
This topic explains how to manage direct file access for Microsoft Office Outlook Web Access in Microsoft Exchange Server 2007 for both public and private computers. Direct file access lets users open files that are attached to e-mail messages, and files that are stored in Microsoft Windows SharePoint Services document libraries and in Windows file shares.
By default, public computer direct file access is enabled for new installations and upgrades of Outlook Web Access. Therefore, when users in your organization select This is a public or shared computer or This is a private computer on the Outlook Web Access logon page, they will be able to access files that are attached to e-mail messages.
When you enable private or public computer file access for users, you can use the Exchange Management Console to specify individual file types and MIME types. The following table lists the file name extensions and MIME types that, by default, are set to Allow, Block, or Force Save for the \owa virtual directory.
- Allow File and MIME types in the Allow
list can be opened from Outlook Web Access, if the application that
is needed to open the files is installed on the client computer.
Allow overrides Block and Force Save.
- Block File and MIME types in the Block
list cannot be opened. Block overrides Force Save, and is
overridden by Allow.
- Force Save File and MIME types in the
Force Save list must be saved to the client computer before they
can be opened. Force Save is overridden by Allow and Block.
Note: Although it appears that you can set the values for private and public computer access individually, you cannot. When you specify behavior for private access, you also set it for public access.
The following table shows default file name extensions and MIME values for the Allow, Block, and Force Save settings for the \owa virtual directory. these apply to Exchange 2007 RTM and Exchange 2007 RTM-based servers that have been upgraded to Exchange 2007 SP1.
Option | Description | Default file name extensions | Default MIME types | ||
---|---|---|---|---|---|
Allow |
This option specifies the file types that are always enabled for direct file access. |
.avi, .bmp, .doc, .docm, .docx, .gif, .jpg, .mp3, .one, .pdf, .png, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pub, .rpmsg, .rtf, .tif, .txt, .vsd, .wav, .wma, .wmv, .xls, .xlsb, .xlsm, .xlsx, .zip
|
image/jpeg, image/png, image/gif, image/bmp |
||
Block |
This option specifies the file types that are always blocked from direct file access. |
.ade, .adp, .app, .asp, .aspx, .asx, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .der, .exe, .fxp, .hlp, .hta, .htc, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .mht, .mhtml, .msc, .msh, .msh1, .msh1xml, .msh2, .msh2xml, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst, .vsw, .ws, .wsc, .wsf, .wsh, .xml
|
application/hta, application/javascript, application/msaccess, application/prg, application/x-javascript, application/xml, text/javascript, text/scriplet, text/xml, x-internet-signup |
||
Force Save |
This option specifies the files that users can access only after they have saved them to the local computer. |
.ade, .adp, .app, .asp, .aspx, .asx, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .dcr, .dir, .exe, .fxp, .hlp, .hta, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .sql, .swf, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst, .vsw, .ws, .wsc, .wsf, .wsh
|
Application/futuresplash, Application/octet-stream, Application/x-director, Application/x-shockwave-flash |
There is also a default setting for unknown file types. You can set the setting for unknown file types to one of the following values:
- Allow
- Block
- Force Save
Always Blocked
The following files are always blocked by Outlook Web Access, regardless of the file access settings in the Outlook Web Access virtual directory:
- .mht files.
- Non-XML file types that contain XML content.
If a user tries to open an allowed file type, not an XML file type, that contains any embedded XML, Outlook Web Access will block the file and not allow it to be opened or saved to the user's local computer.
Outlook Web Access will block .mht files even if .mht is in the allowed files list. Files that are of the.mht type cannot be opened or saved to the user's local computer.
Before You Begin
To perform the following procedures, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.
Procedure
To use the Exchange Management Console to configure Direct File Access policy settings for Outlook Web Access
-
In the Exchange Management Console, click Server Configuration, and then click Client Access.
-
In the action pane, in Outlook Web Access, click Properties.
-
On the Outlook Web Access Properties page, click either the Public Computer File Access tab or the Private Computer File Access tab.
-
Under Direct file access, select the check box next to Enable direct file access to let users download attachments.
-
To modify the types of attachments that you want users to be able to access, click the Customize button next to Customize direct file access.
-
On the Direct File Access Settings page, do one of the following:
- To set the file types and MIME types that you want users to
access, click the Allow button, and then set the file name
extensions and MIME values on the Allow List page.
- To set the file types and MIME types that you want to block
users from accessing, click the Block button, and then and
set the file name extensions and MIME values on the Block
List page.
- To set the file types and MIME types that you want to force
users to save before they access them, click the Force Save
button, and then set the file name extensions and MIME values on
the Force Save List page.
- For unknown file types, select an option from the list in the
Unknown Files box. Select Allow, Block, or
Force Save.
- To set the file types and MIME types that you want users to
access, click the Allow button, and then set the file name
extensions and MIME values on the Allow List page.
-
Click OK to save your settings.
To use the Exchange Management Shell to configure attachments policy settings for Outlook Web Access
-
Run the following command:
Copy Code Set-OwaVirtualDirectory
-
Use the syntax in the following example to prevent users on public computers from downloading files:
Copy Code Set-OwaVirtualDirectory -identity "owa (Default Web Site)" -DirectFileAccessOnPublicComputersEnabled $false
For more information about syntax and parameters, see Set-OwaVirtualDirectory.
For More Information
For more information about file access in Outlook Web Access, see Managing File and Data Access for Outlook Web Access.
For more information about how to manage Outlook Web Access on the computer that is runningExchange 2007, see Managing Outlook Web Access.