Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2010-01-27

Only users running at least Microsoft Office Outlook 2007 have access to all the client features in messaging records management (MRM). This topic describes how you can block users who are running incompatible versions of Outlook from accessing their Exchange mailboxes. You can block access on a per-mailbox basis or on a per-server basis.

MRM Feature Availability by Client Application and Version

The following table lists the MRM features that are available in various client applications and versions.

Client application

MRM client features available

Outlook 2007

All

Outlook Web Access

All

At least Outlook 2003 Service Pack 2 (SP2) while connected to an Exchange server and working in Online mode

Folder comments are displayed only when the user clicks the managed folder icon in the folder header or clicks View, and then clicks Policy.
Folder quotas are supported. Error messages appear when a folder has exceeded its quota.

At least Outlook 2003 SP2 while disconnected from an Exchange server and working in Cached Exchange Mode

Note:

Cached Exchange Mode enables a Microsoft Outlook user who has a Microsoft Exchange e-mail account to work offline, either by choice or due to a connection problem. A copy of the user's mailbox is stored on the computer and is frequently updated from the mail server. Any changes that are made while a connection to the server is not available are synchronized automatically when a connection becomes available.

Managed custom folder icons are displayed.
Folder comments are not displayed.
Folder quotas are not supported. Specifically:
- No folder quota error messages are displayed.
- Folder quota information is not synced with the Exchange server.
- Mailbox Cleanup starts if the available quota information indicates that a folder is over quota, but no information is provided about why Mailbox Cleanup started.

Outlook versions earlier than Outlook 2003 SP2

None

Other e-mail software

None

Version numbers for Microsoft Outlook

Version of Outlook	Version number
Outlook 2007	12
Outlook 2003	11
Outlook 2002	10
Outlook 2000	9
Outlook 98	8.5
Outlook 97	8

Note:
Before you make any changes, note that hotfixes and service pack releases may affect the client version string. Be careful when you restrict client access because server-side Exchange components must also use MAPI to log on. Some components report their client version as the component name (such as SMTP or OLEDB) while others report the Exchange build number (such as 6.0.4712.0). For this reason, avoid restricting clients that have version numbers that start with 6.<x.x>. For example, to prevent MAPI access completely, instead of specifying 0.0.0-65535.65535.65535, specify two ranges so that the server components can log on. For example, specify the following: 0.0.0-5.9.9; 7.0.0-.

Note:

Before you make any changes, note that hotfixes and service pack releases may affect the client version string. Be careful when you restrict client access because server-side Exchange components must also use MAPI to log on. Some components report their client version as the component name (such as SMTP or OLEDB) while others report the Exchange build number (such as 6.0.4712.0). For this reason, avoid restricting clients that have version numbers that start with 6.<x.x>. For example, to prevent MAPI access completely, instead of specifying 0.0.0-65535.65535.65535, specify two ranges so that the server components can log on. For example, specify the following: 0.0.0-5.9.9; 7.0.0-.

Before You Begin

To run the Set-CASMailbox cmdlet, the account you use must be delegated the Exchange Recipient Administrator role.

For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations.

Also, before you perform these procedures, be aware that when users are blocked from accessing their mailboxes, they will receive the following warning message:

Your Exchange Server administrator has blocked the version of Outlook that you are using. Contact your administrator for assistance.

To bypass the warning that MRM features are not supported for e-mail clients running versions of Outlook earlier than Outlook 2007, you can use the ManagedFolderMailboxPolicyAllowed parameter of the New-Mailbox, Enable-Mailbox, and Set-Mailbox cmdlets in the Exchange Management Shell. When a managed folder mailbox policy is assigned to a mailbox by using the ManagedFolderMailboxPolicy parameter, the warning appears by default unless you use the ManagedFolderMailboxPolicyAllowed parameter.

How to Block Versions of Outlook on a Per-Mailbox Basis

To configure client blocking by version of Outlook on a per-mailbox basis, you must use the Exchange Management Shell. You cannot use the Exchange Management Console.

To use the Exchange Management Shell to block access to a mailbox by Outlook clients prior to a specified version number

To block any version of Outlook that is earlier than 11.8010.8036, run the following command.
Copy Code
Set-CASMailbox -Identity adam@contoso.com -MAPIBlockOutlookVersions:"-11.8010.8036"

	Copy Code
Set-CASMailbox -Identity adam@contoso.com -MAPIBlockOutlookVersions:"-11.8010.8036"

To use the Exchange Management Shell to restore access to a mailbox that is blocked by a version of Outlook

To restore access to a mailbox that is blocked by a version of Outlook, run the following command.
Copy Code
Set-CASMailbox -Identity adam@contoso.com -MAPIBlockOutlookVersions:$null

	Copy Code
Set-CASMailbox -Identity adam@contoso.com -MAPIBlockOutlookVersions:$null

For detailed syntax and parameter information, see the Set-CASMailbox reference topic.

How to Block Outlook Versions on a Per-Server Basis

Important:
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

To use Registry Editor to block access to all mailboxes on a server by Outlook clients prior to a specified version number

Start Registry Editor.
Locate the following subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem\Disable MAPI Clients
Create the Disable MAPI Clients registry value if it doesn't already exist. To do this, right-click ParametersSystem, point to New, and then select String Value.
Right-click Disable MAPI Client, and then click Modify.
In the Value data box, type the Outlook version number that you want to block. For example, type 0.0.0-5.9.9; 7.0.0-.
To make your changes effective immediately, restart the Microsoft Exchange Information Store service.

For More Information

To learn more about MRM in Exchange 2007, see Understanding Messaging Records Management.

For more information about how to use the Set-CASMailbox cmdlet to set client access-related attributes for MRM, Exchange ActiveSync, Office Outlook Web Access, Post Office Protocol version 3 (POP3), and Internet Message Access Protocol version 4rev1 (IMAP4) for a specified user, see the Set-CASMailbox reference topic.

For more information about using the Set-CasMailbox cmdlet, see Microsoft Knowledge Base article 924625, When you use Outlook or Entourage with an Exchange 2007 mailbox, you cannot connect to Exchange 2007, and you receive an error message.

For more information about how to disable MAPI client access to a computer that is running Microsoft Exchange, see How to disable MAPI client access to a computer that is running Exchange Server.