Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

Direct file access lets users open files that are attached to e-mail messages and files that are stored in Windows file shares. You can manage direct file access for Microsoft Office Outlook Web App in Microsoft Exchange Server 2010 for both public and private computers.

By default, public computer direct file access is enabled for new installations and upgrades of Outlook Web App. Therefore, when users in your organization select This is a public or shared computer or This is a private computer on the Outlook Web App sign-in page, they will be able to access files that are attached to e-mail messages.

When you enable private or public computer file access for users, you can use the EMC to specify individual file types and MIME types. The following table lists the file name extensions and MIME types that, by default, are set to Allow, Block, or Force Save for the \owa virtual directory.

Default file name extensions and MIME values for the Allow, Block, and Force Save settings for the \owa virtual directory

Option Description Default file name extensions Default MIME types

Allow

This option specifies the file types that are always enabled for direct file access.

.rpmsg, .xlsx, .xlsm, .xlsb, .pptx, .pptm, .ppsx, .ppsm, .docx, .docm, .xls, .wmv, .wma, .wav, vsd, .txt, .tif, .rtf, .pub, .ppt, .png, .pdf, .one, .mp3, .jpeg, .gif, .doc, .bmp, .avi

image/jpeg, image/png, image/gif, image/bmp

Block

This option specifies the file types that are always blocked from direct file access.

.ade, .adp, .asx, .app, .asp, .aspx, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .dir, .dcr, .der, .exe, .fxp, .hlp, .hta, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc,.msh, .msh1, .mshxml, .msh1xml, .msi, .msp,.mst, .ops, .pcd, .pif, .plg, .prf,.prg, .ps1, .ps2, .psc1, .psc2, .ps1xml, .ps2xml, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .spl, .swf, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst, .vsw, .ws, .wsc, .wsf, .wsh, .xml

application/x-javascript, application/javascript, application/msaccess, x-internet-signup, text/javascript, application/prg, application/hta, text/scriptlet

Force Save

This option specifies the files that users can access only after they've saved them to the local computer.

.vsmacros, .mshxml, .aspx, .xml, .wsh, .wsf, .wsc, .vsw, .vst, .vss, .vbs, .vbe, .url, .tmp, .swf, .spl, . shs, .shb, .sct, .scr, .scf, .reg, .pst, .prg, .prf, .plg, .pif, .pcd, .ops, .mst, .msp, .msi, .msh, .msc, .mdz, .mdw, .mdt, .mde, .mdb, .mda, .maw, .mav, .mau, .mat, .mas, .mar, .maq, .mam, .mag, .maf, .mad, .lnk, .ksh, .jse, .its, .isp, .ins, .inf, .hta, .hlp, .fxp, .exe, .dir, .dcr, .csh, .crt, .cpl, .com, .cmd, .chm, .cer, .bat, .bas, .asx, .asp, .app, .adp, .ade, .ws, .vb, .js

Application/x-shockwave-flash, Application/octet-stream, Application/futuresplash, Application/x-director, Application/xml, text/xml

There is also a default setting for unknown file types. You can set the setting for unknown file types to one of the following values:

Note:
By default, attachment types that are marked as Force Save will be excluded from security checks for XML or HTML. You can change this behavior by setting the ForceSaveAttachmentFilteringEnabled parameter to $true by using either the Set-OwaMailboxPolicy or the Set-OwaVirtualDirectory cmdlet.

Looking for other management tasks related to accessing files from Outlook Web App? Check out Managing File and Data Access for Outlook Web App.

Use the EMC to configure direct file access policy settings for Outlook Web App

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.

  1. In the console tree, navigate to Server Configuration > Client Access.

  2. In the action pane, in Outlook Web App, click Properties.

  3. On the Outlook Web App Properties page, click either the Public Computer File Access tab or the Private Computer File Access tab.

  4. Under Direct file access, select the check box next to Enable direct file access to let users download attachments.

  5. To modify the types of attachments that you want users to be able to access, click Customize next to Customize direct file access.

  6. On the Direct File Access Settings page, do one of the following:

    • To set the file types and MIME types that you want users to access, click Allow, and then set the file name extensions and MIME values on the Allow List page.

    • To set the file types and MIME types that you want to block users from accessing, click Block, and then and set the file name extensions and MIME values on the Block List page.

    • To set the file types and MIME types that you want to force users to save before they access them, click Force Save, and then set the file name extensions and MIME values on the Force Save List page.

    • For unknown file types, select an option from the list in the Unknown Files box. Select Allow, Block, or Force Save.

  7. Click OK to save your settings.

Use the Shell to configure attachments policy settings for Outlook Web App

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.

This example prevents users on public computers from downloading files.

Copy Code
Set-OwaVirtualDirectory -identity "owa (Default Web Site)" -DirectFileAccessOnPublicComputersEnabled $false 

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

Other Tasks

After you configure direct file access, you may also want to: