Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

By default, Exchange 2010 includes three default message classifications: Attachment Removed, Originator Requested Alternate Recipient Mail, and Partner Mail. For new Exchange 2010 installations, you'll need to create a new message classification for Attorney-Client Privileged communication.

If your organization is transitioning from Exchange Server 2007, you don't need to create the Attorney-Client Privileged message classification. It's included in the Exchange 2007 default classifications and therefore available to servers that have been upgraded from Exchange 2007 to Exchange 2010. However, this classification must exist in each Active Directory forest for users in that forest to see the classification.

You can review existing message classifications by running the following command in the Exchange Management Shell.

Copy Code
Get-MessageClassification | Format-Table

For more information about attorney-client privileged communication, see Understanding Attorney-Client Privileged Communication.

Step 1: Create the Attorney-Client Privileged message classification

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Message classifications" entry in the Transport Permissions topic.

To create a new message classification instance, you must use the New-MessageClassification cmdlet in the Exchange Management Shell.

Run the following command to create the Attorney-Client Privileged message classification:

Copy Code
New-MessageClassification -Name AttorneyClientPrivileged -DisplayName "Attorney-Client Privileged Classification" -SenderDescription "Use this message classification for all messages subject to our attorney-client privilege policy." -RecipientDescription "This message and its contents are subject to the attorney-client privileged communication policy for our organization.  Please ensure that you handle this message in accordance with this policy." -Locale en-EN
Note:
For more information about creating new message classifications, see Create a Message Classification

Step 2: Deploy the Attorney-Client Privileged message classification to all Outlook 2007 Clients

This step requires that you modify the registry. You must have local administrator permissions on the client you want to update.

Caution:
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

Outlook 2007 requires a local file (Classifications.xml) that contains definitions of the message classifications that Exchange 2010 supports before Outlook users can apply message classifications to their messages. The Exchange administrator must also create a new registry key that enables message classifications and references the Classifications.xml file on the Outlook user's computer.

Create the following registry key and related registry settings on all computers from which users who have mailboxes hosted on Exchange 2010 send message classifications.

Copy Code
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Policy
"AdminClassificationPath"="c:\\Classifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001
Note:
The Policy key is not present by default and therefore must be created. For more detailed information about how to deploy message classifications to clients, see Deploy Message Classifications for Outlook 2007. Changes to message classifications are immediately available in Outlook Web App.

Step 3: Export message classifications from Exchange 2010 and copy Classifications.xml file to all Outlook 2007 clients

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Message classifications" entry in the Transport Permissions topic.

  1. Open the Exchange Management Shell and run the following script from the \Program Files\Microsoft\Exchange Server\V14\Scripts directory.

    Copy Code
    ./Export-OutlookClassification.ps1 > c:\exports\Classifications.xml
    
    Note:
    This script will export all message classifications into Classifications.xml. If you don't want all classifications in the XML file, you must manually remove them by removing the specific <Classification> element from Classifications.xml.
  2. Copy the resulting Classifications.xml file onto the end user's computers to the AdminClassificationPath that you specified in the registry setting that was discussed in Step 2 earlier. You must restart Outlook so that the Classifications.xml file is picked up by Outlook.

    Note:
    Whenever new classifications are added to your Exchange organization, the new classifications should be added to the Classifications.xml file on each client. The Classifications.xml file can be exported from Exchange 2010 and copied to all Outlook clients again, or it can be manually updated for each client computer.

Step 4: Create a Transport Rule that checks messages for the Attorney-Client Privileged classification and enforces the addition of a legal disclaimer

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Transport rules" entry in the Messaging Policy and Compliance Permissions topic.

Transport rules let you apply messaging policies to e-mail messages that flow through the transport pipeline on Hub and Edge Transport servers. For more information about Transport Rules, see the following topics:

For this scenario, we will create a new transport rule that appends a legal disclaimer to all messages sent from internal users to external recipients for messages that have the Attorney-Client Privileged classification. (Although we will create this transport rule for the Hub Transport servers in the organization using the Exchange Management Shell, the Exchange Management Console can also be used to create a transport rule.)

Run the following command to create a transport rule that appends a legal disclaimer to all messages that have the Attorney-Client privileged classification:

Copy Code
New-TransportRule -Name "Attorney-Client Privilege Disclaimer" -Enabled $true -FromScope InOrganization -SentToScope NotInOrganization -HasClassification AttorneyClientPrivileged -ApplyHtmlDisclaimerLocation 'Append' -ApplyHtmlDisclaimerText "<h3>Attorney-Client Privileged Communication</h3><p>The information contained in this message is protected by the attorney-client privilege. Please immediately reply to the sender of this e-mail if you have received it in error.</p>" -ApplyHtmlDisclaimerFallbackAction Wrap
Note:
The rule parameters and action used here are for illustration only. Review all the available transport rule predicates and actions to determine which ones meet your organization's requirements.