EXPERT RESPONSE
By default, Exchange 2003 Outlook Web Access (OWA) automatically blocks attachments with certain extensions. OWA prevents the sending and opening of a superset of attachments and MIME types using a multi-level (two) blocking mechanism. Level 1 items are totally blocked and Level 2 items can be accessed, but only if first saved locally.
The list of blocked Level 1 and Level 2 file extensions and blocked MIME types are configured through four registry entries, which are listed below with their default values.
Location:
HKLMSystemCurrentControlSetServicesMSExchangeWebOWA
Value: Level1FileTypes
Type: REG_SZ
Value Data:
ade,adp,app,asx,bas,bat,chm,cmd,com,cpl,crt,csh,exe,fxp,hlp,hta,inf,ins,isp,
js,jse,ksh,lnk,mda,mdb,mde,mdt,mdw,mdz,msc,msi,msp,mst,ops,pcd,pif,prf,prg,
reg,scf,scr,sct,shb,shs,url,vb,vbe,vbs,wsc,wsf,wsh
Location: HKLMSystemCurrentControlSetServicesMSExchangeWebOWA
Value: Level1MIMETypes
Type: REG_SZ
Value Data: application/hta,x-internet-signup,application/javascript,application/x-javascript,text/javascript,application/msaccess,application/prg,text/scriptlet
Location: HKLMSystemCurrentControlSetServicesMSExchangeWebOWA
Value: Level2FileTypes
Type: REG_SZ
Value Data:
ade,adp,asx,bas,bat,chm,cmd,com,cpl,crt,exe,hlp,hta,htm,html,htc,inf,ins,
isp,js,jse,lnk,mda,mdb,mde,mdz,mht,mhtml,msc,msi,msp,mst,pcd,pif,prf,reg,scf,
scr,sct,shb,shs,shtm,shtml,stm,url,vb,vbe,vbs,wsc,wsf,wsh,xml,dir,dcr,plg,spl,
swf
Location: HKLMSystemCurrentControlSetServicesMSExchangeWebOWA
Value: Level2MIMETypes
Type: REG_SZ
Value Data: text/xml,application/xml,application/hta,text/html,application/octet-stream,application/x-shockwave-flash,application/futuresplash,application/x-director
Many of the default Level 1 entries for file extensions and MIME types are also default Level 2 entries. When the same entry is present for both Levels, Level 1 takes precedence and the attachment is blocked. You can edit any of these entries to suit your specific needs, and if you reinstall or update Exchange your changes will remain.
OWA 2003 also enables you to selectively block attachments for users based on how they access OWA. For example, you can block attachments for users who access OWA via a front-end server while allowing full access to attachments for users accessing OWA via a back-end server. To do this, you need to add a new entry to the registry of your OWA server(s):
Location: HKLMSystemCurrentControlSetServicesMSExchangeWebOWA
Value: DisableAttachments
Type: REG_DWORD
Value Data: 0, 1 or 2 (dec)
If DisableAttachments is not present or set to 0, the standard Level 1/Level 2 attachment blocking is performed. When set to 1, all attachments are blocked. If you set DisableAttachments to 2, attachments not blocked by Level 1/Level 2 blocking are allowed on back-end servers, but not on front-end servers.
|
