How to configure attachment blocking in Outlook Web Access

The first tier of attachment blocking prohibits OWA access to the file entirely; the second tier prohibits the attached file from being accessed unless it's first saved to the client's hard drive or accessible network drive.

The first-tier blocks the usual suspects -- e.g., .EXE, .COM and .BAT file extensions. But it is possible for a file to be registered in both tiers at once by default (e.g., .COM). This means that if a file is removed from the first tier, it'll still be blocked by the second tier, which increases user protection.

The list of files in tier 1 is in the registry under: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA\Level1FileTypes as a REG_SZ entry.

Tier 2 files are in: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA\Level2FileTypes.

In each case, the file lists are stored as a simple comma-separated string and can be edited as needed.

Unless you have a specific reason for unblocking a particular email attachment type, it's best to leave the lists as they are. But it can be useful to know where the lists are in case you need to add a new attachment type to OWA's attachment-blocking lists.

Note that you can always work around this restriction by compressing the file as a .ZIP archive (either with or without password protection). Most clients -- even those without a third-party .ZIP extraction tool handy -- can work with .ZIP files.

About the author: Serdar Yegulalp is editor of Windows Insight, a ...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Outlook and Outlook Web Access Tips Outlook 2007 shut-down problems and fixes OWA 2007 configuration tricks to boost performance Pros and cons of Outlook 2007's storage engine redesign Lock down direct file access and protect OWA users Simplify an OWA URL on Windows Server 2008 Windows Mobile 6.5 touts Internet Explorer, OWA improvements Custom error message redirects OWA users When OWA's default configurations aren't good enough Save time typing Outlook 2007 messages with Quick Parts Troubleshoot Microsoft Outlook Web Access problems Outlook Web Access OWA 2007 configuration tricks to boost performance Top 5 Exchange ActiveSync tips Lock down direct file access and protect OWA users Simplify an OWA URL on Windows Server 2008 Windows Mobile 6.5 touts Internet Explorer, OWA improvements When OWA's default configurations aren't good enough Digging deeper into Exchange Server 2010 Troubleshoot 'System Attendant' error messages in OWA Troubleshoot Microsoft Outlook Web Access problems Detecting update rollup and patch failures in OWA Spam and virus protection Controlling spam in Exchange 2007 at the edge transport server level How file-level antivirus software can harm your Exchange Server Problems with email spoofing on SBS 2003 Exchange Insider e-zine Securing your Exchange Server 2007 journaling archives Troubleshooting Outlook Web Access issues on a 64-bit system Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 How effective is tracking the IP address of an email hacker? How can I configure Exchange IMF to allow an IP address or DNS? Spam and virus protection Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) hash buster  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) teergrube  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

MEMBER FEEDBACK TO THIS TIP

I make it a point to block all email file attachments that can be used to send anything harmful. This especially includes .ZIP files. I get more .ZIP file viruses than any other format these days. Our antivirus (CA E-Trust) strips out all specified email attachments and removes macros from Microsoft Office documents.

Currently, I allow most media file types up to a certain size. I will restrict them only if there is a danger from a new media exploit, such as the one that affected images on unpatched machines a while back.

I ask people to use WinRAR to compress and send me a file or ask them to rename the .ZIP extension to .ZIT. This ensures that email file attachments can't be opened unintentionally. We have not had a virus released in our organization since we have had external email access (1998 on Exchange 5).

It does annoy some people to have to go through a few extra steps to send us a file. But in the end it is worth it to have some peace of mind.
—Mike M.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.