How to configure attachment blocking in Outlook Web Access

The first tier of attachment blocking prohibits OWA access to the file entirely; the second tier prohibits the attached file from being accessed unless it's first saved to the client's hard drive or accessible network drive.

VIEW MEMBER FEEDACK TO THIS OUTLOOK WEB ACCESS TIP

The first-tier blocks the usual suspects -- e.g., .EXE, .COM and .BAT file extensions. But it is possible for a file to be registered in both tiers at once by default (e.g., .COM). This means that if a file is removed from the first tier, it'll still be blocked by the second tier, which increases user protection.

The list of files in tier 1 is in the registry under: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA\Level1FileTypes as a REG_SZ entry.

Tier 2 files are in: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA\Level2FileTypes.

In each case, the file lists are stored as a simple comma-separated string and can be edited as needed.

More on Outlook Web Access: Exchange Admin 101: Attachment blocking Top 5 OWA tips of 2006 FAQ: Outlook Web Access OWA Administration Guide

Unless you have a specific reason for unblocking a particular email attachment type, it's best to leave the lists as they are. But it can be useful to know where the lists are in case you need to add a new attachment type to OWA's attachment-blocking lists.

Note that you can always work around this restriction by compressing the file as a .ZIP archive (either with or without password protection). Most clients -- even those without a third-party .ZIP extraction tool handy -- can work with .ZIP files.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

MEMBER FEEDBACK TO THIS TIP

I make it a point to block all email file attachments that can be used to send anything harmful. This especially includes .ZIP files. I get more .ZIP file viruses than any other format these days. Our antivirus (CA E-Trust) strips out all specified email attachments and removes macros from Microsoft Office documents.

Currently, I allow most media file types up to a certain size. I will restrict them only if there is a danger from a new media exploit, such as the one that affected images on unpatched machines a while back.

I ask people to use WinRAR to compress and send me a file or ask them to rename the .ZIP extension to .ZIT. This ensures that email file attachments can't be opened unintentionally. We have not had a virus released in our organization since we have had external email access (1998 on Exchange 5).

It does annoy some people to have to go through a few extra steps to send us a file. But in the end it is worth it to have some peace of mind.
—Mike M.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Outlook and Outlook Web Access Tips How Microsoft Office Communicator enhances Outlook 2007 functionality How to improve Outlook Web Access (OWA) security Alleviate Outlook Web Access (OWA) email attachment security issues Tool exports messages from Microsoft Outlook to Unix .EML file format DetachPipe: Outlook add-in tool saves and restores email attachments Customizing Outlook Web Access (OWA) in Exchange Server 2007 Install the Outlook Connector to use Hotmail in Microsoft Outlook Fix OWA message size limit issue after Exchange 2007 SP1 upgrade The six-layered secret of effective Exchange Server email filtering How to customize OWA authentication logon in Exchange Server 2003 Outlook Web Access How to improve Outlook Web Access (OWA) security Alleviate Outlook Web Access (OWA) email attachment security issues Customizing Outlook Web Access (OWA) in Exchange Server 2007 Fix OWA message size limit issue after Exchange 2007 SP1 upgrade How to customize OWA authentication logon in Exchange Server 2003 Top 10 Microsoft Outlook and Outlook Web Access tips of 2007 Top 10 Exchange, Microsoft Outlook and OWA email security tips of 2007 Automated redirects to OWA directories may fail when SSL is enforced Can't send Outlook Web Access email after Internet Explorer 7 upgrade Troubleshoot Outlook Web Access (OWA) login error: 'Access denied' Antivirus Software and Virus Protection Secure Edge Transport servers using the Security Configuration Wizard The six-layered secret of effective Exchange Server email filtering Microsoft Outlook and Exchange Server 2003 Email Security Guide How to install and configure an Edge Transport server for Exchange 2007 Process, compress and block Microsoft Outlook email attachments Beware of bare linefeeds in Exchange Server email Dell, Symantec simplify Secure Exchange for SMBs Unsecured devices worry IT professionals Dell and Symantec bundle hardware, security Online crime as ugly as ever RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.