How to configure attachment blocking in Outlook Web Access

The first tier of attachment blocking prohibits OWA access to the file entirely; the second tier prohibits the attached file from being accessed unless it's first saved to the client's hard drive or accessible network drive.

The first-tier blocks the usual suspects -- e.g., .EXE, .COM and .BAT file extensions. But it is possible for a file to be registered in both tiers at once by default (e.g., .COM). This means that if a file is removed from the first tier, it'll still be blocked by the second tier, which increases user protection.

The list of files in tier 1 is in the registry under: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA\Level1FileTypes as a REG_SZ entry.

Tier 2 files are in: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA\Level2FileTypes.

In each case, the file lists are stored as a simple comma-separated string and can be edited as needed.

Unless you have a specific reason for unblocking a particular email attachment type, it's best to leave the lists as they are. But it can be useful to know where the lists are in case you need to add a new attachment type to OWA's attachment-blocking lists.

Note that you can always work around this restriction by compressing the file as a .ZIP archive (either with or without password protection). Most clients -- even tho

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Outlook and Outlook Web Access Tips Control Outlook 2007 in cached mode settings with group policies Performing advanced search queries in Microsoft Outlook 2007 Group policy settings for Outlook 2007 in cached mode Detecting update rollup and patch failures in OWA How Windows Desktop Search works in Microsoft Outlook 2007 Troubleshoot IIS metabase corruption in Outlook Web Access How a bare-metal restore affects Microsoft Outlook 2007 performance Fix 'Service unavailable' errors and other common OWA login problems Understand data file storage in Outlook 2007 Roaming and Local folders Troubleshooting Microsoft Outlook Web Access logon issues Outlook Web Access Detecting update rollup and patch failures in OWA Troubleshoot IIS metabase corruption in Outlook Web Access Fix 'Service unavailable' errors and other common OWA login problems Troubleshooting Microsoft Outlook Web Access logon issues Tools to report on Outlook Mobile Access usage Outlook Web Access issues after an Exchange 2003 migration Top 5 Outlook Web Access (OWA) tips of 2008 Troubleshooting Outlook Web Access issues on a 64-bit system Restrict access to Outlook Web Access via Exchange System Manager Manage user rights and access to Outlook Web Access (OWA) mailboxes Antivirus Software and Virus Protection How file-level antivirus software can harm your Exchange Server Troubleshooting Outlook Web Access issues on a 64-bit system Microsoft Exchange Server security dos and don'ts How effective is tracking the IP address of an email hacker? Minimize remote and mobile Outlook Web Access (OWA) security risks Secure Edge Transport servers using the Security Configuration Wizard The six-layered secret of effective Exchange Server email filtering Microsoft Outlook and Exchange Server 2003 Email Security Guide How to install and configure an Edge Transport server for Exchange 2007 Process, compress and block Microsoft Outlook email attachments

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

se without a third-party .ZIP extraction tool handy -- can work with .ZIP files.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

MEMBER FEEDBACK TO THIS TIP

I make it a point to block all email file attachments that can be used to send anything harmful. This especially includes .ZIP files. I get more .ZIP file viruses than any other format these days. Our antivirus (CA E-Trust) strips out all specified email attachments and removes macros from Microsoft Office documents.

Currently, I allow most media file types up to a certain size. I will restrict them only if there is a danger from a new media exploit, such as the one that affected images on unpatched machines a while back.

I ask people to use WinRAR to compress and send me a file or ask them to rename the .ZIP extension to .ZIT. This ensures that email file attachments can't be opened unintentionally. We have not had a virus released in our organization since we have had external email access (1998 on Exchange 5).

It does annoy some people to have to go through a few extra steps to send us a file. But in the end it is worth it to have some peace of mind.
—Mike M.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.