Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features

Segmentation is possible in Outlook Web Access 2003 (OWA 2003) with the help of Microsoft's free utility, the OWA Admin tool. Get step-by-step instructions on how to install the OWA Admin tool and use it to lock down OWA 2003 features.

Recently, Microsoft Exchange administrators have renewed interest in segmentation with Exchange Server 2007. What is segmentation? It's the ability to enable and disable various Outlook Web Access (OWA) features so that users have limited access to OWA capabilities.

There are two reasons segmentation has become more popular. First, many organizations are now heavily regulated and cannot allow OWA users to access certain features. Secondly, Exchange administrators view certain OWA features as security threats.

Segmentation has always been possible in Outlook Web Access 2003, but it has never been exposed through the Exchange System Manager (ESM). However, if you are interested in segmenting OWA 2003, or in performing other types of customizations, Microsoft offers a free utility that lets you point and click your way through the process.

The utility is called the Microsoft Exchange Server Outlook Web Access Web Administration tool, also known as the OWA Admin tool. Download the

    Requires Free Membership to View

OWA Admin tool from the Microsoft website.

Next, copy the MSI file that you have downloaded to your Exchange 2003 OWA server. (Note: The OWA Admin tool will not work with Exchange 2007 Client Access servers). When you double-click on the file, Windows will launch the Setup Wizard, which guides you through a simple installation process.

For the OWA Admin tool to work properly, you must have an SSL certificate installed on your OWA server. This shouldn't be a problem, since operating OWA without SSL encryption isn't recommended.

You should now be able to access the OWA Admin tool by opening your Web browser and navigating to HTTPS://your_OWA_server_name/OWAAdmin. For example, my OWA server is named Tazmania, so I entered https://tazmania/OWAAdmin to access the OWA Admin tool. Enter a set of administrative credentials when prompted and you will be taken to the main OWA Admin screen (Figure 1).

OWA Admin tool screen
Figure 1. This is what the main OWA Admin tool screen looks like.

The OWA Admin screen is divided into an Administration section and a Customization section. The Administration section lets you tune various OWA features. For example, if you click on the Attachment handling link, you will be taken to the screen that is shown in Figure 2.

OWA Admin tool Attachment Handling screen
Figure 2. The Attachment Handling screen lets you disable or limit file attachments through OWA.

This screen lets you enable or disable attachments through OWA. You can also specify which types of attachments you want to block. The OWA Admin tool has many similar administration screens.

To use segmentation to enable or to disable various OWA components, click the Server-wide feature support link, which is located in the Customization section of the main OWA Admin screen (Figure 1). This will take you to the Modify Server Features screen (Figure 3).

OWA Admin tool Modify Server Features screen
Figure 3. The Modify Server Features screen is used to segment OWA.

In this screen, note that there are a number of different OWA features that you can enable or disable by selecting or deselecting the corresponding checkbox. Blocking access to a user's mailbox is the only feature that cannot be disabled.

How useful is OWA segmentation? Here's an example. One company did not allow users to send or receive email attachments. They only allowed documents to be stored in Exchange public folders. To prevent OWA users from leaking sensitive data, the company chose to deny users access to public folders. In this case, Microsoft Outlook clients could only access public folders and their contents from within the company's perimeter network.

About the author: Brien M. Posey, MCSE, has previously received Microsoft's MVP award for Exchange Server, Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

This was first published in July 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.