Problem solve Get help with specific problems with your technologies, process and projects.

Manipulating Exchange 2003

In large companies there seems to be a mix of Outlook clients in use over the years. Microsoft recommends using Outlook 2000 SR2 client as a minimum to avoid virus spreads and attachment attacks.

Is it possible to change something on Exchange 2003 (or script it) to determine the Outlook client in use, before allowing the client into the Message Store? Is there a way we could then disconnect older (Outlook 98, OL200-SP1, etc.) and vulnerable clients from entering or using Exchange server?
As a matter of fact, there is! Both Exchange 2000 and Exchange 2003 support a feature that enables administrators to prevent specific versions of MAPI clients from connecting to and using Exchange. For example, if you want to allow only Outlook 2003 users to connect to your Exchange server, you would configure the registry on the Exchange server as described in Microsoft Knowledge Base articles 288894 and 328240.

You can also use this feature to disable all MAPI access to an Exchange server (by specifically blocking all known MAPI clients) or to block unpatched versions of Outlook 2003 (or any other Outlook client) from using Exchange until they have all required updates. It works by blocking clients based on their version number of the Emsmdb32.dll.

After adding the appropriate settings to the registry, Exchange 2000 requires you to stop and restart the Information Store service for the change to take effect. Exchange 2003 dynamically reads this value from the registry and applies it without having to restart the store. A background thread checks this value every 15 minutes, so the most you'll ever need to wait for this change to take effect is 15 minutes. Because the 15-minute cycle for the background thread is hard-coded, if you want the change to take effect sooner, you still need to cycle the Information Store service.

Dig Deeper on Legacy Exchange Server versions

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.