Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features

The OWA Admin tool provides more control over Outlook Web Access 2003 than Exchange Server's built-in management tools, thereby making OWA much more secure.

Segmentation is possible in Outlook Web Access 2003 (OWA 2003) with the help of Microsoft's free utility, the OWA Admin tool. Get step-by-step instructions on how to install the OWA Admin tool and use it to lock down OWA 2003 features.

Recently, Microsoft Exchange administrators have renewed interest in segmentation with Exchange Server 2007. What is segmentation? It's the ability to enable and disable various Outlook Web Access (OWA) features so that users have limited access to OWA capabilities.

There are two reasons segmentation has become more popular. First, many organizations are now heavily regulated and cannot allow OWA users to access certain features. Secondly, Exchange administrators view certain OWA features as security threats.

Segmentation has always been possible in Outlook Web Access 2003, but it has never been exposed through the Exchange System Manager (ESM). However, if you are interested in segmenting OWA 2003, or in performing other types of customizations, Microsoft offers a free utility that lets you point and click your way through the process.

The utility is called the Microsoft Exchange Server Outlook Web Access Web Administration tool, also known as the OWA Admin tool. Download the OWA Admin tool from the Microsoft website.

Next, copy the MSI file that you have downloaded to your Exchange 2003 OWA server. (Note: The OWA Admin tool will not work with Exchange 2007 Client Access servers). When you double-click on the file, Windows will launch the Setup Wizard, which guides you through a simple installation process.

For the OWA Admin tool to work properly, you must have an SSL certificate installed on your OWA server. This shouldn't be a problem, since operating OWA without SSL encryption isn't recommended.

You should now be able to access the OWA Admin tool by opening your Web browser and navigating to HTTPS://your_OWA_server_name/OWAAdmin. For example, my OWA server is named Tazmania, so I entered https://tazmania/OWAAdmin to access the OWA Admin tool. Enter a set of administrative credentials when prompted and you will be taken to the main OWA Admin screen (Figure 1).

OWA Admin tool screen
Figure 1. This is what the main OWA Admin tool screen looks like.

The OWA Admin screen is divided into an Administration section and a Customization section. The Administration section lets you tune various OWA features. For example, if you click on the Attachment handling link, you will be taken to the screen that is shown in Figure 2.

OWA Admin tool Attachment Handling screen
Figure 2. The Attachment Handling screen lets you disable or limit file attachments through OWA.

This screen lets you enable or disable attachments through OWA. You can also specify which types of attachments you want to block. The OWA Admin tool has many similar administration screens.

To use segmentation to enable or to disable various OWA components, click the Server-wide feature support link, which is located in the Customization section of the main OWA Admin screen (Figure 1). This will take you to the Modify Server Features screen (Figure 3).

OWA Admin tool Modify Server Features screen
Figure 3. The Modify Server Features screen is used to segment OWA.

In this screen, note that there are a number of different OWA features that you can enable or disable by selecting or deselecting the corresponding checkbox. Blocking access to a user's mailbox is the only feature that cannot be disabled.

How useful is OWA segmentation? Here's an example. One company did not allow users to send or receive email attachments. They only allowed documents to be stored in Exchange public folders. To prevent OWA users from leaking sensitive data, the company chose to deny users access to public folders. In this case, Microsoft Outlook clients could only access public folders and their contents from within the company's perimeter network.

About the author: Brien M. Posey, MCSE, has previously received Microsoft's MVP award for Exchange Server, Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Dig Deeper on Outlook management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.