Manage Learn to apply best practices and optimize your operations.

Exchange Server 2003 security enhancements for Microsoft Outlook, OWA and OMA

Exchange 2003 clients (such as Outlook 2003, OWA, and OMA) have some important, new security features. This tip discusses Windows Rights Management, Kerberos protocol and S/MIME.

In addition to security improvements for Exchange servers, enhancements have been made to security of the clients that access Exchange, including Outlook 2003, OWA, OMA, and so on.

Although this book examines the functionality included in these different clients in Chapter 10, this chapter also looks at some of the new security features

This is tip #5 from "Securing Exchange Server 2003 -- 5 tips in 5 minutes," excerpted from Chapter 8 of the book Microsoft Exchange Server 2003 Delta Guide, published by Sams Publishing.
so that you can understand some of the new security features and functionality as you are thinking about deploying these clients.

Windows Rights Management

One of the most exciting enhancements to Outlook 2003 and the Microsoft Office System 2003 in general is the introduction of rights management, through Windows Rights Management Service. This feature is new with Office 2003 and requires Windows Server 2003 to work.

Rights management is based on the concept that you can assign a security policy to a particular document, which includes emails and attachments. This policy can restrict how the document can be used, including settings to allow/disallow viewing the document, copying, printing, saving, and forwarding.

In addition to internal users who might be using Office 2003, the rights management policies can be enforced with external users. A plug-in has been provided for Internet Explorer so that you can view rights-managed documents.

For more information on rights management within Outlook 2003 or the Windows Rights Management Server, check out


The "Server Security Enhancements" section of this chapter looked briefly at how the Kerberos protocol was being used to make secure connections between servers. You can also use the Kerberos protocol to make a secure connection between Outlook 2003 and Exchange 2003. In addition to providing a secure connection, Kerberos enables cross-forest authentication in forests that are running their domain controllers using Windows Server 2003, allowing the separation of Exchange users and Exchange servers.

This separation has a significant impact on the configuration of your Exchange topology and could be used to provide a "hosted" email solution to other organizations or to simplify or effectively outsource Exchange administration.


Finally, one of the most commonly requested security features for Exchange has been implemented in this release for OWA and OMA. Secure/Mime (S/MIME) has been the industry standard for sending secure email messages. S/MIME was originally based on the RSA public-key encryption technology.

With the release of Exchange 2003 and Outlook 2003, you can now send secure email messages using S/MIME from the full Outlook client, OWA and OMA, eliminating the need for a special add-in or third-party tool and making secure messaging with other platforms and clients a reality.

For configuring S/MIME with Exchange 2003, go to the Delta Guide series Web site and enter article ID A030802.

Securing Exchange Server 2003 -- 5 tips in 5 minutes

 Home: Introduction
 Tip 1: Configuring SSL for Exchange Server 2003
 Tip 2: Exchange Server 2003 Kerberos authentication
 Tip 3: Setting up RPC over HTTP for Exchange Server 2003
 Tip 4: Using cross-forest SMTP authentication with Exchange 2003
 Tip 5: Exchange Server 2003 client security enhancements

Microsoft Exchange Server 2003 Delta Guide This chapter excerpt from Microsoft Exchange Server 2003 Delta Guide, by David McAmis and Don Jones, is printed with permission from Sams Publishing, Copyright 2004.

Click here for the chapter download or purchase the book here.

Dig Deeper on Legacy Exchange Server versions

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.