How to Manage Segmentation in Outlook Web Access
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
This topic describes how to manage segmentation in Microsoft Office Outlook Web Access for Microsoft Exchange Server 2007. Segmentation lets you enable and disable many features in Outlook Web Access by using the Exchange Management Console or the Exchange Management Shell.
By default, segmentation changes take effect after 60 minutes of inactivity for users who are logged on to Outlook Web Access or when a user logs on to Outlook Web Access. To force the changes to take effect immediately, restart Internet Information Services (IIS) by running the iisreset/noforce command on the Client Access server.
Before You Begin
To perform this procedure, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.
Procedure
To use the Exchange Management Console to configure Outlook Web Access segmentation
In the Exchange Management Console, click Server Configuration, and then click Client Access.
In the work pane, select owa (Default Web Site), and then, in the action pane, click Properties.
On the owa (Default Web Site) Properties page, click the Segmentation tab.
The Segmentation window provides a list of features for Outlook Web Access that you can enable or disable for all users.
To enable or disable a feature for Outlook Web Access for all users, select a feature, and then click Enable or Disable.
The status for all features is displayed in the center section in the Segmentation window.
Segmentation in the Exchange Management Console and the Exchange Management Shell
The following table lists the segmentation options that are available through the Exchange Management Console and by using Exchange Management Shell parameters. You can use the Set-OwaVirtualDirectory cmdlet together with the parameters listed in the table to enable or disable the features on the Segmentation tab that were discussed earlier in step 3.
Note
The Public Folders, Recover Deleted Items, Rules, and S/MIME segmentation features are available in Exchange 2007 Service Pack 1 (SP1) or later versions. For an overview of the Outlook Web Access features that were added for Exchange 2007 SP1, see What's New in Exchange Server 2007 SP1.
Segmentation options that can be set in the Exchange Management Console and by using Exchange Management Shell parameters
Exchange Management Console | Exchange Management Shell Parameter | Description |
---|---|---|
All Address Lists |
AllAddressListsEnabled |
If it is enabled, this option lets users see all address lists in the Exchange organization. If it is disabled, the user will see only the default global address list. |
Calendar |
CalendarEnabled |
If it is enabled, this option lets users see Calendar folders by using Outlook Web Access. If it is disabled, the Calendar is still available by using Outlook, but will not be visible from Outlook Web Access. |
Change Password |
ChangePasswordEnabled |
If it is enabled, this option lets users change their Active Directory account password by using Outlook Web Access. Note To enable users to change passwords that have expired or that have been set to User must change at next logon, see Implementing the Change Password feature with Outlook Web Access. |
Contacts |
ContactsEnabled |
If it is enabled, this option lets users see Contacts folders by using Outlook Web Access. If it is disabled, Contacts folders are still available by using Outlook, but will not be visible from Outlook Web Access. |
E-mail Signature |
SignaturesEnabled |
If it is enabled, this option lets users use the Outlook Web Access Options to manage signatures for outgoing e-mail messages. |
Exchange ActiveSync Integration |
ActiveSyncIntegrationEnabled |
If it is enabled, this option lets users manage a mobile device by using the Options feature in Outlook Web Access. If it is disabled, the option is not visible. |
Journal |
JournalEnabled |
If it is enabled, this option lets users see the Journal folder by using Outlook Web Access. If it is disabled, the Journal is still available by using Outlook, but will not be visible from Outlook Web Access. |
Junk E-mail Filtering |
JunkEmailEnabled |
If it is enabled, this option enables users to control the junk e-mail settings for their mailbox from Outlook Web Access. If it is disabled, the user will be unable to control the junk-email settings from Outlook Web Access, but any settings that are set by an administrator or set by using Outlook will still be applied. |
Notes |
NotesEnabled |
If it is enabled, this option makes the Notes folder visible in Outlook Web Access. Outlook Web Access provides view-only access to Notes. |
Premium Client |
PremiumClientEnabled |
If it is enabled, this option lets users access the Outlook Web Access Premium client. If it is disabled, only Outlook Web Access Light will be available. |
Public Folders |
PublicFoldersEnabled |
If this is enabled, this option lets users browse or read items in public folders by using Outlook Web Access. Note This feature is available in Exchange 2007 SP1 or later versions. |
Recover Deleted Items |
RecoverDeletedItemsEnabled |
If this is enabled, this option lets users view, recover, or delete permanently items that have been deleted from the Deleted Items folder by using Outlook Web Access. Note This feature is available in Exchange 2007 SP1 or later versions. |
Reminders and Notifications |
RemindersAndNotificationsEnabled |
If it is enabled, this option lets users receive reminders for calendar items and tasks and notifications for new messages when they are using Outlook Web Access Premium. If it is disabled, users will not receive reminders and notifications. Reminders and notifications are not available in Outlook Web Access Light. |
Rules |
RulesEnabled |
If this is enabled, this option lets users view, create, or modify server side rules by using Outlook Web Access. Note This feature is available in Exchange 2007 SP1 or later versions. |
S/MIME |
SMimeEnabled |
If this is enabled, this option lets users download the S/MIME control for Outlook Web Access and use it to read and compose signed and encrypted messages. Note This feature is available in Exchange 2007 SP1 or later versions. |
Search Folders |
SearchFoldersEnabled |
If it is enabled, this option lets users see the Search Folders icon in the Outlook Web Access navigation pane and lets users access any search folders that exist on the server. If it is disabled, the Search Folders icon remains visible in Outlook Web Access. But the folders will not be available. For more information about how to create search folders, see the Outlook Help. |
Spelling Checker |
SpellCheckerEnabled |
If it is enabled, this option lets users check spelling in Outlook Web Access. This feature is not available in Outlook Web Access Light. |
Tasks |
TasksEnabled |
If it is enabled, this option makes the Tasks features in Outlook Web Access available to users. This feature is not available in Outlook Web Access Light. |
Theme Selection |
ThemeSelectionEnabled |
If it is enabled, this option lets users select a theme by using the Options feature in Outlook Web Access. This feature is not available in Outlook Web Access Light. |
Unified Messaging Integration |
UMIntegrationEnabled |
If it is enabled, this option lets users manage their Unified Messaging settings by using Outlook Web Access. |
Per-User Segmentation
Exchange 2007 allows for easier implementation of Outlook Web Access per-user segmentation. To configure per-user segmentation in earlier versions of Exchange, you must set the msExchMailboxFolderSet attribute on the particular user's Active Directory object by using a tool such as the ADSI Edit tool. In Exchange 2007, you can use the Set-CASMailbox cmdlet to configure per-user segmentation.
Note
You can use the Set-CASMailbox cmdlet to configure per-user settings for Exchange ActiveSync, Outlook Web Access, MAPI, POP, and IMAP.
The following two cmdlets are available to retrieve or configure user settings:
Get-CASMailbox
This cmdlet retrieves the settings for a particular user.
Set-CASMailbox
This cmdlet configures settings for a particular user.
Both cmdlets take the identity parameter. The identity parameter specifies the particular user's domain name and user name, such as contoso\user1. Also, because many components share the Get-CASMailbox and Set-CASMailbox cmdlets, Exchange uses a naming convention to specify the properties that are being retrieved or configured.
Each property has a prefix to specify the component name to which it belongs. For example, Outlook Web Access properties have an OWA prefix. MAPI properties have a MAPI prefix. To view the Outlook Web Access segmentation settings for a user, run the following command at the Exchange Management Shell:
Get-CASMailbox -identity "contoso\<user1>" | fl OWA*
When you run this command, you see results that resemble the following:
OWAEnabled : True OWACalendarEnabled : OWAContactsEnabled : OWATasksEnabled : OWAJournalEnabled : OWANotesEnabled : OWARemindersAndNotificationsEnabled : OWAPremiumClientEnabled : OWASpellCheckerEnabled : OWASearchFoldersEnabled : OWASignaturesEnabled : OWAThemeSelectionEnabled : OWAJunkEmailEnabled : OWAUMIntegrationEnabled : OWAWSSAccessOnPublicComputersEnabled : OWAWSSAccessOnPrivateComputersEnabled : OWAUNCAccessOnPublicComputersEnabled : OWAUNCAccessOnPrivateComputersEnabled : OWAActiveSyncIntegrationEnabled : OWAAllAddressListsEnabled : OWAChangePasswordEnabled : |
Each property in virtual directory segmentation has a corresponding per-user segmentation property. By default, per-user segmentation properties are not set. This is why most of the properties in the previous results do not contain any values.
When you configure per-user segmentation, the commands that you use set bits in an integer that is named msExchMailboxFolderSet. The first time that you modify a per-user segmentation setting, all the bits in the msExchMailboxFolderSet integer must be set to a particular value. By default, Exchange sets every value to False unless you explicitly set the value(s) to True.
Therefore, you may experience unexpected behavior when you try to configure a particular value. For example, assume that you run the following cmdlet to disable the Change Password feature in Outlook Web Access:
Set-CASMailbox -identity "contoso\<user1>" -OWAChangePasswordEnabled:$false
After you run this command, you see the following results when you view the properties for the particular user:
OWAEnabled : True OWACalendarEnabled : False OWAContactsEnabled : False OWATasksEnabled : False OWAJournalEnabled : False OWANotesEnabled : False OWARemindersAndNotificationsEnabled : False OWAPremiumClientEnabled : False OWASpellCheckerEnabled : False OWASearchFoldersEnabled : False OWASignaturesEnabled : False OWAThemeSelectionEnabled : False OWAJunkEmailEnabled : False OWAUMIntegrationEnabled : False OWAWSSAccessOnPublicComputersEnabled : False OWAWSSAccessOnPrivateComputersEnabled : False OWAUNCAccessOnPublicComputersEnabled : False OWAUNCAccessOnPrivateComputersEnabled : False OWAActiveSyncIntegrationEnabled : False OWAAllAddressListsEnabled : False OWAChangePasswordEnabled : False |
In this example, although you had intended to disable only the Change Password feature, Exchange sets all the unset features to False. Therefore, for an msExchMailboxFolderSet attribute that has not been set, you must explicitly configure every feature.
In the previous example, to disable only the Change Password feature on an unset msExchMailboxFolderSet attribute and to leave all the other features enabled, you have to explicitly configure each feature. To do this, you must run the following command:
set-CASMailbox -identity "contoso\<user1>" -OWAChangePasswordEnabled:$false `
-OWAPremiumClientEnabled:$true `
-OWACalendarEnabled:$true `
-OWAContactsEnabled:$true `
-OWATasksEnabled:$true `
-OWAJournalEnabled:$true `
-OWANotesEnabled:$true `
-OWARemindersAndNotificationsEnabled:$true `
-OWASpellCheckerEnabled:$true `
-OWASearchFoldersEnabled:$true `
-OWASignaturesEnabled:$true `
-OWAThemeSelectionEnabled:$true `
-OWAJunkEmailEnabled:$true `
-OWAUMIntegrationEnabled:$true `
-OWAWSSAccessOnPublicComputersEnabled:$true `
-OWAWSSAccessOnPrivateComputersEnabled:$true `
-OWAUNCAccessOnPublicComputersEnabled:$true `
-OWAUNCAccessOnPrivateComputersEnabled:$true `
-OWAActiveSyncIntegrationEnabled:$true `
-OWAAllAddressListsEnabled:$true
After you set all the bits on the msExchangeMailboxFolderSet attribute, you can configure each individual bit without having to specify values for the other bits.
Important considerations
Consider the following when you use per-user segmentation with Outlook Web Access:
Per-user segmentation overrides virtual directory segmentation. For example, when you use the Set-CASMailbox cmdlet to set OWAChangePasswordEnabled to True for a user, the user will always have access to the Change Password feature, regardless of what option is set on the virtual directory.
You cannot use the Set-CASMailbox cmdlet to clear per-user segmentation settings. Instead, you must use ADSI Edit or a similar tool to change the msExchMailboxFolderSet attribute on the user's Active Directory object.
The OWAEnabled property is not part of Outlook Web Access segmentation. Instead, OWAEnabled is a setting in the ProtocolSettings attribute on the user's Active Directory object. The OWAEnabled property is used to allow or to block access to Outlook Web Access as a whole.
For More Information
For more information about how to manage Outlook Web Access, see the following topics:
For more information about syntax and instructions for using the Exchange Management Shell to manage Outlook Express segmentation, see Set-OwaVirtualDirectory.