Configure Public and Private Computer File Access

 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Direct file access lets users open files that are attached to e-mail messages and files that are stored in Windows file shares. You can manage direct file access for Microsoft Office Outlook Web App in Microsoft Exchange Server 2010 for both public and private computers.

By default, public computer direct file access is enabled for new installations and upgrades of Outlook Web App. Therefore, when users in your organization select This is a public or shared computer or This is a private computer on the Outlook Web App sign-in page, they will be able to access files that are attached to e-mail messages.

When you enable private or public computer file access for users, you can use the EMC to specify individual file types and MIME types. The following table lists the file name extensions and MIME types that, by default, are set to Allow, Block, or Force Save for the \owa virtual directory.

  • Allow   File and MIME types in the Allow list can be opened from Outlook Web App if the application that's needed to open the files is installed on the client computer. Allow overrides Block and Force Save.

  • Block   File and MIME types in the Block list can't be opened. Block overrides Force Save and is overridden by Allow.

  • Force Save   File and MIME types in the Force Save list must be saved to the client computer before they can be opened. Force Save is overridden by Allow and Block.

    Note

    Although it appears that you can set the values for private and public computer access individually, you can't. When you specify behavior for private access, you also set it for public access.

Default file name extensions and MIME values for the Allow, Block, and Force Save settings for the \owa virtual directory

Option Description Default file name extensions Default MIME types

Allow

This option specifies the file types that are always enabled for direct file access.

.rpmsg, .xlsx, .xlsm, .xlsb, .pptx, .pptm, .ppsx, .ppsm, .docx, .docm, .xls, .wmv, .wma, .wav, vsd, .txt, .tif, .rtf, .pub, .ppt, .png, .pdf, .one, .mp3, .jpeg, .gif, .doc, .bmp, .avi

image/jpeg, image/png, image/gif, image/bmp

Block

This option specifies the file types that are always blocked from direct file access.

.ade, .adp, .asx, .app, .asp, .aspx, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .dir, .dcr, .der, .exe, .fxp, .hlp, .hta, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc,.msh, .msh1, .mshxml, .msh1xml, .msi, .msp,.mst, .ops, .pcd, .pif, .plg, .prf,.prg, .ps1, .ps2, .psc1, .psc2, .ps1xml, .ps2xml, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .spl, .swf, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst, .vsw, .ws, .wsc, .wsf, .wsh, .xml

application/x-javascript, application/javascript, application/msaccess, x-internet-signup, text/javascript, application/prg, application/hta, text/scriptlet

Force Save

This option specifies the files that users can access only after they've saved them to the local computer.

.vsmacros, .mshxml, .aspx, .xml, .wsh, .wsf, .wsc, .vsw, .vst, .vss, .vbs, .vbe, .url, .tmp, .swf, .spl, . shs, .shb, .sct, .scr, .scf, .reg, .pst, .prg, .prf, .plg, .pif, .pcd, .ops, .mst, .msp, .msi, .msh, .msc, .mdz, .mdw, .mdt, .mde, .mdb, .mda, .maw, .mav, .mau, .mat, .mas, .mar, .maq, .mam, .mag, .maf, .mad, .lnk, .ksh, .jse, .its, .isp, .ins, .inf, .hta, .hlp, .fxp, .exe, .dir, .dcr, .csh, .crt, .cpl, .com, .cmd, .chm, .cer, .bat, .bas, .asx, .asp, .app, .adp, .ade, .ws, .vb, .js

Application/x-shockwave-flash, Application/octet-stream, Application/futuresplash, Application/x-director, Application/xml, text/xml

There is also a default setting for unknown file types. You can set the setting for unknown file types to one of the following values:

  • Allow

  • Block

  • Force Save

Note

By default, attachment types that are marked as Force Save will be excluded from security checks for XML or HTML. You can change this behavior by setting the ForceSaveAttachmentFilteringEnabled parameter to $true by using either the Set-OwaMailboxPolicy or the Set-OwaVirtualDirectory cmdlet.

Looking for other management tasks related to accessing files from Outlook Web App? Check out Managing File and Data Access for Outlook Web App.

Use the EMC to configure direct file access policy settings for Outlook Web App

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.

  1. In the console tree, navigate to Server Configuration > Client Access.

  2. In the action pane, in Outlook Web App, click Properties.

  3. On the Outlook Web App Properties page, click either the Public Computer File Access tab or the Private Computer File Access tab.

  4. Under Direct file access, select the check box next to Enable direct file access to let users download attachments.

  5. To modify the types of attachments that you want users to be able to access, click Customize next to Customize direct file access.

  6. On the Direct File Access Settings page, do one of the following:

    • To set the file types and MIME types that you want users to access, click Allow, and then set the file name extensions and MIME values on the Allow List page.

    • To set the file types and MIME types that you want to block users from accessing, click Block, and then and set the file name extensions and MIME values on the Block List page.

    • To set the file types and MIME types that you want to force users to save before they access them, click Force Save, and then set the file name extensions and MIME values on the Force Save List page.

    • For unknown file types, select an option from the list in the Unknown Files box. Select Allow, Block, or Force Save.

  7. Click OK to save your settings.

Use the Shell to configure attachments policy settings for Outlook Web App

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.

This example prevents users on public computers from downloading files.

Set-OwaVirtualDirectory -identity "owa (Default Web Site)" -DirectFileAccessOnPublicComputersEnabled $false 

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

Other Tasks

After you configure direct file access, you may also want to:

 © 2010 Microsoft Corporation. All rights reserved.