Customizing attachment settings for Exchange 2007 WebReady document viewing

In this blog post, which is a continuation of previous post on the subject of WebReady document viewing, I’ll go over how to customize the settings for attachments when using Exchange Server 2007 Outlook Web Access.

OWA 2007 allows you to specify which file and MIME types to allow, block, and force the user to save.  The following properties control this behavior.  They are shared between public and private logons, so there is no way to provide access to some file types for a private logon, but block them for a public logon.  In the Exchange Management Console see (Server Configuration/Client Access/Outlook Web Access/owa (Default Web Site), Public Computer Access/ Enable direct file access, Customize)

Allowed{File,Mime}Types (string)

Blocked{File,Mime}Types (string)

ForceSave{File,Mime}Types (string)

ActionForUnknownFileAndMIMETypes (enumeration): what to do for files and MIME types not in the above three lists

  • Allow
  • Block
  • ForceSave (default)

On the command line, the easiest way to work with these lists is to save the vdir object to a variable, change the properties, and then save the configuration.  For example, if you wanted to move “.tif” files from the AllowedFileTypes list to the BlockedFileTypes list, you could do the following:

[PSH] D:\>$owa = Get-OwaVirtualDirectory “owa (default web site)”
[PSH] D:\>$owa.AllowedFileTypes.Remove(“.tif”)
[PSH] D:\>$owa.ForceSaveFileTypes.Add(“.tif”)
[PSH] D:\>$owa | Set-OwaVirtualDirectory
[PSH] D:\>

WebReady Document Viewing options:

WebReadyDocumentViewingForAllSupportedTypes: enables/disables WebReady Document Viewing of all supported types

WebReadyFileTypes: list of file types that should be converted for WebReady Document Viewing

WebReadyMimeTypes: list of MIME types that should be converted for WebReady Document Viewing

Note that ‘*’ (meaning all file types) is not valid for WebReady{File,MIME}Types.  To gain the equivalent behaviour, set WebReadyDocumentViewingForAllSupportedTypes to $true:

[PSH]>Set-OwaVirtualDirectory “owa (default web site)” -WebReadyDocumentViewingForAllSupportedTypes:$true

If you need to customize the list, you can view which file and mime types are supported by the WebReady Document Viewing engine by looking at the WebReadyDocumentViewingSupportedFileTypes and WebReadyDocumentViewingSupportedMIMETypes properties:

[PSH] D:\>Get-OwaVirtualDirectory “owa (default web site)” | fl WebReadyDocumentViewingSupported*Types

WebReadyDocumentViewingSupportedMimeTypes : {application/msword, application/, application/x-msexcel, application/…}
WebReadyDocumentViewingSupportedFileTypes : {.doc, .xls, .ppt, .pdf}

While these changes make the design a lot cleaner, it makes it harder to disable access to attachments altogether.  Instead of un-checking a couple of boxes in EMC or running a simple PowerShell command, you’ll have to uncheck the following boxes in both “Public Computer File Access” and “Private Computer File Access” tabs for the “owa” vdir properties page in the Exchange Management Console:

  • Enable direct file access
  • Enable WebReady Document Viewing

For the PowerShell-inclined, run this command:

[PSH]>Set-OwaVirtualDirectory “owa (default web site)” -DirectFileAccessOnPublicComputersEnabled:$false -DirectFileAccessOnPrivateComputersEnabled:$false -WebReady DocumentViewingOnPublicComputersEnabled:$false -WebReadyDocumentViewingOnPrivateComputersEnabled:$false

It’s important that they disable both direct file access as well as WebReady viewing.  If they only disable the former, WebReady Document Viewing types (doc, xls, ppt, pdf) can still be viewed as html.  If they only do the latter, users can still access attachments by saving them or opening them in locally installed apps, but they won’t be able to access them via WebReady Document Viewing.


You might notice that there are checkboxes to enable or disable access to Windows File Shares and Windows SharePoint Services.

These don’t actually control attachment access. They control access to OWA’s Document Proxy feature (the “Documents” tab in OWA). In fact, they are segmentation options.

If you uncheck both sets of boxes on the “Public Computer File Access” and “Private Computer File Access” tabs, the “Documents” tab will disappear. We included them in these tabs because we thought that they fit better under the grouping of “file access” than “segmentation”.

Rahul Dhar

Comments (5)
  1. Anonymous says:

    Securing RPC Over HTTP Using ISA Server 2006 Survey Reveals Widespread Inadequacies in Email Outage Prevention

  2. timh says:

    Is there any way i can enable direct file access and web ready access for WordPerfect docs

  3. Rahul Dhar says:

    You can enable DirectFileAccess by turning it on for public and private computers, and making sure that the Wordperfect document types (extension and MIME type) are not in the blocked files list.

    Unfortunately, we don’t support WebReady Document Viewing for WordPerfect docs.

  4. timh says:

    I can open Documents now including WordPerfect. It seems you can only use this feature for viewing documents though (unless i’m missing something) because when i alter a document and try to save it wants to save locally.

  5. Rahul Dhar says:

    Yes, you won’t be able to save any changes to your attachments back to Exchange.  You would need to save the document locally, edit it, and then e-mail it back to yourself.  This is behaviour typical of all webmail applications that I know of.

Comments are closed.