Mastering Microsoft Exchange Server 2007 SP1

At their heart, message classifications are simply a label that is set on certain messages. This label in turn allows other software such as Outlook and Outlook Web Access (OWA) to display a visual warning for the user and, optionally, take special action when processing the message with mailbox rules.

Message classifications consist of three properties:

Figure 13.1 illustrates how Outlook 2007 displays a message classification on a message; the additional colored field that says "Please treat this as Confidential" illustrates the Confidential classificiation.

Figure 13.1: A message classification displayed in Outlook 2007

Figure 13.2 shows a user selecting a classification to apply to a message they are sending in OWA.

Figure 13.2: Applying a message classification in OWA

Out of the box, Exchange 2007 comes with four message classifications: A/C Privileged, Attachment Removed, Company Confidential, and Company Internal. By default, these classifications are informational only; no associated rules enforce them, and their purpose is simply to be displayed to recipients. You can modify these default classifications, and create new ones, to suit your business needs. No GUI exists for creating and managing classifications; you must use the EMS. However, once they are created, you can use the GUI Transport Rule Wizard (covered later in this chapter in the section "Creating New Rules with the Exchange Management Console") to apply them using transport rules.

In addition to the basic classification properties, you can optionally set some other properties:

Tip 

By default, OWA supports the display and manual selection of message classifications. To use them in Outlook 2007, you must manually deploy them, which we will cover in "Deploying Message Classifications" later in this chapter. Advanced users can control permissions on message classifications and thus restrict the use of some classifications to a subset of users. See the Exchange 2007 help topic "Deploying Message Classifications" for instructions if you need this capability.

Modifying and Creating Message Classifications

To create new classifications or customize the properties of existing classifications, you must use the Get-MessageClassification and Set-MessageClassification cmdlets in the Exchange Management Shell.

Tip 

If you need to create localized versions of your new classification, see the Exchange 2007 help topic "How to Create Localized Versions of Message Classifications" for instructions.

Deploying Message Classifications

When you create or modify classifications, they are automatically visible to OWA users. In what is a particularly painful oversight, the same is not true for Outlook 2007 users. If you want your Outlook 2007 users to benefit from message classifications, you have two tasks to complete:

  1. Export the message classifications from Exchange 2007 to an XML file.

  2. Import the XML file into the Outlook 2007 configuration.

Warning 

These steps must be performed every time you add new classifications or modify display properties of existing classifications. Just to make it even more annoying, these tasks are completely manual.

We'll now cover these steps in greater detail.

Exporting Classifications from Exchange

If you're looking for an EMS cmdlet to export all of your classifications, stop. You have to use EMS, but no built-in cmdlet exists to perform this task. Instead, you need to navigate to the Scripts subdirectory of the folder you installed Exchange 2007 to (by default, this folder is located at C:\Program Files\Microsoft\Exchange Server\Scripts). Microsoft has provided several useful and complex EMS scripts in this folder; the one we want is named Export-OutlookClassification.ps1.

The syntax for exporting a classification is a bit tricky, so let's look at an example. In this example, we want to export the Default\ExACPrivileged and Default\ExPartnerMail classifications. To do this, we use the following EMS command to export these classifications to the C:\MC.XML:

"Default\ExACPrivileged", 'Default\ExPartnerMail' | Get-MessageClassification | ./Export-OutlookClassifciation.ps1 > C:\MC.XML

Note that the quotes are necessary around the classification names.

Note 

If this file is out of sync with the actual classifications specified in Exchange, Outlook will not display the classifications that are missing from the file. It will, however, retain them if they can be retained, and they will still be on the messages (and can be viewed in OWA). Once the file is updated, they will become visible to the user.

Importing Classifications in Outlook

This task has two parts: creating the necessary Registry entries and copying over the XML file you just created in the previous step. Once you're created the Registry settings on a given client, you don't need to keep setting them when you update the classifications XML file.

Copying the XML File

Copying the file over is simple; you can do it manually, via a batch script, or through your existing desktop management solution. If you are going to be changing the classifications on a regular basis, you might want to think about configuring some sort of automated deployment system to minimize the need for manual involvement. Outlook reads the file in when it starts, so if the file is updated while Outlook is open, it will not use the updated information until it is next restarted.

Tip 

You might consider the use of a logon script to ensure that the latest copy of the classifications XML file is pushed out to your clients. If you've deployed Microsoft Systems Management Server (or some third-party equivalent) in your environment, you can also use that mechanism.

Creating the Registry Entries

The following Registry key and values must be created on all Outlook 2007 computers whose users have mailboxes on Exchange 2007 servers and who are going to be sending message classifications. Until these Registry entries are created, classifications will not be displayed in Outlook, even though they exist on messages.

In the HKCU\Software\Microsoft\Office\12.0\Common key, first create a new key named Policy. Within this new key, create the following values:

"AdminClassificationPath"=" C:\Path\To\Filename.xml" "EnableClassifications"=dword:00000001 "TrustClassifications"=dword:00000001

You should set the values of these keys accordingly:

Tip 

The Office 2007 Customization Tool, now part of the Office installer, allows you to specify additional Registry keys that will be installed when Office is installed on a machine. If you want to ensure that message classification support is universally deployed and supported in your organization, you might wish to include these Registry settings in your configuration when creating your installation scripts.

Категории