Mastering Microsoft Exchange Server 2007 SP1
At their heart, message classifications are simply a label that is set on certain messages. This label in turn allows other software such as Outlook and Outlook Web Access (OWA) to display a visual warning for the user and, optionally, take special action when processing the message with mailbox rules.
Message classifications consist of three properties:
-
The display name determines how the classification is to be displayed in the client user interface and is scanned by the mailbox rules engine.
-
The sender description allows the client interface to tell the sender the purpose of this classification if isn't clear from the display name alone.
-
The recipient description allows the client interface to tell the recipient the purpose of this classification.
Figure 13.1 illustrates how Outlook 2007 displays a message classification on a message; the additional colored field that says "Please treat this as Confidential" illustrates the Confidential classificiation.
Figure 13.2 shows a user selecting a classification to apply to a message they are sending in OWA.
Out of the box, Exchange 2007 comes with four message classifications: A/C Privileged, Attachment Removed, Company Confidential, and Company Internal. By default, these classifications are informational only; no associated rules enforce them, and their purpose is simply to be displayed to recipients. You can modify these default classifications, and create new ones, to suit your business needs. No GUI exists for creating and managing classifications; you must use the EMS. However, once they are created, you can use the GUI Transport Rule Wizard (covered later in this chapter in the section "Creating New Rules with the Exchange Management Console") to apply them using transport rules.
In addition to the basic classification properties, you can optionally set some other properties:
-
You may specify the precedence, which determines the order that a given classification is applied to a message if multiple classifications are set. You have nine values (Highest, Higher, High, MediumHigh, Medium, MediumLow, Low, Lower, and Lowest) from which to choose.
-
You may specify whether a given classification should be retained on the message if it is forwarded or replied to; some classifications, such as Attachment Removed, would make little sense when applied to a forwarded copy of a message or to its replies.
-
You may create localized versions of message classifications if you are working in a multilingual organization.
Tip | By default, OWA supports the display and manual selection of message classifications. To use them in Outlook 2007, you must manually deploy them, which we will cover in "Deploying Message Classifications" later in this chapter. Advanced users can control permissions on message classifications and thus restrict the use of some classifications to a subset of users. See the Exchange 2007 help topic "Deploying Message Classifications" for instructions if you need this capability. |
Modifying and Creating Message Classifications
To create new classifications or customize the properties of existing classifications, you must use the Get-MessageClassification and Set-MessageClassification cmdlets in the Exchange Management Shell.
-
Get-MessageClassification This cmdlet shows you the existing message classifications in your organization:
Get-MessageClassification
-
Set-MessageClassification This cmdlet modifies the properties of an existing classification. The following example takes an existing classification named NewMC, sets its precedence to High, and sets the RetainClassificationEnabled property so that the classification will be retained across forwards and replies:
Set-MessageClassification -Identity NewMC -DisplayPrecedence High -RetainClassificationEnabled $True
-
New-MessageClassification This cmdlet creates a new message classification in your organization, configuring it on your Exchange 2007 servers and registering it in Active Directory:
New-MessageClassification -Name NewMC -DisplayName "New Classification" -RecipientDescription "This is what the recipient will see when viewing the message "-SenderDescription" This is what the sender will see when selecting the classification"
Tip | If you need to create localized versions of your new classification, see the Exchange 2007 help topic "How to Create Localized Versions of Message Classifications" for instructions. |
Deploying Message Classifications
When you create or modify classifications, they are automatically visible to OWA users. In what is a particularly painful oversight, the same is not true for Outlook 2007 users. If you want your Outlook 2007 users to benefit from message classifications, you have two tasks to complete:
-
Export the message classifications from Exchange 2007 to an XML file.
-
Import the XML file into the Outlook 2007 configuration.
Warning | These steps must be performed every time you add new classifications or modify display properties of existing classifications. Just to make it even more annoying, these tasks are completely manual. |
We'll now cover these steps in greater detail.
Exporting Classifications from Exchange
If you're looking for an EMS cmdlet to export all of your classifications, stop. You have to use EMS, but no built-in cmdlet exists to perform this task. Instead, you need to navigate to the Scripts subdirectory of the folder you installed Exchange 2007 to (by default, this folder is located at C:\Program Files\Microsoft\Exchange Server\Scripts). Microsoft has provided several useful and complex EMS scripts in this folder; the one we want is named Export-OutlookClassification.ps1.
The syntax for exporting a classification is a bit tricky, so let's look at an example. In this example, we want to export the Default\ExACPrivileged and Default\ExPartnerMail classifications. To do this, we use the following EMS command to export these classifications to the C:\MC.XML:
"Default\ExACPrivileged", 'Default\ExPartnerMail' | Get-MessageClassification | ./Export-OutlookClassifciation.ps1 > C:\MC.XML
Note that the quotes are necessary around the classification names.
Note | If this file is out of sync with the actual classifications specified in Exchange, Outlook will not display the classifications that are missing from the file. It will, however, retain them if they can be retained, and they will still be on the messages (and can be viewed in OWA). Once the file is updated, they will become visible to the user. |
Importing Classifications in Outlook
This task has two parts: creating the necessary Registry entries and copying over the XML file you just created in the previous step. Once you're created the Registry settings on a given client, you don't need to keep setting them when you update the classifications XML file.
Copying the XML File
Copying the file over is simple; you can do it manually, via a batch script, or through your existing desktop management solution. If you are going to be changing the classifications on a regular basis, you might want to think about configuring some sort of automated deployment system to minimize the need for manual involvement. Outlook reads the file in when it starts, so if the file is updated while Outlook is open, it will not use the updated information until it is next restarted.
Tip | You might consider the use of a logon script to ensure that the latest copy of the classifications XML file is pushed out to your clients. If you've deployed Microsoft Systems Management Server (or some third-party equivalent) in your environment, you can also use that mechanism. |
Creating the Registry Entries
The following Registry key and values must be created on all Outlook 2007 computers whose users have mailboxes on Exchange 2007 servers and who are going to be sending message classifications. Until these Registry entries are created, classifications will not be displayed in Outlook, even though they exist on messages.
In the HKCU\Software\Microsoft\Office\12.0\Common key, first create a new key named Policy. Within this new key, create the following values:
"AdminClassificationPath"=" C:\Path\To\Filename.xml" "EnableClassifications"=dword:00000001 "TrustClassifications"=dword:00000001
You should set the values of these keys accordingly:
-
AdminClassificationPath is the full path and filename of the XML file you copied from the export process. While this path can be on a network share, this could break for laptop users or other users who lose network connectivity. The file is small, so there's no harm in copying it to the local hard drive.
-
EnableClassifications allows you to toggle whether message classifications are read and honored in Outlook 2007 on a per-user basis. The value of 1 enables classifications, while the value of 0 disables them.
-
TrustClassifications allows you to toggle whether Outlook actually trusts classifications on messages that are sent to users on legacy Exchange mailbox servers. The value of 1 enables trust, 0 disables it. Microsoft recommends that you only enable this value for mailboxes on Exchange 2007 servers.
Tip | The Office 2007 Customization Tool, now part of the Office installer, allows you to specify additional Registry keys that will be installed when Office is installed on a machine. If you want to ensure that message classification support is universally deployed and supported in your organization, you might wish to include these Registry settings in your configuration when creating your installation scripts. |
Категории