Microsoft Exchange Server 2007 Administrators Pocket Consultant Second Edition

In our increasingly connected world, most users want to be able to access e-mail, calendars, contacts, and scheduled tasks no matter what time it is or where they are. With Microsoft Exchange Server 2007, you can make anywhere, anytime access to Exchange data a real possibility. How? Start by using Exchange's built-in Web and mobile access features to allow users to connect to Exchange over the Internet and from cellular networks. Afterward, configure your network to allow direct dial-up or secure anywhere connections from Outlook 2007, and then create Microsoft Outlook profiles that use these configurations.

Web access, mobile access, and secure anywhere access are implemented separate features that are available when you install the Client Access Server role for Exchange Server 2007. These features include Exchange ActiveSync, Outlook Web Access, and Outlook Anywhere. Although Exchange ActiveSync and Outlook Web Access were available in earlier releases of Exchange Server, Outlook Anywhere is a new feature that builds on the remote procedure call (RPC) over Hypertext Transfer Protocol (HTTP) feature introduced in the previous Exchange Server release.

Mastering Outlook Web Access Essentials

Outlook Web Access is a standard Exchange Server 2007 technology that allows users to access their mailboxes and shared non-mail data using a Web browser. The technology works with standard Internet protocols, including Web Distributed Authoring and Versioning (WebDAV).

WebDAV is an extension to HTTP that allows remote clients to create and manage server-based files, folders, and data. When users access mailboxes and shared non-mail data over the Web, an HTTP virtual server hosted by Exchange Server 2007 is working behind the scenes to grant access and transfer files to the browser. Because you don't need to configure Outlook Web Access on the client, it's ideally suited for users who want to access e-mail while away from the office.

When you install the Client Access Server role for Exchange Server 2007, Outlook Web Access is automatically configured for use. This makes Outlook Web Access fairly easy to manage, but there are some essential concepts that you should know to manage it more effectively. This section explains these concepts.

Getting Started with Outlook Web Access

Outlook Web Access and a default HTTP virtual server are installed automatically when you install the Client Access Server role for Exchange Server 2007. In most cases, you only need to open the appropriate ports on your organization's firewall, as discussed in Chapter 16, to allow users to access mailboxes and shared non-mail data over the Web. After that, you simply tell users the Uniform Resource Locator (URL) path that they need to type into their browser's Address text box. The users can then access Outlook Web Access when they're off-site.

Outlook Web Access is optimized for screen resolutions of 800 × 600 or higher. Two different versions are available:

• Light Provides a basic experience with a simplified user interface that supports accessibility for blind and low vision users. No Premium-only features are available. In addition, calendar options are limited and messages can only be composed as plain text.

• Premium Provides a rich experience with performance that closely approximates Microsoft Office Outlook 2007, including a folder hierarchy that you can expand or collapse, drag-and-drop functionality, and shortcut menus that you can access by right-clicking. In addition, you can use all of the following Premium-only features: appearance color schemes, file shares integration, notifications, reading pane, reminders, search, spelling checker, voice mail options, and weekly calendar views. Premium does not, however, support accessibility for blind and low vision users.

Real World Outlook Web Access uses Hypertext Markup Language (HTML) 3.2, JavaScript [European Computer Manufacturers Association (ECMA)] script. Because Premium uses some Windows-specific application programming interfaces (APIs), Outlook Web Access Premium can only be used on computers running Windows. These Windows-specific extensions provide features that improve performance and the user experience.

The API for Microsoft Internet Explorer 6.0 has extensions for Outlook Web Access as well. These extensions allow Internet Explorer to compress message data using GZip compression technology, provided that Exchange is running on Microsoft Windows Server 2003 or later. GZip compression gives about a 30 percent performance improvement when transferring data.

Table 4-1 provides an overview of browser versions that have been tested for compatibility with Outlook Web Access Light and Outlook Web Access Premium. Because the supported versions may change over time, be sure to reference current documentation.

With Exchange Server 2007, the preferred way to shared documents is to used Windows File Shares and Windows SharePoint Services. Collectively these are referred to as shared non-mail data. Exchange Server 2007 de-emphasizes the role of public folders. Public folders are no longer required for access to the global address list or the offline address book. The reason for this is that Exchange Server 2003 provides these features through a Web-based distribution point. Microsoft Office Outlook 2007 and later clients use Web-based distribution points for the global address list and the offline address book automatically. The primary way users can work with public folders is through Microsoft Outlook 2007. As an administrator, you can work with public folders using Microsoft Outlook 2007 and the Exchange Management Shell.

Connecting to Mailboxes and Shared Non-Mail Data Over the Web

With Outlook Web Access, you can easily access mailboxes and shared non-mail data over the Web and the corporate intranet. To access a user's mailbox, type the Exchange Outlook Web Access URL into Internet Explorer's Address text box, and then enter the user name and password for the mailbox you want to access. For example, to access the mailbox for the Exchange alias williams, type http://https://server-name.yourdomain.com/owa, where servername is a placeholder for the HTTP virtual server hosted by Exchange Server 2007 and http://yourdomain.com is a placeholder for your external domain name. For example, if your Client Access server is configured to use mail as the external DNS name and your external domain is http://cpandl.com, you would type http://https://mail.cpandl.com/owa. When prompted, type the user name, such as williams, and the mailbox password.

At the security prompt, the user will need to specify whether they are using a public or shared computer, or a private computer, type your user name in domain∖username format, such as cpandl∖williams, and password, and then click the Log On button. On the next page, the user will next need to set the default language and the current time zone, and then click OK. Exchange Server uses computer type to determine the period of inactivity to allow before logging the user off automatically. With a private computer, the user will be allowed a longer period of inactivity before being logged off. With a public or share computer, Exchange Server will log the user off more quickly to prevent the user's data from being compromised.

Once the user has accessed his or her mailbox in OWA, they can access any shared non-mail data that is available as well. With Exchange Server 2007, shared non-mail data includes documents shared using Windows File Shares and Windows SharePoint Services. To access shared non-mail data, follow these steps:

1. In the left pane of the OWA window, click Documents.

2. Under Documents, click Open Location.

3. In the Open Location dialog box, type the address of the Windows file share or Windows SharePoint Services server to access and then click Open.

Working with Outlook Web Access

After you enter the Exchange Outlook Web Access URL into Internet Explorer's Address text box and enter the user name and password for the mailbox you want to access, you'll see the view of Outlook Web Access that is compatible with your browser. Figure 4-1 shows the Premium view of Outlook Web Access. Most users with Internet Explorer 6.0 or later see this view of Outlook Web Access automatically. If their browser doesn't support a necessary technology for the Premium view, or if this technology has been disabled, they might see the Light view instead. If they can right-click and see a shortcut menu, they have the Premium view.

Figure 4-1: Outlook Web Access has nearly all of the features of Outlook 2007.

As shown in Figure 4-1, the latest version of Outlook Web Access has a toolbar that provides quick access to the following key features:

• Address Book Displays the Address Book, which provides quick access to address lists and contacts. Any tracked resources, such as conference rooms or projectors, are available as well. If you click a contact or resource in an address list, the e-mail address and availability information are displayed.

• Address Book Search Search the Address Book for a specific contact or resource. Simply enter as much of the name as is necessary to uniquely identify the contact or resource, and then press Enter. If multiple matches are found, you'll see a shortcut menu with a list of matches. Clicking a match displays the properties for that item.

• Options Configure Outlook Web Access properties or view current configuration details.

• User Mailbox Lists the name of the current mailbox. Clicking the current mail-box name displays the Open Other Mailbox dialog box. If you have been granted permission to access another mailbox or delegated permission to access a folder within a mailbox, as discussed in Chapter 3, "Managing Microsoft Exchange Server 2007 Clients," you can open the mailbox and access any authorized folders using this feature. Simply enter the mailbox name in the text box provided, and then click Open.

• Log Off Logs off the current user and ends the Outlook Web Access session. As a recommended best practice, you should advise all users to log off from their Outlook Web Access session when they are finished.

In addition to being able to manage their inbox, calendar, contacts, tasks, shared non-mail data, and mailbox rules, users can set the following Outlook Web Access options by clicking Options in the task pane, making whatever changes are desired, and then clicking Save:

• About Lists the current configuration being used by the Outlook Web Access server and the Outlook Web Access client. This information is useful for troubleshooting.

• Calendar Options Allows you to specify when the first day of the week is and when the workday starts and ends for the purposes of calendar scheduling. Reminder options allow you to enable or disable reminders for calendars and tasks. Automatic calendaring options specify how meeting requests, notifications, and responses are handled.

• Change Password Allows users to change their domain password. After changing their passwords, users may need to reenter their credentials and log on again.

• Deleted Items Controls whether the Deleted Items folder is emptied on logoff.

  If necessary, you can recover items that were recently emptied and move them back to the Deleted Items folder.

• General Settings Allows you to configure e-mail name resolution, appearance, and accessibility options. E-mail name resolution options allow you to specify whether the global address list or your personal contacts are checked first when resolving e-mail addresses in messages you are composing. By default, the global address list is checked first. Appearance options allow you to select the color scheme used by Outlook Web Access. The default color scheme is blue.

• Junk E-mail Allows you to filter junk e-mail and to manage Safe Sender, Blocked Sender, and Safe Recipient lists.

• Messaging Options Allows you to set key messaging options. By default, 50 items are displayed per page, but you can set this to anywhere from 5 to 100 items per page. You can also edit your e-mail signature, preferred message format, and preferred font to use for messages. The default font is 10-point Tahoma. message tracking options allow you to specify how to respond to requests for read receipts. Reading pane options allow you to specify whether and how messages are marked as read.

• Mobile Devices Allows you to manage mobile devices. You can remove mobile devices you are no longer using, display a device password, and retrieve related access logs. If you lose a mobile device, you can start a remote device wipe to protect your information. All data is removed the next time the device connects to Exchange Server, returning the device to its factory default condition.

• Out of Office Assistant Allows you to specify whether you are in the office or out of the office. If out of the office, you can enter the text of the AutoReply message to be sent to anyone who sends you e-mail. Separate messages can be configured for internal recipients and external recipients. With external recipients, you have the option of sending auto-reply messages only to those in your contacts list.

• Regional Settings Allows you to set the language, dates, and time formats to use with Outlook Web Access.

• Spelling Options Allows you to set options for the spelling checker, including the dictionary language. The default language is set per the browser's language setting.

Listing 4-1 shows an example of the details on the About page, which can be helpful for troubleshooting. If a user is having problems with Outlook Web Access, you can instruct the user to click Options, scroll through the options, and then select About. If he or she has a non-e-mail related problem and is able to send e-mail, he or she can click Copy To Clipboard, and then paste the contents of the Clipboard into an e-mail message by pressing Ctrl+V.

Listing 4-1 Outlook Web Access Configuration Details Mailbox owner: William Stanek [mailto:williams@cpandl.com] User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) Outlook Web Access experience: Premium User language: English (United States) User time zone: (GMT-08:00) Pacific Time (US & Canada) Exchange mailbox address: /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=williams Outlook Web Access host address: https://corpserver127.cpandl.com/owa Outlook Web Access version: 8.0.985.20 Outlook Web Access host name: http://corpserver127.cpandl.com Exchange Client Access server .NET Framework version: 2.0.50727.235 Microsoft Exchange Client Access server operating system version: Microsoft Windows NT 5.2.3790 Service Pack 2 Microsoft Exchange Client Access server operating system language: en-US Microsoft Exchange Client Access server version: 8.0.985.0 Microsoft Exchange Client Access server language: en-US Microsoft Exchange Client Access server time zone: Pacific Standard Time Microsoft Exchange Client Access server platform: 64bit Microsoft Exchange Mailbox server name: http://corpserver127.cpandl.com Mailbox server Microsoft Exchange version: 8.0.985.0 Other Microsoft Exchange server roles currently installed on the Client Access server: Mailbox, Hub Transport, Unified Messaging Authentication type associated with this Outlook Web Access session: Basic Public logon: Yes

Enabling and Disabling Web Access for Users

Exchange Server 2007 enables Outlook Web Access for each user by default. If necessary, you can disable Outlook Web Access for specific users. To do this, complete the following steps:

1. Start Exchange Management Console by clicking Start, clicking All Programs, clicking Microsoft Exchange Server 2007, and then selecting Exchange Management Console.

2. Expand Recipient Configuration, and then select Mailbox.

3. You should now see a list of users with Exchange mailboxes in the organization. Double-click the user's name to open the Properties dialog box for the user account.

4. On the Mailbox Features tab, the enabled mobile and Web access features for the user are displayed, as shown in Figure 4-2.

   • q To disable Outlook Web Access for this user, under Feature, select Outlook Web Access, and then click Disable.

   • q To enable Outlook Web Access for this user, under Feature, select Outlook Web Access, and then click Enable.

5. Click OK.

Figure 4-2: Use the Mailbox Features tab to manage a user's mobile and Web access settings.