Understanding and Configuring Direct File Access

By default, Exchange Server 2007 allows users to access files directly through Outlook Web Access. This means that users will be able to access files attached to e-mail messages. You can configure how users interact with files using one of three options in the Exchange Management Console:

• Allow Allows users to access files of the specified types and sends the users’ browser information that allows the files to be displayed or opened in the proper applications.

• Block Prevents users from accessing files of the specified types.

• Force Save Forces users to save files of the specified types prior to opening them.

Below lists the default file extensions and default Multipurpose Internet Mail Extensions (MIME) values that Exchange Server allows, blocks, or sets to force save by default. These settings are applied to the OWA virtual directory on Client Access servers. If a server has multiple OWA virtual directories or you have multiple Client Access servers, you must configure each directory and server separately.

 Note : If there are conflicts between the allow, block, and force save lists, the allow list takes precedence. This means that the allow list settings override the block list and the force save list. As updates are applied to Exchange Server, the default lists may change. Be sure to check the currently applied defaults

Exchange Server considers all file extensions and MIME types not listed on the allow, block, or force save list to be unknown files and file types. The default setting for unknown file types is force save.

Based on the user's selection, the configuration of his or her network settings, or both, Exchange divides all client connections into one of two classes:

Public Computer A public computer is a computer being used on a public network.

Private Computer A private computer is a computer on a private network.

You can enable or disable direct access to files separately for public computers and private computers. However, the allow, block, and force save settings for both types of computers are shared and applied to both public and private computers in the same way.

You can configure direct file access by completing the following steps:

1) In Exchange Management Console, expand the Server Configuration node, and then select the Client Access node.

 Option Default File Name Extensions Default MIME Values

2) In the upper portion of the details pane, you'll see a list of your organization's Client Access servers. Select the server you want to configure.

3) In the lower portion of the details pane, you'll see a list of option tabs for the selected server. On the Outlook Web Access tab, right-click the virtual directory for which you are configuring direct file access, and then select Properties. Typically, you'll want to configure the OWA virtual directory on the Default Web Site, as this directory is used by default for Outlook Web Access.

4) To enable or disable direct file access for public computers, on the Public Computer File Access tab, select or clear the Enable Direct File Access check box, as appropriate As given below

5) To enable or disable direct file access for private computers, on the Private Computer File Access tab, select or clear the Enable Direct File Access check box, as appropriate.

6) On either the Public Computer File Access tab or Private Computer File Access tab, click the Customize button on the Direct File Access panel. The Direct File Access Settings dialog box appears




7) In the Direct File Access Settings dialog box, you can configure allowed files by clicking Allow. The Allow List dialog box appears. Use the following techniques to configure allowed files, and then click OK:

 To allow a new file extension, type it in the text box provided. Be sure to include the period, such as .xhtml, and then press Enter or click Add.

 To allow a new MIME type, enter it in the text box provided. Be sure to include the full MIME type designator, such as text/xhtml, and then press Enter or click Add.

 To stop allowing a file extension or MIME type, select it, and then click the Remove button.

8) In the Direct File Access Settings dialog box, you can configure blocked files by clicking Block. The Block List dialog box appears. Use the following techniques to configure blocked files, and then click OK:

 To block a new file extension, type it in the text box provided. Be sure to include the period, such as .src, and then press Enter or click Add.

 To block a new MIME type, enter it in the text box provided. Be sure to include the full MIME type designator, such as application/src, and then press Enter or click Add.

 To stop blocking a file extension or MIME type, select it, and then click the Remove button.

9) In the Direct File Access Settings dialog box, you can configure allowed files by clicking Force Save. The Force Save List dialog box appears. Use the following techniques to configure force-saved files, and then click OK:

 To force save a new file extension, type it in the text box provided. Be sure to include the period, such as .aap, and then press Enter or click Add.

 To force save a new MIME type, enter it in the text box provided. Be sure to include the full MIME type designator, such as application/stream, and then press Enter or click Add.

 To stop force saving a file extension or MIME type, select it, and then click the Remove button.

10) In the Direct File Access Settings dialog box, you can configure allowed files using the selection list on the Unknown Files panel. Set the desired action to Allow, Block, or Force Save. Click OK to save your settings, and then click OK to close the Properties dialog box for the virtual directory you selected.

In Exchange Management Shell, you can use the Set-OwaVirtualDirectory cmdlet to manage the direct file-access configuration. Set the Identity parameter to the identity of the virtual directory on the server you want to work with, such as:

Set-OwaVirtualDirectory -Identity 'Testsvr127\owa (Default Web Site)'
 -DirectFileAccessOnPublicComputersEnabled $false
 -DirectFileAccessOnPrivateComputersEnabled $true

If you are unsure of the virtual directory identity value, use the Get-OwaVirtualDirectory cmdlet to retrieve a list of available virtual directories on a named server, as shown in the following example:

Get-OwaVirtualDirectory -Server 'Testsvr127'

Remote File Access
By default, Exchange Server 2007 allows users to access files remotely through Outlook Web Access as long as they have a Premium Client Access License. This means users will be able to access Windows SharePoint Services and Universal Naming Convention (UNC) file shares on SharePoint sites. SharePoint sites consist of Web Parts and Windows ASP.NET–based components that allow users to share documents, tasks, contacts, events, and other information. When you configure UNC file shares on SharePoint sites, you enable users to share folders and files.

You can enable or disable direct remote access to Windows file shares and Windows SharePoint Services separately for public computers and private computers. To configure remote file access, complete the following steps:

1) In Exchange Management Console, expand the Server Configuration node, and then select the Client Access node.

2) In the upper portion of the details pane, you'll see a list of your organization's Client Access servers. Select the server you want to configure.

3) In the lower portion of the details pane, you'll see a list of option tabs for the selected server. On the Outlook Web Access tab, right-click the virtual directory for which you are configuring remote file access, and then select Properties. Typically, you'll want to configure the OWA virtual directory on the Default Web Site, as this directory is used by default for Outlook Web Access.

4) To configure remote file access for public computers, on the Public Computer File Access tab, use the following techniques to configure remote file access from public computers:

•  Enable UNC file shares for remote access by selecting the Windows File Shares check box.
•  Disable UNC file shares for remote access by clearing the Windows File Shares check box.
•  Enable Web Parts and SharePoint for remote access by selecting the Windows SharePoint Services check box.
•  Disable Web Parts and SharePoint for remote access by clearing the Windows SharePoint Services check box.

5) To configure remote file access for private computers, on the Private Computer File Access tab, select or clear the Windows File Shares and Windows SharePoint Services check boxes, as appropriate.

6) On the Remote File Servers tab as shown in Figure below, you can specify the host names of servers from which clients are denied or allowed access using block and allow lists, respectively. If there is a conflict between the block list and the allow list, the block list takes precedence. See the figure below



7) To configure the block list, click Block. Use the following techniques to configure the block list, and then click OK:

 To add a server to the block list, type the fully qualified domain name of the server, such as http://testsvr.testdom.com, and then press Enter or click Add.

 To remove a server from the block list, select the host entry, and then click the Remove button.

To configure the allow list, click Allow. Use the following techniques to configure the allow list, and then click OK:

 To add a server to the allow list, type the fully qualified domain name of the server, such as http://testsvr.testdom.com, and then press Enter or click Add.

 To remove a server from the allow list, select the host entry, and then click the Remove button.

Servers that are not listed on either the allow list or the block list are considered to be unknown servers. By default, access to unknown servers is allowed. On the Remote File Servers tab, use the Unknown Servers selection list to allow or block unknown servers.

Users only have access to shares hosted on internal servers. For a server to be considered an internal server, you must tell Exchange about the domain suffixes that should be handled as internal. On the Remote File Servers tab, click the Configure button. Use the following techniques to configure your internal domain suffixes, and then click OK:

 To add a domain suffix, type the fully qualified domain name of the suffix, such as http://testdom.com, and then press Enter or click Add.

 To remove a domain suffix, select the suffix entry, and then click the Remove button.

In Exchange Management Shell, you can use the Set-OwaVirtualDirectory cmdlet to manage the direct file access configuration. Set the Identity parameter to the identity of the virtual directory on the server with which you want to work, such as:

Set-OwaVirtualDirectory -Identity 'testsvr\owa (Default Web Site)'
-UNCAccessOnPublicComputersEnabled $false
-UNCAccessOnPrivateComputersEnabled $true
-WSSAccessOnPublicComputersEnabled $false
-WSSAccessOnPrivateComputersEnabled $true

If you are unsure of the virtual directory identity value, use the Get-OwaVirtualDirectory cmdlet to retrieve a list of available virtual directories on a named server, as shown in the following example:

Get-OwaVirtualDirectory -Server 'testsvr'

WebReady Document Viewing

WebReady Document Viewing allows users to view common file types in Outlook Web Access without having the applications associated with those file types installed on their computer. This allows users to view the following files:

• Adobe PDF documents with the .pdf extension.
• Microsoft Excel spreadsheets with the .xls extension.
• Microsoft Word documents with the .doc extension.
• Microsoft PowerPoint presentations with the .ppt extension.

For attachments, the related MIME types supported are as follows:

• application/pdf
• application/vnd.ms-excel
• application/vnd.ms-powerpoint
• application/word
• application/x-msexcel
• application/x-mspowerpoint

When there are conflicting settings between the direct file, the remote file, and the WebReady Document Viewing settings, you can force clients to use WebReady Document Viewing first, if you want. This means that the documents will be opened within Internet Explorer rather than in a related application, such as Microsoft Word.

You can enable or disable WebReady Document Viewing separately for public Computers and private computers. However, supported document settings for both types of computers are shared and applied to both public and private computers in the same way.

To configure WebReady Document Viewing, complete the following steps:

1. In Exchange Management Console, expand the Server Configuration node, and then select the Client Access node.
2. In the upper portion of the details pane, you'll see a list of your organization's Client Access servers. Select the server you want to configure.
3. In the lower portion of the details pane, you'll see a list of option tabs for the selected server. On the Outlook Web Access tab, right-click the virtual directory for which you are configuring WebReady Document Viewing, and then select Properties. Typically, you'll want to configure the OWA virtual directory on the Default Web Site, as this directory is used by default for Outlook Web Access.
4. Use the following techniques to configure WebReady Document Viewing from public computers:

•  Enable WebReady Document Viewing by selecting the Enable WebReady Document Viewing check box.
•  Disable WebReady Document Viewing by clearing the Enable WebReady Document Viewing check box.
•  Force the use of WebReady Document Viewing first by selecting the Force WebReady Document Viewing First check box.
• .    Allow documents with supported WebReady Document Viewing formats to be opened in related applications by clearing the Force WebReady Document Viewing First check box.

    5.    To configure WebReady Document Viewing for private computers, on the Private Computer File Access tab, select or clear the Enable WebReady Document Viewing and Force WebReady Document Viewing First check boxes, as appropriate.

    6.    On either the Public Computer File Access tab or Private Computer File Access tab, click the Supported button on the WebReady Document Viewing panel. The WebReady Document Viewing Settings dialog box appears




    7.    To allow all supported document types to be used with WebReady Document Viewing, select All Supported Document Types, and then click OK.

   8.     To customize the supported document types, click Specific Document Types. Use the following techniques to configure supported document types:

•  To stop allowing a document extension or MIME type, select it, and then click the Remove button.
•  To restore a previously removed document extension, under Specify Document Extensions, click the Add button, select the document extension to add, and then click OK.
•  To restore a previously removed MIME type, under Specify The MIME Types Of Documents, click the Add button, select the MIME type to add, and then click OK.

   9.    Click OK to close the Properties dialog box for the virtual directory.

In Exchange Management Shell, you can use the Set-OwaVirtualDirectory cmdlet to manage the WebReady Document Viewing configuration. Set the Identity parameter to the identity of the virtual directory on the server with which you want to work, such as:

Set-OwaVirtualDirectory -Identity 'testSVR\owa (Default Web Site)'
 -WebReadyDocumentViewingAccessOnPublicComputersEnabled $false
 -WebReadyDocumentViewingOnPrivateComputersEnabled $true

If you are unsure of the virtual directory identity value, use the Get-OwaVirtualDirectory cmdlet to retrieve a list of available virtual directories on a named server, as shown in the following example:

Get-OwaVirtualDirectory -Server 'Testsvr'