Wednesday, September 5, 2007

How to restrict only certain versions of Outlook to connect to Exchange server?

From Exchange 2000 Service Pack 1, a new feature was introduced which enabled the Administrator to allow only certain versions of Outlook to connect to the Exchange Server. This is typically handy in large organizations which have multiple versions of Outlook running. This feature is used to prevent users who are still running an older version of Outlook to connect to the Exchange server.

A general recommendation is not to allow Outlook clients older than Outlook 2000 Service Pack 3 from connecting to the Exchange server. The reason is the enhanced security feature called “Email Security Update” which was introduced in Service Pack 3 of Outlook 2000.

This feature is also handy to prevent your users from installing Beta versions of Outlook, as these may cause loss of productivity and increase in the number of helpdesk calls.

For implementing Outlook version, restriction, the MAPI version of Outlook is required. There is a MAPI version available from Outlook  Help  About. We are not talking about this version number. The version number needs to be obtained from the Exchange server. This is available under Logons in the Exchange System Manager, under the column Client Version. Below is the diagram which shows this:


The version number presented is in the form of w.x.y.z

The number required for restricting access to certain version of Outlook is w.y.z. The number in x is not required.

The most important value in this table is the value in the Value Required to Restrict Logon column. By default, Exchange allows all versions of MAPI clients to access the mailbox stores. However, you can restrict access to the mailbox and public folder stores to specific versions if you create a Registry value called
Disable MAPI Clients of type REG_SZ in the following Registry key:

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem

In this Registry value that you created, you will put in the values of clients that should be prevented from accessing the Information Stores. It is also permissible to put in a range of versions; entries must be separated by a comma. The Exchange components must always be allowed to access the store.

NOTE: The MAPI version 6 components must always be allowed to log on. They are the Exchange 2003 components such as the System Attendant or the Exchange System Manager.

Once this feature is in place, clients will get a “The attempt to log on to the Microsoft Exchange Server computer has failed” message if they try to access the Exchange server from a client whose MAPI version you are blocking. However, Outlook 2003 gives a little more intelligent and explanatory pop-up message:


0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home