Ever since Microsoft released Service Pack 2 for Exchange 2000 you have been able to provision OWA. Provisioning, also know as segmentation, allows an Exchange administrator to remove certain features and functionality from OWA and there are a number of reasons why you may wish to do this.
For example, if you are providing hosted Exchange mailboxes, you can remove features such as Public Folders or Junk Mail and then resell these features back to the customer, increasing revenue. On the other hand, if you are an Exchange administrator for a company, you may wish to remove some of the features for security reasons or to improve performance. As an example, the company I work for has outside sales representatives who use OWA to retrieve sales reports. These sales reps only need access to their Inbox so everything else has been removed. At the same time we have some remote users with dial-up access only and for them, the Rich Client (also known as Premium Mode) has been removed to improve performance.
When provisioning was introduced in Exchange 2000 SP2 and SP3 you were required to modify the Active Directory schema to enable this ability. Microsoft did supply a VB script to perform the schema modification; however this functionality is now built into Exchange 2003 and the schema modifications are no longer necessary. The number of features that are available has also changed with OWA 2003.
Exchange 2003 introduced some new features to OWA, including Themes, Signatures, Rules and more. Table 1 shows a listing of the features in OWA 2003 that can be provisioned.
Table 1: Provisioning Values
* Exchange 2003 only
Provisioning can be configured either on a per server or on a per user basis. The method for both is similar; however there is one major difference and that is the location where the change is made.
Per Server Configuration
Per server changes cover the entire server and all its users. If you are running a front-end/back-end configuration with load balancing on the front-end servers, you should implement this change on all front-end servers to maintain consistency.
The first step is to determine the features you want your user to have. Select the features and record the decimal value for each feature. Next add up the numbers. As an example, let’s say we want the user to have the Calendar, Contacts, Messaging, and Tasks.
Adding up those options give us a decimal value of 00000015. The global configuration is set via the registry so let’s open up a registry editor and drill down to the following registry key.
Locate the REG_DWORD called DefaultMailboxFolderSet, if it does not exist you will have to create it, and then change the value to 00000015. Before this change will take effect, you must restart the World Wide Web Publishing service and the Microsoft Exchange Information Store service. Beware that this will disconnect all Outlook and OWA users that are connected to this Exchange server.
Once the services have been restarted, you can log in to OWA and see the results. Figure 1 shows the results of the options selected in our example.
Figure 1: Per server Example
We can see that the user has the Inbox and Folders, which is part of Messaging, access to the Calendar, Tasks and Contacts. Also notice the look, we did not include the Rich Client, so the features associated with the premium OWA client are also removed. Removing the Rich Client is an easy way to improve performance for dial-up users and also allow a server to handle more OWA clients.
One more method of configuring server-wide provisioning is with the OWA Admin tool. Microsoft provides the OWA Admin tool for free and it provides a web-based interface for administrators to safely configure all the customizable OWA features on your Exchange organizations front-end and back-end servers. Using this tool ensures the correct registry settings are made and includes documentation on all the features. To provision OWA 2003 with this tool, install it and then browse to https://mailserver/owaadmin
Under Customization, click the Server-wide feature Support link (see Figure 2: Customization) and you will be taken to a page that lists all the features you can provision.
Figure 2: Customization
Un-check the box next to the features you wish to remove and click OK (see Figure 3: Features). The changes will be applied and all OWA users will be limited to the features you selected.
Figure 3: Features
Per User Configuration
Per user configuration affects only the user or users, for which you make the change. In a front-end/back-end environment, the change does not have to be made on each server. The steps for per user configuration are similar to the per server configuration we just went over. You can use the same chart of features and the associated decimal value, adding up the values for the features you wish to provide the individual user. The difference is that this value is entered into the users Active Directory properties. Now before you begin poking around in the Active Directory Users and Computers MMC, it should be noted that you will not find it there.
To provision OWA on a per user basis you will need ADSIEdit, which is installed with the Support Tools from the Windows Server 2003 install media. Editing Active Directory with ADSIEdit is just as dangerous as editing the registry and you should proceed with caution. Making an incorrect change can bring down your Active Directory in a snap.
To make the change to a user account, launch ADSIEdit.msc from the Run box and then drill down to:
-OU – Users OU (the OU that contains the user you wish to modify)
Right-click on the username and select properties; scroll down the list of attributes until you locate the msExchMailboxFolderSet value. Change the value from <Not set> to the decimal value you calculated (see Figure 4: Per-user Configuration). In this example we will use the value of 00000001 to give them Inbox access only.
Figure 4: Per user Configuration
Unlike the per server configuration, there is no need to restart any services. These changes will take effect the next time the user logs into Outlook Web Access. Figure 5 shows the outcome of the per user example.
Figure 5: Per user Example
It should be noted that the Messaging feature cannot be removed. I cannot think why you would want to remove the main functionality of Exchange server but even though it is on the list you must always include it.
Provisioning OWA has gotten much simpler to implement and there are more features available with Exchange Server 2003. If you are segmenting OWA for security reasons, to increase performance or to increase your bottom line, Microsoft has made it easier to accomplish and more powerful than ever.
If you would like to know more about Outlook Web Access and the customization options available to OWA clients check out these other MSExchange.org articles.