Exchange Messaging Outlook Volume 13, Number 10

by Michael B. Smith, MCSE/Exchange MVP

This week, Microsoft unleashed update rollup 3 for Exchange Server 2007 service pack 1 onto the world - on Patch Tuesday, along with a number of other 'important' security patches. This timing is no coincidence. Included in UR3 is a fix for an OWA security hole that can cause an elevation of privilege (MS08-039). This was also not a unique problem to SP1 - Microsoft also released UR7 for Exchange Server 2007 RTM (that is, the version without a service pack) and a hotfix for Exchange Server 2003 service pack 2 (earlier versions of Exchange 2003 are no longer supported) to correct the same issues.

Continue reading...

It seems like a lot of Exchange sites support only OWA and a lot for those users would like to use Outlook instead but won't ask the administrator or don't believe him when the answer is "No", so they ask me if its possible.

My answer: It depends on how the server is configured.

If the web address you use to access OWA begins with HTTPS, you can use Outlook only if Outlook Anywhere (RPC over HTTP) is enabled. While you could try to find out on your own by using the OWA URL in the proxy settings, you should ask the Exchange administrator if its enabled and if so, what proxy address and authentication settings to use. It's much faster and less frustrating than experimenting with different settings.

When the web address is not secure (URL begins with HTTP://) you can configure it in Outlook 2003 and 2007 as an HTTP account type. However you will be limited to email as Calendar, Contacts, and Tasks are unusable.

Only Exchange server supports HTTP access through Outlook. Other web mail sources, such as Yahoo, do not support WebDAV and cannot be used in Outlook. You'll need POP3 or IMAP access to use them with Outlook.

An Outlook user asked me if its possible to define a search that will only show those messages that have a specific attachment type (file extension).

Outlook 2007's search capabilities are better than in previous versions, but not yet perfect, as a search like this shows. Instant search will narrow the field for you, but it will find all messages with the extension in the message body too. You can use the Instant search criteria of "Has Attachments" to show only messages with attachments, making it easier to browse the results for the correct message.

When you use an older version of Outlook, you'll need to be creative or use a third-party search tool. If the attachment name is in the email header (many are) you can use a rule to set a flag or category based on words in the header and use Run Rules Now to run it on the messages already downloaded. Then use a custom view or Advanced Find to show only that flag or category that meet the flag or category criteria. This is not 100% foolproof as it may miss attachments that are embedded in the message as the attachment name may not be included in the Internet header.

Search Tools
http://www.slipstick.com/addins/search.asp

If you use Zone Alarm and lost Internet connectivity after a recent Windows update, you'll need to download the new version of ZoneAlarm.

A link to the new version is at http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html 

For a temporary fix you can move the ZoneAlarm Internet Security zone slider to Medium or uninstall the Windows update.

If you're unfamiliar with how Exchange Server 2007 updates are numbered, KB articles referring to different rollup updates may leave you confused, such as the two released this week.

Exchange RTM and SP1 are considered different versions when it comes to updates and SP1 isn't a requirement or forced upgrade, yet. The rollup updates allow those sites who haven't yet installed SP1 to install the more critical updates and fixes without upgrading to SP1.

In either case, the rollup terminology means the updates installed with previous rollups are rolled into the latest one. This means if you need to install Exchange 2007 in the future you'll need only the last rollup released.