Recipe 8.1. Blocking Specific Versions of Outlook from ConnectingProblemYou want to be able to control which versions of Outlook connect to your Exchange servers using MAPI, to prevent users from running older, unpatched versions or from running beta versions. Or you may want to completely disable the use of MAPI. SolutionUsing a graphical user interface
Using a command-line interfaceTo force Exchange to refuse connections from any Outlook version older than Outlook 2003, use these commands: > reg add HKLM\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem /t REG_SZ /v "Disable MAPI Clients" /d "-11.5608.5606" > net stop msexchangeis /y > net start msexchangeis This adds the required registry key, stops the Exchange information store service, and starts the store service again. All clients will be disconnected when the information store stops; when it restarts, any client that reports a version older than the selected version will be unable to connect and will receive an error message. DiscussionWhen Outlook makes a MAPI connection to the Exchange server, it reports its version number. These numbers can be retrieved from the Exchange System Manager (check the Logons object under any mailbox database to see which clients are logged on to that particular database). For a more comprehensive list of versions, see the Exchange & Outlook Build Info page (http://www.cdolive.com/build.htm) maintained on the CDOLive web site (use the column marked Exchange Admin Build). As it starts up, the information store service checks for the presence of the Disable MAPI Clients value in the registry. If this key is present, the list of values provides a list of MAPI client versions that will be prohibited from connecting to the store. Almost all versions of Exchange 2000 and 2003 support this feature. Although it was not present in Exchange 2000 RTM, it was added in Version 6.0.4418.63 of the store.exe binary, which was a pre-SP1 hotfix. As long as your servers are running Exchange 2000 SP1 or later, you can use this capability. Formatting the string correctly can be slightly complicated, due to the multiple formats and values used by the various versions of Outlook over the years. In general, it is easiest to note the version number reported by Exchange System Manager and use that. MS KB 288894 describes this technique but is slightly confusing when explaining how to determine the version string. See AlsoMS KB 328240 (How to put server-side restrictions on clients that are used to access Exchange 2000 mailboxes), MS KB 288894 (Feature to Disable MAPI Client Access), and CDOLive: Exchange & Outlook Build Info (http://www.cdolive.com/build.htm) |