Recipe8.1.Blocking Specific Versions of Outlook from Connecting


Recipe 8.1. Blocking Specific Versions of Outlook from Connecting

Problem

You want to be able to control which versions of Outlook connect to your Exchange servers using MAPI, to prevent users from running older, unpatched versions or from running beta versions. Or you may want to completely disable the use of MAPI.

Solution

Using a graphical user interface

  1. Log on to the server where you want to block certain versions of Outlook from connecting. You must perform the following steps individually on each server.

  2. Using Registry Editor (regedit.exe), locate the following registry key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem

  3. Add a REG_SZ value named Disable MAPI Clients. For the value data, enter a string containing a list of the MAPI client versions you wish to prevent connecting in one of the formats listed in Table 8-1. (You can get version data in ESM by checking the Logons node under each mailbox database; the Client Version column will tell you what clients and versions are currently in use.) You can specify multiple versions and ranges by separating them with commas.

Table 8-1. Registry formats for blocking Outlook connections

Format

Effect

Example

Maj.min.rev

Blocks the specified version only

9.0.0 blocks all versions of Outlook 2000

maj.min.rev.build

Blocks everything except the specified one

11.6359.6360 allows Outlook 2003 SP1, but nothing else

oldversion-newversion

Blocks all version in the specified range

8.00.3511-8.5.7806 blocks all Outlook 97 and 98 versions

-version

Blocks any version earlier than the specified version

-11.5608.5606 blocks anything older than Outlook 2003 RTM

version-

Blocks any version newer than the specified version

4993.3- will block any client newer than the Exchange 4.0 client


  1. Restart the Exchange information store service.

Using a command-line interface

To force Exchange to refuse connections from any Outlook version older than Outlook 2003, use these commands:

> reg add HKLM\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem     /t REG_SZ /v "Disable MAPI Clients" /d "-11.5608.5606" > net stop msexchangeis /y > net start msexchangeis

This adds the required registry key, stops the Exchange information store service, and starts the store service again. All clients will be disconnected when the information store stops; when it restarts, any client that reports a version older than the selected version will be unable to connect and will receive an error message.

Discussion

When Outlook makes a MAPI connection to the Exchange server, it reports its version number. These numbers can be retrieved from the Exchange System Manager (check the Logons object under any mailbox database to see which clients are logged on to that particular database). For a more comprehensive list of versions, see the Exchange & Outlook Build Info page (http://www.cdolive.com/build.htm) maintained on the CDOLive web site (use the column marked Exchange Admin Build).

As it starts up, the information store service checks for the presence of the Disable MAPI Clients value in the registry. If this key is present, the list of values provides a list of MAPI client versions that will be prohibited from connecting to the store. Almost all versions of Exchange 2000 and 2003 support this feature. Although it was not present in Exchange 2000 RTM, it was added in Version 6.0.4418.63 of the store.exe binary, which was a pre-SP1 hotfix. As long as your servers are running Exchange 2000 SP1 or later, you can use this capability.

Formatting the string correctly can be slightly complicated, due to the multiple formats and values used by the various versions of Outlook over the years. In general, it is easiest to note the version number reported by Exchange System Manager and use that. MS KB 288894 describes this technique but is slightly confusing when explaining how to determine the version string.

See Also

MS KB 328240 (How to put server-side restrictions on clients that are used to access Exchange 2000 mailboxes), MS KB 288894 (Feature to Disable MAPI Client Access), and CDOLive: Exchange & Outlook Build Info (http://www.cdolive.com/build.htm)



Exchange Server Cookbook
Exchange Server Cookbook: For Exchange Server 2003 and Exchange 2000 Server
ISBN: 0596007175
EAN: 2147483647
Year: 2006
Pages: 235

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net