Exchange & Outlook UPDATE, Exchange Edition, September 4, 2003

Exchange & Outlook UPDATE, Exchange Edition--September 4, 2003

This Issue Sponsored By

VERITAS Edition for Exchange|DLT Solutions, Inc.



1. Commentary

- S/MIME and Exchange Server 2003

2. Announcements

- Discover Better Ways to Support and Secure Your Clients

- Learn More About the Security Risks in Exchange 2003

3. Instant Poll

- Results of Previous Poll: Spam Control

- New Instant Poll: Instant Messaging

4. Resources

- Quick Start for SMIME in Exchange Server 2003

- Featured Thread: Missing Option for Terminal Services Users

- Outlook Tip: Viewing Only Recent Messages in OWA

5. Events

- New--Mobile & Wireless Road Show!

6. New and Improved

- Locate Message-Level Items from Exchange Backups

- Tell Us About a Hot Product and Get a T-Shirt!

7. Contact Us - See this section for a list of ways to contact us.


~~~~ Sponsor: VERITAS Edition for Exchange|DLT Solutions, Inc. ~~~~

~~ Win a Free License of VERITAS Edition for Exchange


~~ VERITAS Edition(tm) for Microsoft Exchange 2000

~~ Proactive Management & Quick Recovery for Exchange

VERITAS Edition for Microsoft Exchange 2000 simplifies the management of your Exchange storage by making it more available through proactive administration and configuration of heterogeneous storage. It is an integrated suite of industry-leading VERITAS technologies engineered specifically to improve manageability, increase availability, and ensure quick recovery of Exchange storage. For more information, call DLT Solutions, Inc. at 866-358-8787 or e-mail [email protected]

~~Enter to Win a Free License of VERITAS Edition for Exchange

~~Hurry, contest ends September 30, 2003!


==== 1. Commentary: S/MIME and Exchange Server 2003==== by Paul Robichaux, News Editor, [email protected]

Exchange Server and Outlook have supported Secure MIME (S/MIME) for a while now, and more and more Exchange customers are demanding to know how to set up and use S/MIME in their environments. The process isn't trivial and is too involved for one column, but I can give you some pointers.

First, download and read Microsoft's excellent new article "Quick Start for SMIME in Exchange Server 2003" (see the Resources section of this UPDATE for details). You can easily read and absorb this 40-page guide in an afternoon. The guide provides a road map for setting up an S/MIME test lab and using it to gain experience with Windows Certificate Services tools and Exchange and to test S/MIME deployment.

Second, think about why and how you want to use S/MIME. The component protocols that S/MIME supports let your clients digitally sign messages, thus preventing attackers from tampering with those messages. The protocols also let clients encrypt messages so that only the intended recipients can read the messages. Both these abilities are useful, but just how useful are they to your organization? Most companies that want to deploy S/MIME do so for one of three reasons:

- Companies want to use digital signatures for nonrepudiation when dealing with partners, customers, and suppliers. These companies want a way to prove that a message was sent by a particular person and that the contents weren't altered. Nonrepudiation provides protection against weaseling (e.g., a supplier denying that an agreement was reached on a price).

- Companies want to be able to authenticate messages that relate to crucial functions—-usually involving money. Travel requests, purchase orders, and the like are great candidates for authentication with signature-based applications because the signatures can't be faked easily.

- Companies want to encrypt some messages for protection against eavesdropping or compromise. Because S/MIME encrypts messages before they're sent, the messages remain encrypted on the server, providing security against untrustworthy administrators as well as attackers.

To get S/MIME running in your environment, you'll need to take the following steps: - Set up a Certificate Authority (CA) that can issue certificates to users. Third-party CAs such as VeriSign sell (expensive) end-user certificates, or you can use Windows Server 2003 or Windows 2000 Certificate Services to issue your own certificates. This process involves some subtleties (namely, if someone compromises your CA, they effectively compromise every certificate the CA ever issued), so it's best to set up a CA in a test lab first and carefully review the CA documentation to be sure you understand it before applying this step in production.

- Get the right version of Exchange. Exchange Server 5.5 and later support S/MIME. Exchange 2000 Server and Exchange 5.5 use a service called the Key Management Server (KMS), which interacts with the Windows Certificate Services component to handle certificate issuance, rekeying, and revocation. Exchange 2003 doesn't use the KMS; instead, it depends on the Windows 2003 Certificate Services component, which offers several improvements over its predecessors. No matter which Exchange version you use, you need to go to the Mailbox Store Properties dialog box's General tab and specify that clients can use S/MIME signatures.

- Provide certificates for users. If you use the KMS, users can directly enroll through Outlook 2000 (and later); you can also let users get certificates through the Windows Certificate Services Web enrollment tool. You can even set up automatic enrollment so that each user automatically gets a certificate.

- Use Outlook's Tools, Options settings' Security tab to configure Outlook to use the certificates. Each user must tell Outlook which certificate to use. (As a bonus, depending on how you configure your CA, the certificates you issue might be usable for other purposes, including Encrypting File System--EFS--and Authenticode code-signing for Microsoft Office macros.)

- Teach your users how to sign and encrypt messages. This step might be the easiest one because Outlook has simple toolbar buttons for signing and encrypting messages. If you prefer, you can use a Group Policy setting to force signing or encrypting to always occur.

Using S/MIME raises some business questions. Should all users be able to send encrypted messages to each other? Should users be able to send encrypted email outside the company? Who should sign messages, and under what circumstances? Dealing with these questions is one part of S/MIME deployment that you must figure out on your own, but the security-related benefits of doing so are likely to be worth the time.


~~~~ Sponsor: MailFrontier ~~~~

Free Whitepaper - How to Evaluate Anti-Spam Solutions

Want to be sure that the anti-spam solution you choose will really solve your problem? Many businesses learn the hard way that installing an anti-spam solution can solve one problem but cause other devastating problems, such as creating a flood of helpdesk calls. This whitepaper examines the key requirements for an enterprise anti-spam solution, and the questions you should ask of vendors. Make sure you know what to look for in an anti-spam solution. Download Your Free Whitepaper Now.


==== 2. Announcements ==== (from Windows & .NET Magazine and its partners)

Discover Better Ways to Support and Secure Your Clients

Get the tools and techniques that you need to successfully manage client computers throughout an organization. Windows Client UPDATE, a weekly email newsletter from Windows & .NET Magazine, provides tips for remote management, profile management, single sign-on (SSO), registry modifications, and other administration tasks that will keep your users' systems running smoothly. Sign up for a free subscription at

Learn More About the Security Risks in Exchange 2003

Videotaped live at Microsoft TechEd 2003, this free archived Web seminar delivers an introduction to the new security features and enhancements of Exchange Server 2003, including the new security APIs that can minimize virus risk and spam traffic. Plus, you'll discover more about the future of the messaging industry and what's on the horizon in assessing risk. Register today!


~~~~ Hot Release: KVS ~~~~

Research shows 72% of organizations regularly recover emails. Average age of the oldest email retrieved is 10 months. With 46% not backing up locally, would you cope if required by law to recover email? Perhaps for litigation? Or a regulatory (e.g. Sarbanes Oxley) access request? Download research at:


==== 3. Instant Poll ====

Results of Previous Poll: Spam Control

The voting has ended in Exchange & Outlook Administrator's nonscientific Instant Poll for the question "Would you support federal antispam legislation?" Here are the results from the 341 votes:

- 71% Yes, anything to stop spam

- 17% Yes, but only until better antispam technology is available

- 5% I'm not sure

- 7% No, under no circumstances

New Instant Poll: Instant Messaging

The next Exchange Instant Poll question is "How important is Instant Messaging to your organization?" Go to the Exchange & Outlook Administrator home page and submit your vote for a) Very important, b) Not very important now, but will probably be important within the next few years, or c) I can't imagine my company ever using it to any great extent.

==== 4. Resources ====

Quick Start for SMIME in Exchange Server 2003

The Exchange product team has produced a document explaining how to set up and use Secure MIME (S/MIME) in Exchange Server 2003. To download the document, go to the following URL:

Featured Thread: Missing Option for Terminal Services Users A forum reader is having trouble because an email option is missing from Microsoft Office 2000 applications for Terminal Services users. To offer your advice or join the discussion, go to the following URL:

Outlook Tip: Viewing Only Recent Messages in OWA by Sue Mosher, [email protected]

Q: I'm on several mailing lists. Because of limited space in my Exchange mailbox, I use rules to move mailing-list messages to folders in a .pst file. But I've begun using Outlook Web Access (OWA) and want to see my mailing-list messages when I log on to OWA. Can I display the most recent messages in OWA without filling up my mailbox?

A: I suggest a two-tiered system. For the first tier, modify the Rules Wizard rules to move the mailing-list items into folders in your mailbox--probably one folder per mailing list. For the second tier, right-click the mailbox folder, choose Properties, then click the AutoArchive tab. Set the folder to archive to a .pst file dedicated to your mailing-list messages. You might need to adjust the AutoArchive interval (Tools, Options, Other, AutoArchive) so that Outlook archives the mailing-list data frequently enough to prevent your mailbox from running up against the storage limit.

This approach makes the most recent messages available through OWA while archiving older messages to the .pst file. If you know that several people in your company subscribe to the same mailing list, consider asking the Exchange administrator to set up a public folder that subscribes to the list.

See the Exchange & Outlook Administrator Web site for more great tips from Sue Mosher.

==== 5. Events ==== (brought to you by Windows & .NET Magazine)

New--Mobile & Wireless Road Show!

Learn more about the wireless and mobility solutions that are available today! Register now for this free event!

==== 6. New and Improved ==== by Carolyn Mader, [email protected]

Locate Message-Level Items from Exchange Backups

Aelita Software released Aelita Recovery Manager (ARM) for Exchange, software that lets you locate and store individual message-level items (e.g., email messages, contacts, public folder contents, notes, calendar entries, attachments) from existing Exchange Server backups. ARM for Exchange supports full, incremental, and differential backups so that you can perform a thorough search even if you don't perform complete daily backups. ARM for Exchange supports Exchange Server 2003, Exchange 2000 Server, and Exchange Server 5.5. Contact Aelita at 614-761-9620, 800-263-0036, or [email protected]

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

==== Sponsored Links ====

Aelita Software

Free message-level Exchange recovery web seminar October 9th;6098474;8214395;v?


Free Download - NEW NetOp 7.6 - faster, more secure, remote support;5930423;8214395;j?

MailFrontier Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.;6080289;8214395;q?


==== 7. Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Exchange & Outlook Administrator, the print newsletter with practical advice, tips, and techniques covering migration, backup and restoration, security, and much more. Subscribe today.

Copyright 2003, Penton Media, Inc.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.