Setting Client Access Server and OWA Options

I'd planned to write this week's UPDATE on the Set-OwaVirtualDirectory and Set-CASMailbox cmdlets. Knowing which settings to use and when to use them is an important part of managing your Exchange Server clients' experience. However, when I started researching this column, I was amazed to find that the Set-OwaVirtualDirectory cmdlet supports 77 distinct options, and Set-CASMailbox has almost as many. The Microsoft documentation mentions each of these options, but sometimes its coverage is pretty sparse. That's OK for commands such as

Set-CASMailbox -OwaTasksEnabled:$false

which is pretty self-explanatory—it turns off OWA's Tasks module for the selected users. However, there are other options whose meanings aren't quite so clear, and the similarity of options for the two cmdlets can be confusing. Here are a few things to know about these cmdlets to help you use them most efficiently.

First, think of the purpose of each of the commands: One sets options on an OWA virtual directory, and one sets options on an individual mailbox. Each of these cmdlets can be applied to multiple targets by using other cmdlets to identify the servers or mailboxes you want to modify, then piping those objects to the appropriate command. For example, if you want to turn off Tasks access for all users on an individual Mailbox server, you could use

Get-Mailbox -Server serverName | Set-CASMailbox -OwaTasksEnabled:$false

where serverName is the actual server's name. However, if you want to turn off Tasks access for all users who connect to a particular Client Access server, you would instead use

Set-OWAVirtualDirectory -TasksEnabled:$false

The first example turns off Tasks access for the user no matter what Client Access server they connect to; the second turns off access only when users connect through the specified Client Access server. As long as you keep this distinction in mind, you can enable or disable features for users or on servers, as appropriate.

Second, remember that most settings dealing with remote document access or viewing are associated with the Client Access server. For example, if you want to prevent users from easily opening attachments when they log on from a public computer, you'd use

Set-OWAVirtualDirectory -DirectFileAccessOnPublicComputersEnabled:$false

However, the settings that control Exchange-mediated access to SharePoint sites and Universal Naming Convention (UNC) file shares can be applied either to the mailbox or the server, depending on how you need to control access.

Next week, it's time for my annual Exchange administrator gift guide! I've been reviewing some interesting gadgets that I think will make good gifts. (And hey, if you have any experience with the Slingbox line of placeshifting devices, please drop me a line!) In the meantime, don't forget about our contest for the worst Exchange design or administrative mistake you've ever seen (or committed!). Submit your stories via email to [email protected] by December 15, 2007.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.