Can I prevent users from opening attachments in Outlook Web Access (OWA) 2000 and OWA 5.5?
Many sites that offer OWA access to users want to prevent those users from accidentally leaving copies of sensitive messages or attachments on public computers. Remember that the user has to take some action to get the attachment onto the computer in the first place. The user can open a document attachment from OWA by using any of the following methods:
- The user can right-click the link and select Save Target As to save a local copy. OWA 2000 or OWA 5.5 doesn't control this process, so no way exists to prevent users from using this method.
- The user can click the attachment link and select Save, in which case the user can save the document to the local disk. Again, OWA 2000 or OWA 5.5 can't prevent users from using this method.
- The user can click the attachment link and select Open. In this case, OWA 2000 will send an expiration header with the attachment, indicating that the attachment expired the previous day. This process tricks the browser into deleting the document as soon as the user closes it.
As a partial workaround, you can set up a Web proxy such as Microsoft Internet Security and Acceleration (ISA) Server 2000 to block access to attachments with certain names. However, the best way to attack this problem is to teach users not to save files to the local disk on a public computer. Unfortunately, users don't always remember to follow security rules, and they might not know that a particular message is sensitive until after they've opened it.
