Can attachment access be managed using the Exchange and ISA Forms Based Authentication (FBA) Public and Private Computer options?

Microsoft ISA 2006 and Exchange Server 2007 provide a login form that lets users decide if they are on a Public (insecure) or Private (more secure) computer. Currently, the blocked attachment list can only be controlled for OWA 2007 using Microsoft Exchange 2007. This is because according to Microsoft, blocking attachment access using ISA 2006 with Exchange 2007 is not supported and needs to be configured on the Exchange 2007 server (Publishing Exchange Server 2007 with ISA Server 2006, Microsoft).

Configuring attachment access using the Exchange Management Console (EMC) is done on the Properties page of the /owa virtual directory on the Client Access Server (CAS). To get to the OWA folder,

  1. Open the EMC and expand Server Configuration\Client Access Sever.
  2. Select the server name from results pane.
  3. In the work pane, select the OWA folder and access the Properties.
  4. There are two tabs where attachment access is configured: Public Computer File Access and Private Computer File Access.


Although it appears that different file access settings can be set for Public and Private computers, setting one will overwrite the other (How to Manage Public and Private Computer File Access, Microsoft). As a result, administrators must decide on the most secure and practical attachment access configuration of both Public and Private connections.

The configuration options that are available include the ability to enable Direct File Access to create custom Block, Allow and Force Save file extension lists and enable WebReady Document Viewing. Web Ready Document Viewing is Microsoft's new feature which enables users to safely view attachments as HTML pages that are not left behind on the client machine.

Attachment Access ISA

The most secure configuration is to disable Direct File access and to enable Force WebReady Document Viewing. Although this will limit attachment access to four file types (Microsoft PowerPoint, Word, Excel and Adobe PDF) users can not unknowingly leave behind attachments in the computer's Temporary Internet Files.


Use Ctrl+Shift+R to "Reply all" to the selected message.


Will tablet and Smart phone use be a big part of your OWA 2013 deployment?