A new feature within Exchange 2007 is message classification. With this you can assign a classification to an e-mail and for example create a transport rule which blocks e-mails of certain classifications.
This functionality can only be used in combination with Outlook 2007 client and Outlook Web Access. Default Exchange 2007 contains 5 message classifications:
- A/C Privileged
- Attachment Removed
- Company Confidential
- Company Internal
- Partner Mail
You can get the current message classifications by executing the following Powershell command:
Get-MessageClassifications
This will give the following result:
You can make new message classifications with the following command new-messageclassification and a few parameters.
New-MessageClassification -name Marketing -DisplayName "Marketing Confidential" -SenderDescription "This classification must be used by the marketing department"
In the example above we will create a new message classification named Marketing. After that we assign the name that will be displayed in the client as Marketing Confidential and with the last parameter senderdescription we can give a short description of the classification which will be displayed to the user when selected.
This classification will be used for all languages including Dutch. You can type the senderdescription in Dutch, but you can also add multiple languages. The client will then decide which language it needs, looks if it is available and if it it will display the correct language.
New-MessageClassification -Identity Marketing -Locale nl-NL -DisplayName "Marketing NL" -SenderDescription "Deze classificatie mag alleen gebruikt worden door de marketing afdeling"
With the parameters above we will create a Dutch message classification for the earlier created message classification Marketing. That this one is only for dutch is because we specified the parameter -Locale followed by the language. With the parameter identity we select the original message classification Marketing. De other parameters displayname and senderdescription have both the same function as when creating a new message classification.
Default all users can use a message classification, you can prevent this:
Get-MessageClassification Marketing -IncludeLocales |Remove-AdPermission -User AU -AccessRights GenericRead -InheritanceType None
With the command above we remove the right the authenticated users have on the Marketing message classification.
Get-MessageClassification Marketing -IncludeLocales | Add-AdPermission -User "domainname\Marketing" -AccessRights GenericRead -InheritanceType None
Next step will be to assign read rights to the members of the group Marketing to the Marketing message classification.
There are a few thinks you should keep in mind when you are gone use message classifications. In OWA it will work but in Outlook 2007 you can’t totally prevent users from using a message classification. This is because users can modify the file Classifications.xml which will allow them to add the message classification to their client.
But it is a way to make it more difficult for a user to use it.
In the previous part we spoke about message classification in Outlook 2007. In OWA you don’t have to configure anything for message classification but for Outlook 2007 you need.
Configuring Outlook 2007 takes two steps:
- create registry keys
- create classifications.xml
Before you using the classifications.xml you need to create the registrykeys as displayed below:
"AdminClassificactionPath"="c:\\Program Files\\Office\\Classifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001
All the parameters are logical, except the last one. The parameter TrustClassifications only needs the value 00000001 when the mailbox of a user is placed on an Exchange 2007 server.
The last step is creating the classifications.xml file. This step needs to be performed on the Exchange 2007 server. Microsoft has developed a standard script for it and placed it in the script directory of Exchange 2007, it called Export-OutlookClassification.ps1
./Export-OutlookClassifications.ps1 c:\export\classifications.xml
Make sure the folder to which you want to export exists, else you will get an error message The command above will create a xml file called classifications.xml in the export directory.
You can also choose to only export the Dutch language message classifications:
./Export-OutlookClassifications.ps1 -Locale “nl” >Classifications.xml
As you can see only nl is used instead of nl-NL both are the same, for a full overview have a look at this page.
Message classifications can be used in transport rules. You could do a check if a message is marked with a specific message classification and block the e-mail.
Besides that option you can also let a transport rule assign a classification to a mail according to the conditions you specify.
Comments
