Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Microsoft Exchange Server 2007 : Hub Transport Server Policy Compliance Features (part 4) - Message Classification , Rights Management and the Hub Transport Server

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
7/29/2014 9:17:35 PM

Message Classification

Message classification applies a designation that helps guide the intended usage of the information contained in the email. This differs from Rights Management Services (RMS), which enforces the restrictions. An example of a classification is the built in Attorney/Client Privileged (A/C) classification shown in Figure 1. On selecting the A/C Privileged classification, recipients would see the informational header advising them of the message class.

Figure 1. Message classification.

The classification is retained by the email until it leaves the organization. This applies even if the message is forwarded to a third party within the organization.

Although classification is informational by default, transport rules can be created that control and enforce the classification. For example, a transport rule could be created that would prevent a message with the A/C designation from being sent external to the company. 

Message classification requires Outlook 2007 or Exchange 2007 OWA. This feature needs to be enabled in Outlook 2007 by changing the Registry, generating a classifications definition file on the Exchange 2007 server, and finally copying the file to each client.

First, modify the Registry by adding a key and three values. The key and values to create are as follows:

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Policy]
"AdminClassificationPath"="c:\\Class\Classifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001

This needs to be done on each client.

Caution

Incorrectly editing the Registry can cause serious problems that might require you to reinstall your operating system. Problems resulting from editing the Registry incorrectly might not be able to be resolved. Before editing the Registry, back up any valuable data.


Next, create a directory c:\class\ on the Exchange server to receive the XML file with the classification definition. The following command generates the XML file referenced in the Registry value. This needs to be run in the Exchange Management Shell and the directory needs to be changed to c:\program files\microsoft\exchange server\scripts\ before running the command:

"ExACPrivileged"|Get-MessageClassification | ./Export-OutlookClassification.msh >
c:\Class\Classifications.xml


Finally, copy the resulting Classifications.XML file to each of the clients. After launching Outlook 2007, the classifications will be available.

Interestingly, the classifications come preenabled in Outlook Web Access without having to go through the gyrations needed for Outlook 2007.

The message classifications can be modified and extended using the Set-MessageClassification and the New-MessageClassification cmdlets in the Exchange Management Shell. There are no message classification options in the Exchange Management Console.

Rights Management and the Hub Transport Server

The Hub Transport server has an agent, the AD RMS Prelicensing agent, which facilitates the use of RMS in Exchange 2007. It essentially acquires an RMS license before delivering the email to the user’s desktop. This allows the user to open the email while disconnected or open messages sent across forest boundaries. It also provides access to rights-protected email through Outlook Anywhere or Outlook Web Access.

The agent is not enabled by default. The high-level steps to configure the AD RMS Prelicensing agent are as follows:

1.
Install the RMS Client with SP2 on the Hub Transport server.

2.
Register the Rightsmanagementwrapper.dll in the Exchange Management Shell.

3.
Enable the agent in the Exchange Management Shell using the command Enable-TransportAgent "AD RMS Prelicensing Agent".

4.
Restart the MSExchangeTransport service.

Proper authentication and access control configurations are required to enable the AD RMS Prelicensing agent running as a network service to access the precertified URL found in the Active Directory of the other forest.

In addition, it is a requirement that the RMS server clusters are upgraded to Microsoft Windows Rights Management Services (RMS) Service Pack 2 and the RMS Client on the Hub Transport server be upgraded to RMS Client with SP2 Beta – x64.

Prioritization of Agents

Each of the agents in the Hub Transport server has a different priority and trigger events, although the latter overlap in some respects. Understanding these helps determine the net effect of the agents’ activities in complex situations.

The hub transport agents’ priority and trigger events are listed in Table 3.

Table 3. Hub Transport Agents Priority and Triggers
Agent NamePrioritySMTP Trigger Events
Transport rule agent1OnRoutedMessage
Journaling agent2OnSubmittedMessage, OnRoutedMessage
AD RMS Prelicensing agent4OnRoutedMessage

For example, assume an organization was journaling and adding disclaimers to outbound messages. Based on the priority of the agents in the table, the messages should be journaled with the disclaimer text appended to them.

This is because the disclaimers are implemented by the transport rule agent, which has a higher priority than the journaling agent. Thus, the disclaimer rule is applied prior to the journaling rule. A quick inspection of the journal report and its attached message confirms this.

Note

Transport agents have full access to all emails that travel through the Hub Transport server, which can impact the security and stability of the message flow.

Other -----------------
- Microsoft Exchange Server 2007 : Implementing Client Access and Hub Transport Servers - Understanding the Hub Transport Server
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 5) - Live Co-Authoring,Document Information Panel
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 4) - SkyDrive and SkyDrive Pro
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 3) - SkyDrive and Office 365
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 2) - Opening and Saving to SharePoint
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 1) - The Backstage Area
- Windows Server 2012 : Simplifying the Datacenter (part 4) - Managing Windows 2012 with Performance and Reliability Monitoring Tools, Leveraging the Best Practice Analyzer
- Windows Server 2012 : Simplifying the Datacenter (part 3) - Improvements in Group Policy Management, IP Address Management
- Windows Server 2012 : Simplifying the Datacenter (part 2) - Active Directory Administrative Center
- Windows Server 2012 : Simplifying the Datacenter (part 1) - New Server Manager Tool
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server