Log in

View Full Version : Block Attachment Downloads In Exchange 2003 To Mobile Devices


Jon Westfall
09-13-2006, 01:00 PM
<div class='os_post_top_link'><a href='http://blogs.msdn.com/jasonlan/archive/2006/09/07/744780.aspx' target='_blank'>http://blogs.msdn.com/jasonlan/arch.../07/744780.aspx</a><br /><br /></div><i>"I've had a couple of customers recently asking if there is a way to block attachments from being sent to mobile devices. They are nervous that people could then download the attachment to a storage card and then distribute it or lose the storage card and the information be compromised. They are not so concerned about email as it cannot be moved to external storage and the device memory is protected by the PIN code on the device. On of my colleagues in Oz Ben Wolfe came up with a way of blocking attachments (which I have to caveat by the fact it is unsupported by Microsoft) however he has found to work successfully. Blocking a device from being able to download attachments via ActiveSync regardless of what is set on the device is as easy as blocking the specific ActiveSync WebDav verb "X-MS-ENUMATTS". The easiest way to do this is to use URLSCAN using the steps provided below. "</i><br /><br />For those paranoid system administrators out there (or those forced to be paranoid by regulations), here's a quick way to make sure sensitive attachments don't end up on theft-prone mobile devices. The beauty is that the user is unaware of the blocking! Of course that may be a problem if they don't know attachments are blocked, in the form of many "You forgot to attach it" replies to senders!

The One Eyed Man
09-14-2006, 11:51 PM
Very useful. Thank you!

It is of note (not recommended) that you could use URLSCAN to block certain types of files as well, such as ".exe" by creating the appropriate URLSCAN entry.

What this may cause, however, is blocking of messages themselves which contain EXE attachment types..... I have not tested this, so I'm not sure.

Also keep in mind that anything URLSCAN is doing with ActiveSync will more than likely affect Outlook Web Access as well.