Friday, August 15, 2014

How to allow certain types of file attachments (HTML/XML) through OWA (2010/2013)

GOAL: At times there may be sites that have business case to allow file attachments e.g. .HTML or .XML to be opened/accessed through OWA. Though these are be default not allowed to be opened due to security concerns but there may be sites where it is business requirement. 

STEPS:

From early days of Exchange 2003/2007 there were means available to allow such attachments through OWA. I am only adding here for very recent versions of the exchange only. Especially because they have Microsoft Exchange powrshell cmdlets which can do it very quickly. 

1. Open Microsoft Exchange Management Shell in case of Exchange 2010/2013 

2. Once shell is connected up and running use the following cmdlet to add extension to the AllowedFileTypes 

Set-OwaVirtualDirectory -identity "owa (default web site)" -AllowedFileTypes @{Add='.html'}

This would add .html to AllowedFileList for both "Plublic Computer File Access" and "Private Computer File Access".

In case you are working with an attachment time that is in the BlockedFileTypes or ForceSaveFileTypes list you need to remove those from there first.

After this change now will be up to the internet browser you are using.

For IE 8 it will work like a charm. Users will be able to OPEN and SAVE .HTML attachments as they they like.

With IE 9 and onward there is an issue, it would not allow HTML files to open and same is currently applicable to FireFox (on the time when I am writing it). Another issue is that if you click on SAVE button that will change any URLs within HTML with something like redir.aspx?........

Workaround for this issue is to add .HTML to ForceSaveFileTypes list and then use "Save Target As..." option within IE 9, 10 and 11.

Chrome appears to have no issue at this stage.

To me it appears this is combination of filtering within exchange and the way headers are passed on to browsers. IE 8 and Chrome can handle it but IE 9, 10, 11 and FireFox is having issue.





No comments: