Logo
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
PREGNANCY
 
 
Windows Server

Microsoft Exchange Server 2007 : Hub Transport Server Policy Compliance Features (part 4) - Message Classification , Rights Management and the Hub Transport Server

7/29/2014 9:17:35 PM

Message Classification

Message classification applies a designation that helps guide the intended usage of the information contained in the email. This differs from Rights Management Services (RMS), which enforces the restrictions. An example of a classification is the built in Attorney/Client Privileged (A/C) classification shown in Figure 1. On selecting the A/C Privileged classification, recipients would see the informational header advising them of the message class.

Figure 1. Message classification.

The classification is retained by the email until it leaves the organization. This applies even if the message is forwarded to a third party within the organization.

Although classification is informational by default, transport rules can be created that control and enforce the classification. For example, a transport rule could be created that would prevent a message with the A/C designation from being sent external to the company. 

Message classification requires Outlook 2007 or Exchange 2007 OWA. This feature needs to be enabled in Outlook 2007 by changing the Registry, generating a classifications definition file on the Exchange 2007 server, and finally copying the file to each client.

First, modify the Registry by adding a key and three values. The key and values to create are as follows:

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Policy]
"AdminClassificationPath"="c:\\Class\Classifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001

This needs to be done on each client.

Caution

Incorrectly editing the Registry can cause serious problems that might require you to reinstall your operating system. Problems resulting from editing the Registry incorrectly might not be able to be resolved. Before editing the Registry, back up any valuable data.


Next, create a directory c:\class\ on the Exchange server to receive the XML file with the classification definition. The following command generates the XML file referenced in the Registry value. This needs to be run in the Exchange Management Shell and the directory needs to be changed to c:\program files\microsoft\exchange server\scripts\ before running the command:

"ExACPrivileged"|Get-MessageClassification | ./Export-OutlookClassification.msh >
c:\Class\Classifications.xml


Finally, copy the resulting Classifications.XML file to each of the clients. After launching Outlook 2007, the classifications will be available.

Interestingly, the classifications come preenabled in Outlook Web Access without having to go through the gyrations needed for Outlook 2007.

The message classifications can be modified and extended using the Set-MessageClassification and the New-MessageClassification cmdlets in the Exchange Management Shell. There are no message classification options in the Exchange Management Console.

Rights Management and the Hub Transport Server

The Hub Transport server has an agent, the AD RMS Prelicensing agent, which facilitates the use of RMS in Exchange 2007. It essentially acquires an RMS license before delivering the email to the user’s desktop. This allows the user to open the email while disconnected or open messages sent across forest boundaries. It also provides access to rights-protected email through Outlook Anywhere or Outlook Web Access.

The agent is not enabled by default. The high-level steps to configure the AD RMS Prelicensing agent are as follows:

1.
Install the RMS Client with SP2 on the Hub Transport server.

2.
Register the Rightsmanagementwrapper.dll in the Exchange Management Shell.

3.
Enable the agent in the Exchange Management Shell using the command Enable-TransportAgent "AD RMS Prelicensing Agent".

4.
Restart the MSExchangeTransport service.

Proper authentication and access control configurations are required to enable the AD RMS Prelicensing agent running as a network service to access the precertified URL found in the Active Directory of the other forest.

In addition, it is a requirement that the RMS server clusters are upgraded to Microsoft Windows Rights Management Services (RMS) Service Pack 2 and the RMS Client on the Hub Transport server be upgraded to RMS Client with SP2 Beta – x64.

Prioritization of Agents

Each of the agents in the Hub Transport server has a different priority and trigger events, although the latter overlap in some respects. Understanding these helps determine the net effect of the agents’ activities in complex situations.

The hub transport agents’ priority and trigger events are listed in Table 3.

Table 3. Hub Transport Agents Priority and Triggers
Agent NamePrioritySMTP Trigger Events
Transport rule agent1OnRoutedMessage
Journaling agent2OnSubmittedMessage, OnRoutedMessage
AD RMS Prelicensing agent4OnRoutedMessage

For example, assume an organization was journaling and adding disclaimers to outbound messages. Based on the priority of the agents in the table, the messages should be journaled with the disclaimer text appended to them.

This is because the disclaimers are implemented by the transport rule agent, which has a higher priority than the journaling agent. Thus, the disclaimer rule is applied prior to the journaling rule. A quick inspection of the journal report and its attached message confirms this.

Note

Transport agents have full access to all emails that travel through the Hub Transport server, which can impact the security and stability of the message flow.

Other -----------------
- Microsoft Exchange Server 2007 : Implementing Client Access and Hub Transport Servers - Understanding the Hub Transport Server
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 5) - Live Co-Authoring,Document Information Panel
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 4) - SkyDrive and SkyDrive Pro
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 3) - SkyDrive and Office 365
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 2) - Opening and Saving to SharePoint
- Sharepoint 2013 : Office 2013 and an Overview of Integration (part 1) - The Backstage Area
- Windows Server 2012 : Simplifying the Datacenter (part 4) - Managing Windows 2012 with Performance and Reliability Monitoring Tools, Leveraging the Best Practice Analyzer
- Windows Server 2012 : Simplifying the Datacenter (part 3) - Improvements in Group Policy Management, IP Address Management
- Windows Server 2012 : Simplifying the Datacenter (part 2) - Active Directory Administrative Center
- Windows Server 2012 : Simplifying the Datacenter (part 1) - New Server Manager Tool
- Windows Server 2012 : Enabling Users to Work Anywhere (part 2) - RDS Web Access
- Windows Server 2012 : Enabling Users to Work Anywhere (part 1) - Windows Server 2012 DirectAccess
- Windows Server 2012 : Enhancements for Flexible Identity and Security (part 2) - Active Directory Unification for Various Directory Services
- Windows Server 2012 : Enhancements for Flexible Identity and Security (part 1) - Dynamic Access Control
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 3) - Creating IPv4 DHCP Scopes
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 2) - Installing DHCP Server and Server Tools
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 1)
- Windows Server 2012 : DHCP,IPv6 and IPAM - Understanding the Components of an Enterprise Network
- Windows Server 2012 : Configuring IPv6/IPv4 interoperability (part 7) - ISATAP
- Windows Server 2012 : Configuring IPv6/IPv4 interoperability (part 6) - Configuring a DHCPv6 server, IPv6 transition technologies
 
 
Most view of day
- Windows Server 2012 Administration : Configuring Sites (part 2) - Creating a Site - Adding Domain Controllers to Sites
- Sharepoint 2013 : Health Monitoring and Disaster Recovery - SharePoint Farm Design
- Microsoft Exchange Server 2007 : Load Balancing in Exchange Server 2007
- Windows Phone 7 : The Silverlight Controls (part 9) - Layout Controls - ScrollViewer Controls
- Working in the Background : PROVIDING POWER MANAGEMENT (part 1) - Getting the Power Management State
- Using Voice and Sounds : Letting Your Computer Do the Talking, Creating a Sound File
- Managing Windows Licensing and Activation : Managing Volume License Activation (part 2) - Leveraging MAK activation, Comparing KMS and MAK activation
- Microsoft Excel 2010 : Inserting Blank Rows (part 1) - Separating Subtotaled Rows for Print
- Microsoft Dynamics AX 2009 : Integration with Microsoft Office - Reading Excel files
- Microsoft Dynamic CRM 4 : Data Migration (part 1) - Scribe Workbench - Source and Target Definitions, Source Configuration
Top 10
- Windows Phone 8 : Orientation and the PhoneApplicationPage Class - Setting Page Orientation at Runtime
- Windows Phone 8 : Orientation and the PhoneApplicationPage Class - PhoneApplicationPage Orientation Property
- Using the Windows 7 Libraries : USING THE EXPLORER BROWSER CONTROL (part 2)
- Using the Windows 7 Libraries : USING THE EXPLORER BROWSER CONTROL (part 1) - Adding the Explorer Browser to Your Toolbox , Configuring the Explorer Browser Example
- Using the Windows 7 Libraries : CONSIDERING USER-DEFINED COLLECTIONS
- Using the Windows 7 Libraries : USING NON-FILESYSTEM CONTAINERS
- Using the Windows 7 Libraries : WORKING WITH KNOWN FOLDERS
- Microsoft Exchange Server 2007 : Implementing Client Access and Hub Transport Servers - Installing the Hub Transport Server
- Microsoft Exchange Server 2007 : Implementing Client Access and Hub Transport Servers - Transport Pipeline
- Microsoft Exchange Server 2007 : Hub Transport Server Policy Compliance Features (part 4) - Message Classification , Rights Management and the Hub Transport Server
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro