2.1. Modifying and Creating Message Classifications
To create new classifications or customize the properties of existing classifications, you must use the New-MessageClassification, Get-MessageClassification, and Set-MessageClassification cmdlets in the Exchange Management Shell.
Get-MessageClassification
This cmdlet shows you the existing message classifications in your organization:
Get-MessageClassification
Set-MessageClassification
This cmdlet modifies the properties of an existing classification. The following example takes an existing classification named NewMC, sets its precedence to High, and sets the RetainClassificationEnabled property so that the classification will be retained across forwards and replies:
Set-MessageClassification -Identity NewMC -DisplayPrecedence High
-RetainClassificationEnabled $True
New-MessageClassification
This cmdlet creates a new message classification
in your organization, configuring it on your Exchange 2010 servers and
registering it in the Active Directory:
New-MessageClassification -Name "RandDInternal" -DisplayName "R+D
Internal Only"
-RecipientDescription "This message may contain confidential and/or
proprietary information. If you have received this message in error, please
delete it." -SenderDescription "This message may contain confidential
Ithicos Solutions confidential R and D information. Do not forward to
external parties without department lead approval."
2.2. Deploying Message Classifications
When you create or modify classifications, they are
automatically visible to OWA users. In what is a particularly painful
oversight, the same is not true for Outlook 2007 users. If you want
your Outlook 2007 users to benefit from message classifications, you
have two tasks to complete:
Export the message classifications from Exchange 2010 to an XML file.
Configure Outlook 2007 to use the XML file that contains the classification information.
These steps must be performed every time you add new
classifications or modify display properties of existing
classifications. Just to make it even more annoying, these tasks are
completely manual.
The following sections cover these steps in greater detail.
2.2.1. Exporting Classifications from Exchange
If you're looking for an EMS cmdlet to export all
your classifications, stop. You have to use EMS, but no built-in cmdlet
exists to perform this task. Here's how to do it:
Navigate
to the Scripts subdirectory of the folder that you installed Exchange
Server 2010 to (by default, this folder is located at C:\Program Files\Microsoft\Exchange Server\V14\Scripts).
Microsoft has provided several useful and complex EMS scripts in this folder; the one you want is named Export-OutlookClassification.ps1. Though you can use the Export-OutlookClassification.ps1
script to export a single classification, you will probably want to
export all classifications and configure Outlook to use them.
To export all of the classifications to a file called c:\Classifications.XML, type the following command:
& 'C:\Program Files\Microsoft\Exchange Server\Scripts\Export-
OutlookClassification.ps1' > c:\Classifications.xml
2.2.2. Out-of-Sync Classifications
If the XML file that Outlook uses is out of sync
with the actual classifications specified on the Exchange server,
Outlook will not display the classifications that are missing from the
file. It will, however, retain them if they can be retained, and they
will still be on the messages (and can be viewed in OWA). Once the file
is updated, they will become visible to the user.
2.2.3. Importing Classifications in Outlook
This task has two parts: creating the necessary
Registry entries and copying over the XML file you just created in the
previous step. Once you've created the Registry settings on a given
client, you don't need to keep setting them when you update the
classifications XML file.
Copying the XML file over is simple; you can do it
manually, via a batch script, or through your existing desktop
management solution. If you are going to change the classifications on
a regular basis, you might want to configure some sort of automated
deployment system to minimize the need for manual involvement. For
example, you might consider the use of a logon script to ensure that
the latest copy of the classifications XML file is pushed out to your
clients. If you've deployed Microsoft Systems Management Server (or
some third-party equivalent) in your environment, you can also use that
mechanism.
Outlook reads the file in when it starts, so if the
file is updated while Outlook is open, it will not use the updated
information until it is next restarted.
The following Registry key and values must be
created on all Outlook 2007 computers whose users have mailboxes on
Exchange Server 2010 servers and who are going to be sending message
classifications. Until these Registry entries are created,
classifications will not be displayed in Outlook, even though they
exist on messages.
For Outlook 2007, In the HKCU\Software\Microsoft\Office\12.0\Common key, first create a new key named Policy. Within this new key, create the following values:
"AdminClassificationPath"="C:\\ Path\\To\\Filename.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001
You should set the values of these keys accordingly:
AdminClassificationPath
Specifies the full path and filename of the XML
file you copied from the export process. Though this path can be on a
network share, it might cause problems for laptop users or other users
who lose network connectivity. The file is small, so there's no harm in
copying it to the local hard drive.
EnableClassifications
Allows you to toggle whether message
classifications are read and honored in Outlook 2007 on a per-user
basis. The value 1 enables classifications, and the value 0 disables
them.
TrustClassifications
Allows you to toggle whether Outlook actually
trusts classifications on messages that are sent to users on legacy
Exchange Mailbox servers. The value 1 enables trust; 0 disables it.
Microsoft recommends that you enable this value only for mailboxes on
Exchange 2010 servers.
Keep in mind that there are other options
as well. The Office 2007 Customization Tool allows you to specify
additional Registry keys that will be installed when Office is
installed on a machine. If you want to ensure that message
classification support is universally deployed and supported in your
organization, you might want to include these Registry settings in your
configuration when creating your installation scripts.