OWA Attachment blocking
There are 2 levels of file attachments for Outlook Web Access.
Level1 attachments have file extensions that are prohibited to access, download or attach.
This applies to back-end servers and standalone servers.
Level2 attachments have file extensions that can be accessed, but only if saved to the client's file system first.
This applies to back-end servers and standalone servers.
OWA is installed with a default set of file extensions for the two levels as shown in the following registry keys:
Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: Level1FileTypes
Type: REG_SZ
Value Data: ade,adp,app,asx,bas,bat,chm,cmd,com,cpl,crt,csh,exe,fxp,hlp,hta,inf,ins,isp,js,jse,
ksh,lnk,mda,mdb,mde,mdt,mdw,mdz,msc,msi,msp,mst,ops,pcd,pif,prf,prg,reg,scf,
scr,sct,shb,shs,url,vb,vbe,vbs,wsc,wsf,wsh
Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: Level2FileTypes
Type: REG_SZ
Value Data: ade,adp,asx,bas,bat,chm,cmd,com,cpl,crt,exe,hlp,hta,htm,html,htc,inf,ins,isp,js,jse
,lnk,mda,mdb,mde,mdz,mht,mhtml,msc,msi,msp,mst,pcd,pif,prf,reg,scf,scr,sct,
shb,shs,shtm,shtml,stm,url,vb,vbe,vbs,wsc,wsf,wsh,xml,dir,dcr,plg,spl,swf
Attachments listed should be separated by a comma with no space.
There are a couple of other registry keys for OWA.
One of them is DisableAttachments. It allows administrators to prevent users from accessing or adding attachments as a whole.
Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: DisableAttachments
Type: REG_DWORD
Value Data: 0,1 or 2
Enter the value 0 if you want to allow all attachments.
Enter the value 1 if you want to disallow all attachments.
Enter the value 2 if you want to allow attachments from only back-end servers.