The Setting Permissions
Opening Multiple Mailboxes
Access via HTTP
Outlook is just about the most common way to read your email in the office these days, even some Apple Macintosh users are integrated into their email server via Microsoft Outlook these days. Outlook can be a very useful tool for office worker collaboration and can seriously decrease time wasted trying to work out what co-workers are doing or find where they are. This is because, when integrated with a collaborative email database like Domino, Notes or Exchange, certain elements of user mailboxes and other data can be shared. This has become a more and more useful tool as office practices have become increasingly integrated into the way in which we all use our email services. Personal Assistants now keep and update electronic diaries for co-workers all over the planet which then get synchronized with laptops, palmtops or even wrist-watches and subsequently make sure that we are on time to our meetings and appointments as sure as if we had a little PA in our pocket. Of course all of this relies on correct information being entered but this has always been the case. It does show email to now be just as mission critical as any other database in the office environment today.
Outlook 2003 now incorporates shortcuts advising users of the ease and importance of sharing certain data and allowing certain users or groups to be able to make changes. In the picture below:
....we can see to the left that Outlook is prompting action to either share you own or open another users calendar. A typical configuration regarding calendars is to set the default permissions to reviewer and to alot a PA or especially close co-worker permissions to add or even change appointments so as to allow updates to occur when connecting to the office from home or via Blackberry™ or Windows Mobile™ to be effective immediately so that audio or similar signals can prompt the individual that a change has been made in good time to alter his or her plans. Even when a calendar is shared across the whole office certain permissions still allow for private appointments to show up simply as coloured sections denoting whether in or out of the office or busy etc just as chosen in the free/busy settings. This is set by filling a tick box in the appointment dialogue box when it is created. Some workers assign their PAs rights to open, read, reply and delete mail so that actions can be made over the phone from the office at any time which is a way of working perhaps more suitable to a less computer-happy generation of worker but one that nevertheless works well.
Setting the permissions on a folder with Outlook 2003 is as simple as clicking on the shortcut 'Share My Calendar' pictured in the Outlook 2003 screenshot above and on earlier versions is evoked by right-clicking a folder and selecting properties from the options menu. The Dialogue Box is as
....and there are several pre-designed default levels of access or the option of choosing your own from the customizable choices with the tick boxes provided.
Each folder in a mailbox has the same options as in the Dialogue Box above and so can be configured in the same way.
Outlook can also open several mailboxes at once for PAs or the like who manage more than one other office members' mailbox. Although you can use the shortcut 'Open a Shared Calendar' shortcut in Outlook 2003 or access from the File menu => Open Other Users Folder in previous versions you can also have Outlook open several mailboxes as the default by changing the settings in email accounts under the options drop-down menu. If you then pick the option to view or change existing accounts and then click the change button for your exchange or other email server, under the more settings button, if you pick the advanced tab at the top you will get to:
...from here you can add secondary mailboxes as long as you have given sufficient permissions at the server for the mailboxes to be opened. The user can send on behalf of these people if you allow them to by adding their name in the 'send on behalf of' tab of their user properties in Active Directory Users and Computers, but the recipient will know that the mail was sent on behalf of the mailbox owner and not by the owner of the mailbox themselves. Beware of this - experiment to make sure you are getting the expected results.
Public Folders are another useful feature available when using Outlook with the Microsoft Exchange Server system and they are folders which are available to any user which is assigned permission by default as they appear at the bottom of the folder list and also in the Exchange Server web folder [servername]/public by default. Public folders can hold any type of default form and so can deal with Tasks, Appointments, Contacts, Mail Items etc. and can be very useful for company wide message data storage and forums.
Access via the Web is more and more common in different ways. Outlook 2003 supports RPC over HTTP which mean it can call the procedures necessary for using Exchange Server over port 80 and so synchronize itself by just having access to the server across the internet without having to open all of the Exchange Server ports. This is a fairly simple process to implement and you can find details of configurations at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspxIf you are using Exchange 2003 with ISA 2000 or 2004 there are scenarios here as well and the examples include video and other instruction on how to configure an HTTPS connection from any where in the world. This is a great option for workers on the move and from my experience it seems to work very well.
Another way of remotely connecting to Exchange Server is simply to browse to the FQDN or Fully Qualified Domain Name of your servers url and look up the Outlook Web Access or OWA which is looking more and more like Outlook with each incarnation. OMA or Outlook Mobile Access from Blackberry or Windows Mobiles is also getting more common as the version of Outlook they provide improves and allows out of your pocket access which is becoming more and more important in order to stay ahead and Microsoft have recently made partners of Trio for a great new phone available on high speed networks across the US, International releases expected soon at time of going to press.
When you try to connect to your Microsoft Exchange Server 2003 computer by using the Exchange RPC over HTTP feature of Microsoft Office Outlook 2003, you are prompted to provide your user account credentials even if you are logged on by using the Windows account that is mapped to your Exchange account.
This issue occurs if either of the following is true:
You are using Basic authentication to the proxy server for Exchange.You are using NTLM authentication to the proxy server for Exchange, but Windows does not automatically send the NTLM challenge/response data. Windows does not do this because the older LANMAN challenge/response password is included in the authentication data.
Basic authenticationIf you want to use Basic authentication, you must continue to type your user account credentials. There is no way for the client to submit your user name and password automatically. If you want to log on automatically, you must configure your Outlook profile to use NLTM authentication to your proxy server for Exchange.
Before you switch to using NTLM authentication, you must verify with your administrator that NTLM authentication is permitted or even possible in your environment. Many firewalls and proxy servers will prevent successful NLTM authentication, whereas Basic authentication will work successfully. See the More Information section for additional details.
Note The authentication mechanism that you configure in Outlook is used only for the HTTP session to your proxy server for Exchange. The actual authentication between Outlook and your Exchange server always uses NTLM. See the More Information section for additional details.
To change the authentication mechanism on the Outlook client to NTLM, follow these steps:
NTLM authenticationIf your account is configured to use NTLM authentication and you are still prompted for your user name and password when you are logged on as the Windows account that has access to your Exchange mailbox, you must set the LmCompatibilityLevel on your client to a value of 2 or 3. To do this, follow these steps.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
The authentication mechanism that is configured in your Outlook profile is used only for the HTTP session to the proxy server for Exchange. The actual authentication mechanism between Outlook and the Exchange server, when accessed by using remote procedure call (RPC) over HTTP, always uses NTLM. We strongly recommend that you use Secure Sockets Layer (SSL) encryption for the HTTP session to the proxy server for Exchange. This is especially true when you are using Basic authentication. If you use SSL encryption, this prevents your user name and password from being sent in clear text. Outlook will not let you use Basic authentication when connecting to your proxy server for Exchange without using SSL encryption.
You must sometimes use Basic authentication because NTLM authentication will fail if the proxy server for Exchange does not trust the authentication information. This issue can be caused by firewalls that examine the HTTP traffic and modify it in some way. For example, a firewall may end the session from the Internet and establish a new session to the proxy server for Exchange instead of passing the HTTPS (SSL) session straight through without modification. This process is sometimes known as reverse proxying or Web publishing. Certain firewalls such as Microsoft Internet Security and Acceleration (ISA) Server 2004 can successfully reverse proxy or Web publish the session and still permit NTLM authentication to succeed. Basic authentication is not affected by this process and will work regardless of firewalls. However, if you use Basic authentication, this means that you must type your user name and password every time that you start an Outlook session.
LmCompatibilityLevel settingsThe LmCompatibilityLevel registry entry can be configured with the following values:
LmCompatibilityLevel value of 0: Send LAN Manager (LM) response and NTLM response; never use NTLM version 2 (NTLMv2) session security. Clients use LM and NTLM authentication, and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.LmCompatibilityLevel value of 1: Use NTLMv2 session security, if negotiated. Clients use LM and NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
LmCompatibilityLevel value of 2: Send NTLM response only. Clients use only NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.LmCompatibilityLevel value of 3: Send NTLMv2 response only. Clients use NTLMv2 authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
LmCompatibilityLevel value of 4: (Server Only) - Domain controllers refuse LM responses. Clients use NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers refuse LM authentication, and accept NTLM and NTLMv2 authentication.LmCompatibilityLevel value of 5: (Server Only) - Domain controllers refuse LM and NTLM responses, and accept only NTLMv2 responses. Clients use NTLMv2 authentication, use NTLMv2 session security if the server supports it; domain controllers refuse NTLM and LM authentication, and accept only NTLMv2 authentication.
Questions or problems regarding this
Computer Help Forum
be directed to