Microsoft KB Archive/820850

= Various issues with attachments, log on and public folders when using Outlook Web Access on a Windows Server 2003-based computer =

Article ID: 820850

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Exchange Server 2003 Standard Edition
 * Microsoft Exchange Server 2003 Enterprise Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-



SYMPTOMS
When you try to use Outlook Web Access (OWA), you may experience one or more of the following symptoms:

  You cannot download attachments from signed or encrypted messages, and you may receive the following error message: You are attempting to download a file from a site that is not part of your Trusted Sites and that may be different from the Web site you are viewing.

If you trust this Web site, you can lower security settings for the site by adding it to the Trusted Sites zone. If you know this Web site is on your local intranet, review help for instructions on adding the site to the local intranet zone instead.

Important: adding this Web site to the Trusted sites zone will lower the security settings for all content from this Web site for all applications, including Internet Explorer.  You cannot connect to OWA from a Microsoft Windows Server 2003-based computer. You can log on to OWA, but you are prompted to authenticate when you try to open a public folder. You may have restricted permissions to some or all areas of some Web sites, and you may only be able to download files from Web sites that have been added to your Trusted Sites zone.



CAUSE
These issues occur because the Microsoft Internet Explorer Enhanced Security Configuration is enabled in Windows Server 2003.

The Internet Explorer Enhanced Security Configuration offers a set of higher-level security settings than the standard version of Internet Explorer 6. If you are using Internet Explorer 6 on Windows Server 2003, you may not be able to connect to some Web sites, including to an Exchange 2003 computer, unless you first add the site to the Trusted Sites zone in Internet Explorer 6.

The Internet Explorer Enhanced Security Configuration also denies the local download of files. This default security setting helps prevent the introduction of malicious code on the Windows Server 2003 computer that can compromise the Exchange Server 2003 computer.

Note By default, the Internet Explorer Enhanced Security Configuration is enabled on Windows Server 2003.



WORKAROUND
To work around this issue, use one of the following methods:
 * Reduce the security settings for your Internet Zone to permit file download.
 * Add the Exchange Server 2003 computer that hosts OWA to the list of trusted sites in Internet Explorer 6.
 * Remove the Internet Explorer Enhanced Security Configuration.



MORE INFORMATION
For more information about security zones in Internet Explorer 6, click the following article number to view the article in the Microsoft Knowledge Base:

174360 How to Use Security Zones in Internet Explorer

For more information about how to configure Internet Explorer 6 on Windows Server 2003, see the &quot;Windows Server 2003 Internet Explorer Enhanced Security Configuration Requires Users to Authenticate and Add Site to Zone&quot; topic in the Microsoft Exchange Server 2003 Release Notes (ReleaseNotes.htm) on the Exchange Server 2003 CD.

For the most current information, visit the following Microsoft Exchange Server 2003 Technical Library Web site:

http://technet.microsoft.com/en-us/exchange/default.aspx

Additional query words: XCCC IE hardening pack hardened ESC

Keywords: kbbug kbnofix kbuser kbinterop kbsecurity kbprb KB820850

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.