WinDeveloper IMF Tune

WinDeveloper IMF Tune
WinDeveloper IMF Tune
  • Home
  • General
  • Exchange 2010 OWA - Exchange Control Panel

Exchange 2010 OWA - Exchange Control Panel

Alexander Zammit

Alexander Zammit Photo

Alexander Zammit has been developing server applications for over 15 years. Most of his works involve Exchange integrated applications, including a FAX server, a mail security product and anti-spam products.

Cast your Vote
Poor Excellent

The Exchange 2010 OWA is exposing a new administrative interface. In the process OWA went through a name change and what we used to call "Options" became the Exchange Control Panel (ECP). Here is how OWA is venturing into the realm of user administration.

OWA does not stand for Outlook Web Access any longer! Starting from Exchange 2010 this acronym stands for Outlook Web App.

Who cares what the OWA acronym stands for? Certainly not me! What is more interesting is the new functionality this interface provides. Indeed OWA is now venturing in the realm of user administration, broadening its scope, and maybe justifying the name change.

Welcome to the Exchange Control Panel

As you can imagine OWA continues to be a five star email web client. What is completely new is the addition of the Exchange Control Panel (ECP). When discussing a user interface nothing beats screenshots. So let's logon to OWA using an Exchange Administrator account.

To login, we use the Exchange Control Panel URL:
https://<CAS Server>/ecp

This is the control panel the administrator gets:

Exchange Control Panel

The ECP functionality will change depending on the rights granted to the login user. This administrator is a member of the Exchange Organization Management Universal Security Group, one of the security groups created on installing Exchange 2010. If we login using a regular user account (User4) that was granted no additional rights we of course get less functionality:

Exchange Control Panel - Default User

The ECP interface for User4 is very similar to what we already had in the Exchange 2007 OWA Options section. The interface looks different, but here we still find all the options to configure things like Client side rules, Out-of-Office auto-replies, Anti-Spam settings etc.

While looking at User4's interface, take note of the central pane titled 'Account Information - user4'. Clicking on Edit the user is able to modify his account information and personal details.

Editing of User Information

This allows administrators to empower users for them to keep their personal information updated. Indeed one of the key advancements brought about by the ECP, is the ability to better manage users and their configuration.

Looking at User4 we could easily consider the ECP to be little more than a shortcut to the OWA options. Clicking on the 'My Email' link we go to the user mailbox. From here we could click back Options and return to the User4 ECP landing page. However this is only the case because User4 has very limited rights.

Let's go back to the Administrator's ECP landing page shown in the first screenshot. The 'Select what to manage' combo box at the top, is what opens the administrative reach beyond the currently logged on user. Here we have the choice between Myself, My Organization and Another User. Changing the selection to Myself, we get the interface that was presented to User4 when logging to the ECP.

From the combo box we first select 'Another User'. This pops a selection box from where we can identify the user to manage.

Manage Another User

Here I selected User4 and we promptly got hold of his settings. So the administrator is now able to edit User4's options.

Manage Another User

Note how at the top OWA reminds us that we are editing someone else's settings saying: 'Administrator is working on behalf of user4'

What is worth appreciating is that the Administrator account was not granted login rights over User4's mailbox. The Administrator is member of the Exchange Organization Management group that includes the right to manage user settings. This is part of the new Exchange 2010 Role Based Access Control (RBAC) that allows for more granular rights management. We will not discuss RBAC here although we will come across it again shortly.

Once finished with User4 we just close the Browser and go back to the Administrator's ECP landing page. Let's select 'My Organization' at the combo box now.

Users & Groups

Here we have two categories Users & Groups and Reporting. At Users & Groups, the first three icons allow us to edit the settings of existing mailboxes, create/edit Distribution Groups and create/edit external Contacts. The ability to create new mailboxes was available in Exchange 2010 Beta but later dropped. Chances are that we will see this back maybe with some service pack. The idea here is to give you a general idea, not that of illustrating each and every setting. So we give a quick look at the Mailbox Details that are configurable here:

ECP - Mailbox Details

Note how this includes amongst others the selection of the Role assignment policy (which is part of RBAC) and the configuration of MailTips.

The remaining two icons at the Users & Groups category give access to more RBAC elements. From Administrator Roles we can configure the membership of Role Groups. Here is how this looks like for the Organization Management Role Group:

ECP - Role Group

Organization Management Role Group

Finally under User Roles we can edit the Role Assignment Policies.

Let's now switch to the Reporting Category. Here we find the ability to perform Message Tracking searches.

Message Tracking

As already said what the ECP presents depends on the Role assignment of the login account. If I log on an account having the Discovery Management role this is what the Reporting category presents:

Multi-Mailbox Search

This is the multi-mailbox search interface that allows a user to search messages across multiple mailboxes. The screenshot also shows how User1 at the 'Select what to manage' only has the options Myself and My Organization. In other words his Role does not allow him to manage other users.

Final Tips

The Exchange Control Panel is riding the OWA platform to deliver functionality necessary in the day-to-day administration of an Exchange organization. Providing a web based configuration interface is quite common in many products and Exchange has been lacking in this area. Thus this is certainly a very welcome first step. I am confident in the future Exchange will advance more in this direction.

References

Understanding Role Based Access Control

User Comments - Page 1 of 1

Add New Comment...

Klaus 14 Jun 2012 09:11
Question: OWA can be disabled for individual users/mailboxes (by Powershell or EMC).

It seems if that happens, the ECP admin features are cut off. I.E. there is no way anymore for the Exadmin, via ECP enabling/disabling the out of office reply for another user.

Is there a way to revert the OOO feature without enabling OWA?
Johnathan 31 Aug 2011 14:10
Can I change what the standard user is able to make changes to in Active Directory. Currently they can make changes to contact location and contact numbers but they can not make changes to other attributes (like company). Is there a way to allow them more attributes to change in ECP?
Matte 26 Jan 2010 01:26
I tried to create a new contact in ECP, I could´nt specify where the contact would be in the Active directory? Or can u only administrate existing contacts?



Regards!
Copyright © 2005 - 2014 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation