Subscribe to our Newsletter. The latest news and articles delivered to your Inbox!
A Software Development Consultant with over 20 years of experience. Many of his projects involved Exchange integrated applications, including a FAX server, a mail security product and anti-spam products.
The Exchange 2010 OWA is exposing a new administrative interface. In the process OWA went through a name change and what we used to call "Options" became the Exchange Control Panel (ECP). Here is how OWA is venturing into the realm of user administration.
OWA does not stand for Outlook Web Access any longer! Starting from Exchange 2010 this acronym stands for Outlook Web App.
Who cares what the OWA acronym stands for? Certainly not me! What is more interesting is the new functionality this interface provides. Indeed OWA is now venturing in the realm of user administration, broadening its scope, and maybe justifying the name change.
As you can imagine OWA continues to be a five star email web client. What is completely new is the addition of the Exchange Control Panel (ECP). When discussing a user interface nothing beats screenshots. So let's logon to OWA using an Exchange Administrator account.
To login, we use the Exchange Control Panel URL:
This is the control panel the administrator gets:
The ECP functionality will change depending on the rights granted to the login user. This administrator is a member of the Exchange Organization Management Universal Security Group, one of the security groups created on installing Exchange 2010. If we login using a regular user account (User4) that was granted no additional rights we of course get less functionality:
The ECP interface for User4 is very similar to what we already had in the Exchange 2007 OWA Options section. The interface looks different, but here we still find all the options to configure things like Client side rules, Out-of-Office auto-replies, Anti-Spam settings etc.
While looking at User4's interface, take note of the central pane titled 'Account Information - user4'. Clicking on Edit the user is able to modify his account information and personal details.
This allows administrators to empower users for them to keep their personal information updated. Indeed one of the key advancements brought about by the ECP, is the ability to better manage users and their configuration.
Looking at User4 we could easily consider the ECP to be little more than a shortcut to the OWA options. Clicking on the 'My Email' link we go to the user mailbox. From here we could click back Options and return to the User4 ECP landing page. However this is only the case because User4 has very limited rights.
Let's go back to the Administrator's ECP landing page shown in the first screenshot. The 'Select what to manage' combo box at the top, is what opens the administrative reach beyond the currently logged on user. Here we have the choice between Myself, My Organization and Another User. Changing the selection to Myself, we get the interface that was presented to User4 when logging to the ECP.
From the combo box we first select 'Another User'. This pops a selection box from where we can identify the user to manage.
Here I selected User4 and we promptly got hold of his settings. So the administrator is now able to edit User4's options.
Note how at the top OWA reminds us that we are editing someone else's settings saying: 'Administrator is working on behalf of user4'
What is worth appreciating is that the Administrator account was not granted login rights over User4's mailbox. The Administrator is member of the Exchange Organization Management group that includes the right to manage user settings. This is part of the new Exchange 2010 Role Based Access Control (RBAC) that allows for more granular rights management. We will not discuss RBAC here although we will come across it again shortly.
Once finished with User4 we just close the Browser and go back to the Administrator's ECP landing page. Let's select 'My Organization' at the combo box now.
Here we have two categories Users & Groups and Reporting. At Users & Groups, the first three icons allow us to edit the settings of existing mailboxes, create/edit Distribution Groups and create/edit external Contacts. The ability to create new mailboxes was available in Exchange 2010 Beta but later dropped. Chances are that we will see this back maybe with some service pack. The idea here is to give you a general idea, not that of illustrating each and every setting. So we give a quick look at the Mailbox Details that are configurable here:
Note how this includes amongst others the selection of the Role assignment policy (which is part of RBAC) and the configuration of MailTips.
The remaining two icons at the Users & Groups category give access to more RBAC elements. From Administrator Roles we can configure the membership of Role Groups. Here is how this looks like for the Organization Management Role Group:
Finally under User Roles we can edit the Role Assignment Policies.
Let's now switch to the Reporting Category. Here we find the ability to perform Message Tracking searches.
As already said what the ECP presents depends on the Role assignment of the login account. If I log on an account having the Discovery Management role this is what the Reporting category presents:
This is the multi-mailbox search interface that allows a user to search messages across multiple mailboxes. The screenshot also shows how User1 at the 'Select what to manage' only has the options Myself and My Organization. In other words his Role does not allow him to manage other users.
The Exchange Control Panel is riding the OWA platform to deliver functionality necessary in the day-to-day administration of an Exchange organization. Providing a web based configuration interface is quite common in many products and Exchange has been lacking in this area. Thus this is certainly a very welcome first step. I am confident in the future Exchange will advance more in this direction.
Understanding Role Based Access Control