Article ID: 328240 - View products that this article applies to.
This article was previously published under Q328240
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/256986/ )Description of the Microsoft Windows Registry
In Microsoft Exchange 2000 Server Service Pack 1 (SP1) and later, you can now put a server-side restriction on the clients used to access Exchange mailboxes. This restriction can be useful if you want to restrict older MAPI clients, or restrict users from using any MAPI client to log on to the server.
Put server-side restrictions on clientsTo restrict access, create the following registry string value on the server running Exchange 2000 Server.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. For information about restoring the registry, see the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.
Client error messageIf a restricted client tries to log on to the server that is running Exchange 2000 Server, the user receives the following error message:
Cannot start Microsoft Outlook. The attempt to log on to the Microsoft Exchange Server computer has failed.
Client version stringThe client itself dictates the client's version string. This string is similar to the version number reported in the About dialog box for the client. However, do not rely on this version number. Instead, use Exchange System Manager to view the Client Version property on the Mailbox Store Logons page.
Important The string reported in Exchange System Manager has an additional value -- for example, W.X.Y.Z. When you configure your server-side registry string value, use a string that is based on the values found in the W, Y, and Z positions. Do not include the value found in the X position. For example, if the version shown in Exchange System Manager is 10.0.0.1234 and you want to specifically stop these users, implement the registry string value with a data value of 10.0.1234.
Version string conventionsFor MAPI clients up to and including Microsoft Outlook 2000, the version string uses the following convention:
Major build number.Build number.Dot releaseFor Microsoft Outlook 2002, the version string uses the following convention:
Major build number.Minor build Number.Build numberHotfixes and service releases may affect the client version string. Be careful when you restrict client access, because server-side Exchange components also have to use MAPI to log on. Some components report their client version as the component name, such as SMTP or OLEDB, although others report the Exchange build number, such as 6.0.4712.0. For this reason, avoid restricting clients that have version numbers that start with 6.x.x.
For example, to prevent MAPI access completely, instead of specifying the following restriction
0.0.0-65535.65535.65535specify two ranges, so that the server components can log on, as follows:
For more information about how to disable MAPI clients, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/288894/ )How to disable MAPI client access to a computer that is running Exchange Server