In Microsoft Exchange 2000 Server Service Pack 1 (SP1) and later, you can now put a server-side restriction on the clients used to access Exchange mailboxes. This restriction can be useful if you want to restrict older MAPI clients, or restrict users from using any
MAPI client to log on to the server.
Put server-side restrictions on clients
To restrict access, create the following registry string value on the server running Exchange 2000 Server. Warning
If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. For information about restoring the registry, see the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.
- Location: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ MSExchangeIS\ParametersSystem
- Name: Disable MAPI Clients
- Type: REG_SZ
- Value: Enter a comma-separated or semicolon-separated list of MAPI client versions -- for example:
9.0.0-9.9.9; 12.0.0-12.1.5; 1.1.1-2.2.2
There are four possible ranges to describe the MAPI client version in the registry string value:
- 6.0.0-7.0.0: Prevents versions 6.0.0 through 7.0.0
- 6.0.0-: Prevents versions 6.0.0 and later
- -9.0.0: Prevents all versions up to 9.0.0
- 10.0.0: Prevents this version only
After you add the registry string value, you must stop and then restart the information store service for the new value to take effect.
Client error message
If a restricted client tries to log on to the server that is running Exchange 2000 Server, the user receives the following error message:
Cannot start Microsoft Outlook. The attempt to log on to the Microsoft Exchange Server computer has failed.
Client version string
The client itself dictates the client's version string. This string is similar to the version number reported in the About
dialog box for the client. However, do not rely on this version number. Instead, use Exchange System Manager to view the Client Version
property on the Mailbox Store Logons page.Important
The string reported in Exchange System Manager has an additional value -- for example, W.X.Y.Z
. When you configure your server-side registry string value, use a string that is based on the values found in the W
, and Z
positions. Do not include the value found in the X
position. For example, if the version shown in Exchange System Manager is 10.0.0.1234 and you want to specifically stop these users, implement the registry string value with a data value of 10.0.1234.
Version string conventions
For MAPI clients up to and including Microsoft Outlook 2000, the version string uses the following convention:
Major build number.Build number.Dot release
For Microsoft Outlook 2002, the version string uses the following convention:
Major build number.Minor build Number.Build number
Hotfixes and service releases may affect the client version string. Be careful when you restrict client access, because server-side Exchange components also have to use MAPI to log on. Some components report their client version as the component name, such as SMTP or OLEDB, although others report the Exchange build number, such as 6.0.4712.0. For this reason, avoid restricting clients that have version numbers that start with 6.x.x
For example, to prevent MAPI access completely, instead of specifying the following restriction
specify two ranges, so that the server components can log on, as follows:
connect kbFEA kbExchange2000SP1Fea kbExchange2000preSP1fea kbExchange2000SP1Fix kbinfo