Service Pack 1 for Microsoft Exchange Server 2007 is due for release on 30 November 2007! Microsoft has prepared a major update for its flagship mail server which has now received many new features and improvements and can be downloaded from site.

Support for new platform

Microsoft Exchange Server is now fully compatible with Microsoft Windows Server 2008 and can be deployed to a computer running Windows Server 2008 RC0 Escrow build. The full list of supported operating systems can be found here.
Exchange Server 2007 SP1 has a mixed IPv6 128-bit addressing by default when running on a Windows Server 2008 platform. That is it only runs IPv6 when the obsolescent protocol IPv4 is enabled. Otherwise Exchange server will fail running on IP. If you are running a deployment for multiple machines you can create a rule to deploy only for the defined IPv6 range thus avoiding unsupported setup conditions with IPv6-enabled management tools or based on general information about support of IPv6 in Microsoft operating systems. Another way is to call a function that can resolve to an IPv6-address, that is something like IsResolvableEx used to resolve a hostname when performing a Web-Proxy autodiscovery or just issue a ping command on IPv6-address like say

ping6 -n 2 ::1

That is we ping 2 times on a loopback address 0:0:0:0:0:0:0:1 using a short notation (two-colon notation) for writing IPv6 addresses.

New features were added to a remote access for a remote client

Exchange Active Sync a has received a remote wipe confirmation feature and is now enabled with Enhanced Exchange ActiveSync mailbox policy settings which include ability to
Disable Removable Storage
Disable Camera
Disable Wi-Fi
Disable POP/IMAP e-mail
Block Internet Sharing

It both provides for a data protection and ensures a security for sensitive data on mobile devices should they be stolen or accidentally lost by user. This all can be done centrally from within Exchange Management Console or Exchange Management Shell and works in a best traditions of what is meant under a centralized management.

Mobile work becomes faster

The new Service Pack improves and speeds-up long-standing connections between a server and a mobile device mobile devices.

Dramatic improvements in remote work though Outlook Web Access

Microsoft has completely rewritten the Outlook Web Access in Exchange Server 2007 and SP1 brought many of those that were not enabled in the RTM so that OWA now comes with lightning new features too.
First off, running in a Light mode OWA does not time out any longer and no longer drops the session out if user is composing a long message or just working with its calendar for a long time. OWA now prevents you from losing your typed messages by automatically saving the them in as Draft folder as-you-type.
In Premium mode for Outlook Web Access it is now possible for a user to create and edit Personal Distribution Lists and server side rules.
What about support for Microsoft Office System 2007? WebReady Document Viewing has finally been added with support for decoding and viewing in HTML of Word/Excel and PowerPoint X-Documents in OpenXML format.
It is now possible to copy or move folders using a dedicated context menu command.

Public Folders functionality now offers following features:
It is now possible to get full access to public folders from OWA and you don’t have to use the Public virtual directory. And you can get full access to public folders on Exchange 2007 Mailbox servers is now available for users without the need for you to provide Public Folder access from Outlook Web Access on Exchange 2003 Mailbox server. Microsoft has also added search features for Public Folders.

Increased manageability within Exchange Management Console

Exchange Management Console has been enhanced with a brand new interface for administering POP3 and IMAP4 protocols.

Hub Transport Server role has been added with functionality to set message size limits on Active Directory site links.

New features in Mailbox Server role

It is now possible to import and export mailbox by using .pst files. I believe this will provide greater flexibility administrator especially combined with such functionally available in standalone applications as automatic configuration of .pst files for the end user profile.

Those companies that use IP telephony are now able to create SIP URI and E.164 dial plans and add a SIP or E.164 address for a user by using the Enable Unified Messaging Wizard.

Security changes

Exchange Web Services were added with a more granular permission configuration that now supports configuring folder level permissions so that both users and user applications are now able to list and configure permissions on folders. It is also possible to delegate management with services.

Official Document describing what’s new in Exchange Server 2007 SP1
Automatic configuration of mailboxes and Outlook profiles for the client side on the post-deployment stage
Additional information on what you have to do to deploy Exchange Server 2007 SP1 on Windows Server 2008 and Windows Server 2003 family
More information about what’s new about client access features in Exchange Server 2007 SP1

We ended with configuring of server side to prepare the remote access to Exchange mailbox from the outside. Now we can start configuring the client side. In other words, we need to what we should do as the users to be able to receive corporate mail while we are sitting home or traveling with our laptop on the business trip. But before we will do that I will go a little backward and say that we as admins should pay our attention to the fact how we configure our environment. In that our specific case when we should provide user with access to the network the outer network perimeter is what pays our attention. What we do usually to prevent ourselves from being attacked from the outside? As with medieval battles, we close our doors, close our windows (oopps, let leave Windows running for little more we haven’t finished with configuring its client application) and left just a pair of doors left open. For us themselves, our friends and our bodyguards. The same way we do when our medieval castle turns into our corporate network. We usually leave to ports open: the one for HTTP (that’s we ourselves as we as our friends, the users, need access to information) and the one for SSL (that’s our bodyguard that keeps our connection secure by using public key encryption). But aren’t we here to communicate with Exchange server? How will we do that if we just have HTTP(S)? We need to be able of doing remote procedure calls. But we blocked them! How should be manage to be able to use them anyway. Uh, again we should carry that weight on our own shoulders. Let’s help the RPC and let HTTP to carry it on top. That’s exactly what we do there. We use RPC over HTTP. We encapsulate RPC network filesystem commands into HTTP headers. So here’s the scheme we have:
1. We send the request from the Outlook client application via SSL
2. It then comes to the corporate firewall (such as ISA firewall)
3. As ISA sees HTTP traffic on its input it passes the flow forward
4. Now we have the Front-End Exchange server on our way. Shortly, front-end server is the component that authenticates and proxifies HTTP requests

Typically running IIS RPC over HTTP proxy service is enough. So the main thing here to get is proxy.

Note: if you are still running old Windows XP SP1 clients you should keep this and mind and prepare your system and install the hotfix specified in the article to make to Outlook work reliable.

Keep in mind that to configure the profile on the client side and begin working with RPC over HTTP you should have your RPC port (that is the 135 one) opened prior that. Here are the recommendations provided by Microsoft for building the Front-End and Back-End Topology:
“Open TCP ports on the intranet firewall for the protocols you are using:

80 for HTTP

143 for IMAP

110 for POP

25 for SMTP

691 for Link State Algorithm routing protocol

Open ports for Active Directory Communication:

TCP port 389 for LDAP to Directory Service

UDP port 389 for LDAP to Directory Service

TCP port 3268 for LDAP to Global Catalog Server

TCP port 88 for Kerberos authentication

UDP port 88 for Kerberos authentication

Open the ports required for access to the DNS server:

TCP port 53

UDP port 53

Open the appropriate ports for RPC communication:

TCP port 135 – RPC endpoint mapper

TCP ports 1024+ – random RPC service ports

(Optional) To limit RPCs across the intranet firewall, edit the registry on servers in the intranet to specify RPC traffic to a specific non random port. Then, open the appropriate ports on the internal firewall:

TCP port 135 – RPC endpoint mapper

TCP port 1600 (example) – RPC service port

If you use IPSec between the front-end and back-end, open the appropriate ports. If the policy you configure only uses AH, you do not need to allow ESP, and vice versa.

UDP port 500 – IKE

IP protocol 51 – AH

IP protocol 50 – ESP

UDP port 88 and TCP port 88 – Kerberos”

Still the great thing with Outlook 2003 is that it IS able to configure the profile even without port 135 opened! Yes, it will swear on you that you have not opened port 135 but in the end you will get the profile configured. You just need your DNS working properly.

We sorted out the underlying process and can now freely begin with setting up the client side.

1. The first step is as always to start Mail control panel applet to configure the MAPI profile. There are at least two ways to do that:
1. We can click Start\Control Panel\Mail
2. We can right-click the Outlook icon in the Start menu and select Properties from the context menu
2. In the opened Mail dialog click Add button to add or create new profile
3. Now create new mail account by selecting Add a new e-mail account in the E-mail Accounts wizard or change the existing one by selecting the View or change existing e-mail accounts
4. On the Server Type window select Microsoft Exchange Server and click Next
5. On the Exchange Server Settings window specify the Fully Qualified Domain Name for the front-end Exchange server (refer to the info shown in the IIS site certificate to get the right name) such as Type your user account in the Username field
6 . In the Microsoft Exchange Server dialog box switch to the Advanced tab (I recommed leaving the settings specified on the General tab intact), check Use local copy of Mailbox and set the Download only headers checkbox. This is expecially useful when configuring settings for the roaming client that uses laptop
7. Switch to the Security tab and check the Encrypt information checkbox
8. Now we are ready to do what are here for. Switch to the Connection tab and set Connect to my Exchange mailbox using HTTP checkbox
9. Click the Exchange Proxy Settings… button and configure the URL (such as used to connect to your RPC proxy by setting it in the Use this URL to connect to my proxy server for Exchange text box. Check the Mutually authenticate the session when connecting with SSL checkbox. In the Principal name for proxy server text box put the FQDN preceded with the msstd: string. So that with you should specify as the principal name for the proxy server
10.1. Check both checkboxes for the slow and fast connections
10.2 If you have the single Connect using HTTP first, then connect using my Local Area Network (LAN) checkbox only, now you know what Microsoft means under LAN…
11. Select Basic Authentication and click OK to close the Window
12. We finished the process and can now start the client application. Depending on whether you have that command in the Outlook icon in the notification area of the taskbar you willl be able to observe established connections to the server by choosing the status command.

Note: as Microsoft says Outlook (in contrast to Group Policy which is “defined by default as any rate slower than 500 kilobits per second (Kbps)“) “defines a fast connection as a connection that is faster than 128 kilobits per second (Kbps). Outlook defines a slow connection as a connection that is slower than or equal to 128 Kbps”

How to Create an Outlook Profile for Users to Use with RPC over HTTP
Target-based Automated Client Configuration with Ability to Update and Add the RPC over HTTP Functionality for the Domain User

The Group Policy Slow-Link Detection Formula

Technorati tag:

We have several divisions where people mostly roam from one location to another be it a business trip or just a remote work. But as that’s all about doing their jobs they need the information they basically can access only right from the office. One of such types of information is surely their personal corporate mail. That’s how we work today. If we have no access to any collaboration services our work gets stuck. And the mail is the main thing there. So the core task for every system administrator today is how to provide the user with access to their corporate mail remotely from any place no matter where the user will decide to access it from.

How to do that?

One way is to create a Virtual Private Network (VPN). But what if by some reasons you can’t or simply don’t want to setup VPN to avoid making the things for users even more complex? What can you do here? What should you start with? The core term here is “RPC over HTTP“, where RPC is the Remote Procedure Call, a protocol that allows interprocess communications between client and server sides so that a component to be accessed remotely in such a way that we don’t even need to know any low-level information. This is the technology that allows Outlook users to connect to their Exchange mailbox from a remote place. And there’s no need to have a VPN connection. It allows accessing Exchange servers right through your default corporate LAN’s firewall using the basic ports used by browsers to access unsecure and secure contents on the internet. The ports that should be opened to allow access are the TCP port 80 used for basic unsecure connections and the SSL port 443 used for secure connections that are established using the Secure Sockets Layer protocol which is used as basis protocol for the Transport Layer Security (TLS) protocol which version 1.1. is defined in the RFC4346 document.

What should we do to enable all that for our users?

The process contains least two parts we should do to implement the functionality. As we are talking about client-server communications we need to prepare the configurations on both the server as the client. We will consider the Microsoft Exchange Server 2003 installed on the Windows Server 2003 Service Pack 1 and above to be the server side and Microsoft Office Outlook 2003 installed on the Windows XP Professional Service Pack 2 to be the client side.
Configuring Server Side
Let’s start configuring the setup from the server side. First of all we need to configure Exchange Server 2003 back-end server as an RPC proxy server. The process here starts with installing the additional component RPC over HTTP Proxy from the Windows Server Setup Disk. To do that:
1. Click Start and select Control Panel|Add or Remove Programs to start the Add or Remove Programs applet
2. In the Add or Remove Programs windows click Add/Remove Windows Components button
3. The Windows Components screen of the Windows Components Wizard will appear
4. Select Networking Sevices and click the Details button to open the Networking Sevices dialog
4. In the dialog box, check the RPC over HTTP Proxy checkbox and click OK

The RPC component will be installed on the system and the RPC virtual directory will be created on the IIS. Now we need to configure authentication and the encryption.

Configuring client authentication

Basic authentication will be used to authenticate users. This type of authentication has one very annoying property: it sends creadentials in the pure form as the plain text. That’s why we will need to configure SSL and implement the encryption to be used for passing the credentials.
To configure that
1. Click Start and select Programs|Administrative Tools|Internet Information Services (IIS) Manager to start the IIS manager
2. In the manager window navigate to Web Sites and select Default Web Site
3. Expand Default Web Site, right-click the RPC virtual directory, and select Properties command from the shortcut menu
4. In the RPC Virtual Directory Properties page switch to the Directory Security tab
5. Under Anonymous Access and Authentication Control pane click Edit button.
6. The Authentication Methods dialog box will appear
7. Uncheck the Enable Anonymous Access checkbox

That’s needed because by default RPC over HTTP doesn’t allow anonymous access

8. Under Authenticated access section, select the check box Basic authentication (password is sent in clear text)
9. You can also allow the NTLM Windows authentication and leave the Integrated Windows authentication checkbox checked

Microsoft has a note on this type of authentication:
It is recommended that you use Basic authentication over NTLM because of two reasons. First, RPC over HTTP currently supports only NTLM – it doesn’t support Kerberos. Second, if there is an HTTP Proxy or a firewall between the RPC over HTTP client and the RPC Proxy, which inserts via the pragma in the HTTP header, NTLM authentication will not work

10. End with the warning message and ensure that you have correct SSL certificate installed on your server

Now we need to enabled SSL to be used for the RPC Virtual Directory. To do that

1. On the same Directory Security tab mentioned above click Edit button under Secure communications
2. Check both the Require secure channel (SSL) and the Require 128-bit encryption check boxes
3. Click OK to save settings and close the window

See How to Configure the RPC Virtual Directory in IIS article for the detailed info

The next step is to configure the RPC proxy server on Exchange Server 2003 to use specified port range for RPC over HTTP. To do that:
1. Open registry editor by typing regedit in the Run dialog box
2. In the Regsitry Editor navigate to the path


Create the ValidPorts string REG_SZ parameter and set it to the value the is built in the following manner


to open the port range 6001-6002 and one single port 6004

Now we need to configure our Exchange 2003 back-end servers (the GC, Global Catalog servers) and set the NT Directory Services (NTDS) port on them. So we again should to specify registry parameter to do that. This time we need to open the


create a REG_MULTI_SZ ‘NSPI interface protocol sequences’ parameter and set it to value NCACN_HTTP:6004

We ended with the specific preliminary tasks on the server and can start with configuring client application (that is the Outlook 2003) profile to work with RPC over HTTPS. But that’s the story to be covered in the next part when we will talk about client side configuration.

Further info:
RPC over HTTP Interactions on the RPC Proxy Server
How RPC Works
Automatic Configuration of The Client Side
RPC over HTTP Authentication and Security

Technorati tag:

When we were discussing the automatic creation of e-mail signature for message in Outlook in the series of articles posted previously (see Part I, Part II and Part III), I told you that I recommend choosing HTML when defining the type of message format to be used by default for composing messages in e-mail client. Although the rendering capability of Office Outlook 2007 has changed because Outlook now uses rendering capabilities of Microsoft Word 2007 rather then the engine of Internet Explorer 7 it doesn’t mean that we can’t use pretties of HTML as the subset of what HTML 4.01 specification is supported by Word engine.
In the dynamically changing world we think dynamically, we communicate dynamically using Windows Live Messenger smart-tag integration with Outlook and utilize Live Communication Server to collaborate with colleagues throughout the world or within the close corporate community by deploying Windows SharePoint Services and building web enterprise portal. Today when we are living the the moment when RSS syndications rose their popularity and XML is currently so popular so we not have XML Notepad 2007 why not using all the above mentioned technologies?
Think of it: for example you’re managing publishing business and you want to keep your customers tuned to what new publications you offer them, what’s upcoming, etc. Or say, you want your managers to have special signatures that will include info (such as general directions) relevant to the person whom it, the message, is send to.
I found an article that describes how to make signature dynamic and thus adding to the signature more descriptive and effective.
I will not go deep into that, that’s what the article is intended for, but the layout and info about what they are using there to do that is worth to be noted.
Author suggests to use corporate intranet portal as the source for the data and Rich Site Summary syndication as the technology to deliver data to user. So you need to have ASP.NET 2 installed on the server to process ASP web handler ASHX files on the server side and deliver html code that will be rendered on the client side. As Microsoft Visual Studio 2005 Express Edition and Microsoft Office Outlook 2003 are enough, you can start diving into it for yourself right after ending with reading the article. So what is used? “Just to enumerate some: web requests, web handlers, graphics, caching, section handlers etc.” To made solution really dynamic and flexible author created config file that stores data that describes how to draw the stuff in the format that is very close to the RSS 2.0 specs. The problem here is to receive the HTTP request and response on it by sending the PNG image. To do that HTTPWebRequest and HTTPWebResponse classes are used to transfer the data via HTTP protocol. As the target is to deliver the Portable Network Graphics image to the page, type is defined using the ContentType property:

objResponse.ContentType = “image/png”

To solve the problem of request overloading by implementing the caching that saves the image from being loaded with each request. The default time that defines how long to store the image in bitmap cache is set to be 15 minutes but it can be easily changed using the TimeSpan structure

new TimeSpan(0, 15, 0)

The interesting thing with PNG format is that it “cannot be written to a non-seekable stream, an intermediate memory stream object (which is seekable) is used”.
The MemoryStream is used to manage that.

Then author creates three procedures: the first one handles exceptions and draws them on the page if any and the last two are those ones who are responsible for building the contents where one build the title of the channel and teh second builds the items for it. Author chose two items to be drawn on the page. These are the post title that is drawed using the title property and the post publication date which is drawn using the pubDate property.

The drawing procedure is not very simple but clearly made as described. It creates the rectangles that build the signature, the borders, and manipulates with bushes.

Very nice article that delivers the food for thought and opens the capabilities to extend the mail signature representativeness the way you want it to go.

Links for further information:
The article I am talking here about. You also can download the Windows Installer distribution with C# code
Make Sure Your Mail is Compliant: Download 2007 Office System Tool Outlook HTML and CSS Validator
Read Additional Information about Word 2007 HTML and CSS Rendering Capabilities in Outlook 2007 (in two parts):
Strangely enough the part I has file name index higher then the part II…
Part I
Part II
What’s New for Developers in Outlook 2007: Part I, Part II
How to use Smart-Tags in Microsoft Word
How to write ASHX file
Creating an ASHX handler in ASP.NET

Technorati tags:

What if We Will Automate it Further?

As said, semi-automatic mode is better than nothing. But still, I guess, you’ll agree here, it’s not the way we should choose if we want to achieve productivity. We need the higher level of automation. Plus we want to be as more abstracted from the user side as it possible. As we are working in Active Directory environment it is reasonable to use its abilities and retrieve the information right from the active directory database. Going that way we’ll solve two problems at once: we will free ourselves from the need to fill in info personally user-by-user and strictly assign the signature to the user according to the official information stored in the Active Directory database. That allows avoiding confusion for the user and for the customer that will contact our user.

The Approach: Querying Active Directory for an Info

As we always do when we start working with some entities, we create an object instance that will represent it. Out main goal here is to retrieve information about the user, the member of the database, and then put it down into our document. We will use ADSystemInfo object and create its instance named objSysInfo that we will us to retrieve the system info data:

Set objSysInfo = CreateObject(“ADSystemInfo”)

After that we can retrieve a distinguished name of the user that is logged on to domain and that we want to create a signature for:

strUser = objSysInfo.UserName

We are using here the UserName property that is who returns the name of the user.

Username retrieved, we can connect (bind the object) to that user account. We use GetObject method that will create a new object from the reference we are linking it to:

Set objUser = GetObject(“LDAP://” & strUser)

Note: We can also shorten the expression and just write Set objUser = GetObject(“LDAP://” & objSysInfo.UserName). Then surely we have no need to define the strUser variable.

Getting the Stuff in Our Hands

That’s the time to start working with properties. What we need them for? We need them exactly to retrieve specific information that we will use during the document filling operation.

Typically a pair that will retrieve is the full user name and the company name and is well enough to build the signature. So basically we can limit the set of information that we will retrieve to just to properties:

1. FullName, this property will return the full name of the user. That is that the name that the user would basically get in the header of the Start menu if he will click on the Start button.

Note: If you haven’t add it, open Active Directory Users and Computers snap-in and change it. See this article for an additional info.

By the way there’s a nice article describing how to make this automatically using VBScript: How to change the display names of Active Directory users with Active Directory Services Interface script

2. Company, this property will return the full name of the company.

To call them just use this form

strName = name

Thus to retrieve the user full name, use the following expression:

strName = objUser.FullName

Correspondingly, to retrieve user company name use the expression:

strCompany = objUser.Company

Note: In fact you can overview get all off them with your own eyes if you’ll select user properties in either your contacts or using the user properties smart-tag.

Here’s how to do that:

1. Create a new e-mail.
2. Enter User Name that is recorded in Active Directory
3. Point to the typed name. The user properties smart-tag will arise in the upper left corner on the user name
4. Click on the smart-tag and select Outlook Properties
5. All these properties will be listed on the General tab of the %username% Properties dialog box

Thus you now have a clue on how to enhance the representativeness of the user mail signature. Just use the properties listed there and add them after the name of the object you used to create connection.

Thus to add user telephone number to the user signature use this expression:

strPhone = objUser.telephoneNumber

How to program Outlook
Automatic Management of Signatures Bindings and Formatting
Windows Scripting Host (WSH) Properties List
User Class Properties Reference for Windows 2000 Server and Windows Server 2003 Active Directory Schema
IADsUser Interface Property List
Reading Active Directory Object Properties in C#
Defining Object Properties of any Active Directory Schema Interface object using IADs Interface
User Object Attributes
Sue Moshers’ Solution to Create Outlook Signature using Windows Management Instrumentation (WMI) scripting


Now that we’ll go further with this. How to push these settings enterprise-wide.

As we added line break to the document, we can continue to fill the signature and put (a last!) the name of the company we work in. The procedure is absolutely the same except that for now we are typing company name and hence we are passing the that out mysterious company ACME Corporation name to the input of the method:

objSelection.TypeText “ACME Corporation”

After that we are running Range() to end with the typed text selection block.

Now when we created the content of the signature we are stepping in to create the signature in Outlook. First off we need to create the object that will represent the parent of the object representing the signature. That means we should create objEmailOptions object:

Set objEmailOptions = objWord.EmailOptions

Alright, the parent is created, lets create the child, the objSignatureObject object:

Set objSignatureObject = objEmailOptions.EmailSignature

Now when we created the objSignatureObject signature object that’s the time to include our signature to the list of signatures. What’s the list? It’s the collection. Want to know how it looks like?

1. Open Outlook
2. Open Tools|Options and switch to the Mail Format tab on the Options dialog box
3. In the Signatures section click Signatures button to open the Create Signature dialog box
4. Here we are. The collection is just the list of items listed in the Signature list in this dialog

To create the collection we need to create object

Set objSignatureEntries = objSignatureObject.EmailSignatureEntries

We are ready to fill in the list now. To do that we need to add new item to the collection by using the Add method. To name it somehow we’ll just pass Standard Signature as the parameter:

objSignatureEntries.Add “Standard Signature”, objSelection

Let’s check what we created. Open the Create Signature dialog box as stated in the list above (see step 3) and check the Standard Signature is in the list of available signatures (or the only existing one if you haven’t created the single one yet).

“Wait, wait, wait, wait!” I hear you are saying that. “You told us about the name of the signature, but how did we create it?” You are right. We used reference to the created objSelection object to fill in the signature with the text. That’s what we used Word for.

OK. Signature is created, we can go. Unfortunately, not yet. You are asking, why? Look at the Signature section on the Mail Format tab in the Options dialog box. Observe two drop-down lists there. We haven’t assigned the signature yet. We need to make sure that when the user will either create or reply to the message the created signature will be used there. To do that we need to use two corresponding properties.

1. NewMessageSignature property is used to attach new signature to all newly created messages
2. ReplyMessageSignature property will be used in case user will reply to the incoming message

Lets go. As always, we are creating two objects:

objSignatureObject.NewMessageSignature = “Standard Signature”

objSignatureObject.ReplyMessageSignature = “Standard Signature”

Now look at the mentioned drop-down lists. The “Standard Signature” item is there and successfully selected. Try to create new mail or reply to the message. You will get the created signature attached at the bottom of your message.

By the way, if we would have another signature in the list of signatures we could set another one as the default either for new message or for the replied one depending on what you want it to be by typing its name within the quotes.

Voila! We ended with signature creation. That wasn’t too complicated tasks but still… Look at what we did? Can we leave this alone? Can we consider it to be the right solution? Of course, not. First of all we are talking about corporate environment with computers joined to domain. If we will stop with this solution it would require us either create a set of unique signature scripts, or create a huge IF branching that would put different names for signatures to make them unique for all user computers.

I’ll continue describing what we can do. For now you can find the ways right in the list of the articles I put at the bottom of this my note. See you later.

MSDN Magazine Scripting Outlook Signature article
How about automation? Automatic E-mail Signatures Creation
How to find and use Office object model documentation
Programming the Outlook object model
Microsoft Word Object Model
The TypeText Method
Microsoft Word Selection Object Members
What’s new in Outlook 2007 Object Model

Technorati tags:


The steps to create mail signature in Outlook manually are not so complex to perform. But as it usually happens, this ‘rule’ cannot be applied to all cases. Once you can burden this task on user’s shoulders in a small company with a few computers in net and probably no Active Directory, go do it in large company. Even in relatively large company it’s nearly impossible to force users to go beyond corporate rules on formatting the signature. At any time in any place chances are very high we will get the chaos within the settings of users’ signatures. Ones just will be unable to create them at all, others will leave your direction and not set signature at all, while the rest will edit the standardized formatting to what they like to look like and… You will get the chaos. Imagine you will start labeling your corporate logo differently each time you put it somewhere. John will put it that like, Marianne will add some flowers at the very left conner of the logo because she is delighted with the Spring that came earlier (later?) this year. Absurd? For sure. Logo is that kind of things that usually changes only by common agreement and cannot change and depend on the each single person wish. Surely, you can create legal notices, you can stick banners screaming on users and forcing them to comply the rules. But the question is: should you do that? Or to say it better: should THEY do it? At least they were employed to do what they are specializing in and what they can do best, so why bothering them with excess problems and drawing them away from their internal responsibilities. While there are things that people should be able to freely made themselves, there are things at the same time that must be standardized. Just for the sake of following corporate rules, for the sake of what any standards are created for.

First Steps to Automate Creation of Outlook Signature

Here I will go through the process describing the process of how to create e-mail signature for Outlook using automation in the step-by-step manner.

The first thing you start thinking about automation is probably scripting. And because we want to add text here, we need to use Microsoft Office Word. Moreover, Outlook object model as it seemingly seems does not include methods that would allow to create and assign signatures for e-mail messages.

Semi-Automatic Approach

First of all we need to open our application. Because we will use Word here, we need to start Word application.

Set objWord = CreateObject(“Word.Application”)

We are creating objWord object to do that. If we want our application to be visible as we start it allowing the user to see the main application window, we need to set object property accordingly. Thus we can set Visible property of objWord instance to true.

‘objWord.Visible = True

Uncomment the string in the script and you’ll see the window displayed without any document opened in it. Comment it back on and you’ll see only the process instance displayed within the list of your task manager. But aren’t we here to create the signature? To create it we need to create a document that we will fill in further with signature info. To create a new document we need to use Add method and create a objDoc object which will designate the document we are creating:

Set objDoc = objWord.Documents.Add()

Alright. We created the document. Let’s start righting the text. We need some method that will do the job for us. Something like TypeText would be able to do that job for us. But the objWord object doesn’t have such a method contained within its object model. What should we do? Right what we do when we start typing out document. We should put an insertion point within it. What cannot be done with one object can be done with another one. The first thing that Scripting Guys are suggesting to use to type e-mail signature in live is to create Word’s Selection object. Here’s how we do that:

Set objSelection = objWord.Selection

Now we can start writing our first string of text to build the signature. We need to invoke the mentioned TypeText method here:

objDoc.TypeText “FirstName LastName”

Where the FirstName and the LastName strings are placeholders for the text that will be typed in the document. Thus if you will put John Doe here, and run the TypeText method you will see the John Doe string written in the first row of the Microsoft Word document. Now then we usually type the company name under the personal name. Okay, let’s write the name of the company. Let it be the mysterious ACME Corporation:

objDoc.TypeText “FirstName LastName”

But wait, why we got out strings sticked one to each other? That’s because we forgot to do out second action we do when we type the documents, breaking the line and inserting line feed and caret return to it. That is we need to put here our well-known “Press ENTER to continue”. What’s Enter in Word? It is paragraph. Strictly speaking paragraph is more complex thing in Word because it holds style and formatting info, but let cut its capabilities to such a limited scope. To put the paragraph we should add this


line to the code.

You can find the whole article here
Extra info on scripts utilizing XML and HTA can be found here
Script Automation: Automatic Genereation of E-mail Signatures on User Side Without User Intervention
How to find and use Office object model documentation
Programming the Outlook object model

Technorati tags:

Sending messages without a signature is not what one would call etiquette correct. Surely when we are mailing to each other in a limited set of participants where everyone knows another person quite well, having a signature can be an excess. But once we are talking about business communications having a proper signature becomes a must.
That’s when we get why we need Word to be a default editor for composing Outlook messages.
How do we setup a signature
For personal needs we do the following
In this example Office Outlook 2003 and Office Word 2003 are covered
1. Launch Outlook and choose Tools|Options to open the Options dialog box
2. In the Options dialog box switch to the Mail Format tab
3. In the Message format select HTML from the Compose in this message format drop-down list
4. Check the Use Microsoft Office Word 2003 to edit e-mail messages
5. Under Signature select account to be which you want the signature be assigned to
6. Click Signatures button and click New button to create the signature.
7. Enter a name to set how you wish signature to be listed in the list of signatures. This is needed to differentiate between signature is you have several signature. I recommend naming convention to be FirstName LastName [Type][Lang] where the stands for the signature type and is used to differentiate between corporate and personal signature. Lang designates the language of the signature what is useful if you work with multilingual customers. So name it to be named as John Doe [Corp][EN], John Doe [Corp][DE], etc
8. If it’s your brand new signature and you have no previously created signatures there, select Start with a blank signature and click Next
9. While in the Signature text box click Advanced Edit to launch Microsoft Office Word
10. When Word will start, type your signature, format it accordingly to confirm personal preferences or corporate rules
11. Save changes to the edited document

There is a nice demo on how to create, apply formatting to bring some elegance to it, and manage profiles by switching between signatures if you have say your corporate and personal signatures.
Inserting signature in a message
Signature Management with Outlook Profiles in Domain environment
Sign off simply in Microsoft Office Word


The first way we used to apply profile configurations was exchange newprof.exe utility. But the keyword there was contained within the utility name – “new”. It could only create new profiles and cannot modify existing configurations.
Then at last we got modprof.exe and the ability to preserve existing settings and configure new.
The command line we use was
modprof -p \\circinus\dat\cfg$\xyzoutlook.prf
p PRF, specifies the path to the profile settings file. As usual, if no path is specified utility looks for the default.prf file located within %systemroot% folder

s, this switch specifies an option to run the tool in a separate window, ask user to specify the PRF file and display messages within it

x, when the –s option is specified, sets automatic start without waiting for user to select concrete PRF file.

z, specifies MAPI error code output if any

Additional source of trouble in case when you deploy it for several users and on a limited set of persons you get an error is the fact that the tool cannot generate log files.

List of switches for the newprof automatic profile generator program
Creating Default User Profiles

If you want to replace a file that is currently in use by a user or system process you can just use rename technique.
1. Open command prompt by typing %compspec% within your run dialog box
2. Change the target folder to the folder where the file is to be replaced by executing
cd “\your path\”
if you want to switch to the folder located on the same drive or
cd /d “x:\your path”
to switch to the folder located on another drive
3. Now rename the locked file that you want to replace with the new fresh version copy by typing something similar to
ren function.dll function.dll.old
Windows will allow you to rename the library but will continue to use it until you reboot
4. Copy the new dll library to this location
copy x:\updates\function.dll .\
5. Reboot the PC. When you will log on to system with the new session, system will start to use your new updated version of dynamic link library.

Or you can pick this Locked Files Wizard tool

Additionally there’s useful tool to work with file handles called Unlocker
Good for one-time needs although requires external scripting to do that in multi-pass way.

To those of you wondering, what we decided to do further, I will continue the storytelling. We started implementing outlook profiles with Office Profile Wizard. We got Office 2003 Resource Kit and started with creation of standard profile description PRF-file.
The Configuring Outlook Profiles by Using a PRF File whitepaper helped us to tackle the tool up.
The main problem was the fact that after configuring you realize that the settings you’ve made were made from scratch and thus would give the return for new Outlook-less systems only. The good thing was that we just established new room with brand new PCs. The bad thing was that we had to move several users that already work on old PCs but the way to get the settings for them was to apply this newly created PRF on new machines via MST transform file. The second what was actual for us is the we have different versions of operating systems and different versions of applictions which in turn require different steps to apply PRF file.
So we started with manual edit of registry. We deleted the key
to drop the state flag
created a string ImportPRF in
key and set is with value \\circinus\dat\cfg$\xyzoutlook.prf

to point to the PRF file we created and placed on our server share. Thus key value represents the UNC path where circinus is the name of our server, dat\cfg$\ is the share path and the xyzoutlook.prf is how we named our profile configuration file.


I work in a company that provides various kinds of services. We have a pretty distributed corporate network throughout the country. Many people use our mailing server to collaborate with each other. Some work in local offices, some go out for a business trip. Add here the never-ending flow of incoming clientèle and you’ll probably see yourself as it’s you are talking from this blog. Nothing that unusual. We know it’s our normal quite serene working day in IT department. No matter where we are actually working in. Routine. Returning back to what I have in my corp. As we also have external offices this adds the additional complexion. We definitely needed some way to separate client accounts at least to differentiate between customers and workers. The standard way to answer the task is to use outlook profiles. That’s what we did.
We started with quite a brute way of making this. We wrote down the guide on the corporate intranet site describing the steps the new user should take himself to setup outlook profiles. Again nothing that comes extremely unusual, just the standard multi-step follow-up to guide user through the manual configuration. Except that the diversity of users forced us to enhance the guide to handle several basic configurations of used version of Outlook and the operating system it runs on.
Here I will go a little bit aside to talk about intentions and decisions. (Sometimes they differ, huh?) First I wasn’t thinking about showing you that ‘guide’ we created. I just didn’t want to attack you with additional strings of ASCII bytes to narrow the excess and cancel the empty non-informative noise. But then I come thinking of why not to show you our errors and describe the underlying story a bit more detailed to get it more descriptive and explanatory. This would bring some humor and joy and allow some of you to not repeat my errors. Sometimes it gets the positive result if someone learns from the errors of your own. So I decided to include that our user manual and put some extra info to show how we found the the way to resolve the problem settled down the internal and external collaboration to run in a fully automated way. Here it is in all its glance though in a slightly abridged form (I cut down the specific info).

How to set up Outlook profiles to work with your mail in the XYZ corporation network

Operating System: Windows 98
Outlook client: Microsoft Outlook 2000

1. Click Start
2. Select Settings\Control Panel to open the Control Panel window
3. Locate the Mail or Mail and Fax icon and double-click on it to launch the applet
4. In the Mail dialog box opened Add button to start the Inbox Setup Wizard
5. In the wizard page opened select the Use the following information services radio button and check the Microsoft Exchange Server check box in the scrolling field below
6. Click next to move to next wizard dialog box
7. Click into Microsoft Exchange server field and type the following in it
8. Switch to second field on the wizard dialog box and type your last name
9. Click next to move to next wizard dialog box
10. Click No when prompted to ask “Do you travel with this computer?” question
11. Click Finish to close the wizard
12. Select the created profile and click Properties button
13. On the XYZ Corporation Properties mailbox dialog box select the Microsoft Exchange Server and click Properties button
14. In the Microsoft Exchange Server dialog box opened check you’ve entered correct settings for the mail server address and the name of your mailbox we put previously in steps 7 and 8. Revise if the mail server address was typed correctly and listed as
as you wouldn’t be able to work with mail if the address was incorrectly set
15. Click OK to close the window
16. Now double click the Outlook icon on your desktop to start mailing program.
17. In the Enter password dialog box type
18. Your login name into the User Name field
19. XYZ in the in the Domain Name field
20. Your password into the Password field
Note: if you don’t know your your login and password check with your supplementary Account setup form list or contact system administrator by phone to get them BEFORE proceeding with next step
21. When entered click OK to proceed with settings and log in to mailbox

Note: if you need to create multiprofile setup, refer to How to create multiprofile mail setup document on the http://intranet/techinfo/mail/outlook/ompmbseetup.doc

Operating System: Windows 2000, Windows XP
Outlook client: Microsoft Outlook 2002, Microsoft Office Outlook 2003

1. Click Start
2. Control Panel to open the Control Panel window
3. Locate the Mail icon and click on it to launch the applet
4. In the Mail dialog box opened Add button and enter the profile name in the New Profile dialog box
5. In the Mail Setup – Outlook dialog box click on the E-mail Accounts… button to launch the E-mail Accounts wizard
6. Select Add a new e-mail account radio button to be able to add your new Outlook account
7. Click Next to go to next wizard dialog box
8. On the Server type dialog select Microsoft Exchange Server radio button and click next
9. On the Exchange Server Settings dialog box fill in the field with the data contained in the supplementary Account setup form list or contact system administrator by phone to get the info
10. In the Microsoft Exchange Server field enter as the address to be used by Outlook to connect and retrieve your personal mail
11.1 If you are using Office Outlook 2003 check the Use Cached Exchange Mode checkbox below
11.2 If that is not true and you are using the previous version of Microsoft Outlook go to next step
12. In the User Name field enter the name to be used for your mail box. If you don’t know your username, click Start and use the name written in the caption of the Start menu
13. Click Check name to verify the entered name and avoid conflict with existing names (if any)
14.1 If you are using Windows XP, enter in the User name field and fill in the password in the field below
14.2 If you are using Windows 2000, enter your username in the User name field, fill in the password in the next field and enter xyz in the Domain name field
15. If Microsoft Outlook notification message box appears notifying you about existing personal folders appears, go to step 17
16. Setup is now finished. Click Finish button the save settings and exit the Outlook configuration wizard
17. Click Yes button to confirm and continue
18. Start the Mail Setup – Outlook dialog box (see step 5 above) click on the E-mail Accounts… button to launch the E-mail Accounts wizard
19. Select View or change existing e-mail accounts radio button and click Next button
20. In the E-mail Accounts dialog select Microsoft Exchange Server entry within the Outlook processes e-mail for these accounts in the following order
21. Server will ask you to authenticate. Enter the data as discribed in steps 14.x above
22. Change delivery target in the Deliver new mail to the following location drop-down list and choose Mailbox – Username, where Username will be the name you used to authenticate and click Finish

Pretty complicated, isn’t it? I bet you agree. Imagine how complex this comes for the person who doesn’t need to know deep in IT and just wants to concentrate on his personal work responsibilities. Twenty steps to complete to just configure mail profile. That last not too long until we realized that this mess cant last any longer and we should implement something to smooth the process for users and, if possible, make it completely automatic and transparent for the user.

How to create a new e-mail profile in Outlook 2007 and in Outlook 2003
Overview of Outlook e-mail profiles

Create a new e-mail profile in Outlook
Manage Outlook profiles
Get the version number for your Office program and information about your computer
Use Outlook Anywhere to connect to your Exchange server without VPN
What is a Microsoft Exchange account?
Change the password for your .pst file

Scan and repair corrupted Outlook data files
Turn on or off Cached Exchange Mode

Technorati tags: outlook profiles exchange profiles client mail setup mailbox outlook mailbox

More blogs about outlook profiles.
Add to Technorati Favorites