Need help with UAG use case: Blocking file attachment downloads from OWA

Paul Boz

Hey guys,

I'm new to UAG (literally handed access to UAG on Friday at noon) and I'm trying to develop a simple use case such that all attachment downloading is blocked. Eventually I'd like to develop this to only block attachments from non-IE browsers then down to domain-joined machines. For now though, I just want to block attachments period. I can block uploads all day long, that's working fine. I don't care about blocking uploads though.

Here's what I tried so far:

1. Per Ben Ari's IAG blog I configured the OWA application's Endpoint Policy Settings tab to have "Microsoft OWA 2010 upload" for the download policy. Per his blog this should also block downloads if selected here. This does not block downloads.

2. I created a custom download policy called TESTPOLICY and double clicked it to edit it. I then selected "never" from the dropdown for each OS platform. This to me should mean that no platform should ever be allowed to perform the download action. This still does not work.

3. I went to the download/upload tab on the OWA application from within the trunk and made sure "download" and "upload" are set to "identify by URL." I'm lead to believe this should be working since I can't upload attachments in my test.

Basically it looks like I have something misconfigured but given that I've been in UAG for about a day and a half I have no idea what I'm missing. According to all of the KB articles I'm reading this should work fine as configured. I need to get this simple use-case configured ASAP so any help at all is much appreciated.

Paul Boz

Got this working by the way. There was a misconfiguration in the application trunk prior to me being given the system. Once I fixed that problem my stuff worked

Next on the docket: Using custom registry keys to validate the machine.