Brian Reid – Microsoft 365 Subject Matter Expert

Enabling Exchange 2013 to Filter OneNote and Publisher Files

Exchange Server 2013 includes the Search Foundation product to index and search most of the file types that needed IFilters installed for in previous versions including PDF files, so the Adobe IFilter is no longer needed. That said, it does not filter OneNote and Microsoft Publisher files.

To filter these files so that you can search them as part of your mailbox search, include them in discovery and compliance searches and to write transport rules that can act on the contents of these files you need to install the Microsoft Office Filter Pack 2010 and Service Pack 1 for Microsoft Office Filter Pack 2010 (KB 2460041) 64-bit Edition and then, once installed, set a few registry keys. The following script does the registry key steps for you, and needs running on all your Exchange 2013 Mailbox Servers. See http://marksmith.netrends.com/Lists/Posts/Post.aspx?ID=93 for steps to install the PDF filter on Exchange 2010 if you need to do that. This script is based on the work in that post and the original scripts from Microsoft to configure the IFilters in Exchange 2010 RTM.

Script for Install-IFilters.ps1

Download the Install-IFilters.ps1 here (which is a zip containing some test files as well – see below for testing steps. The PowerShell script is also shown below:

   1: # Script to enable indexing of OneNote and Microsoft Publisher filtering in Exchange 2013

   2: # Written by Brian Reid, C7 Solutions Ltd. www.c7solutions.com 14:27 21/11/2012

   3: # Based on a script by Mark Smith from Capex Global that installed PDF filtering for Exch2010

   4: # Note PDF filtering is included in Exchange 2013 and not needed as an extra install

   5:

   6: # The Microsoft Office 2010 Filter Pack needs installing before running this script: http://www.microsoft.com/en-us/download/details.aspx?id=17062

   7: # The Microsoft Office 2010 Filter Pack SP1 (x64) needs installing before running this script: http://www.microsoft.com/en-us/download/details.aspx?id=26604

   8: # This script has not been tested with the Microsoft Office Filter Pack 2013 release as it was not available at time of writing

   9:

  10: # This script will restart the Transport service and Microsoft Filtering Management Service. Mail-flow might be affected

  11: # by the first of these restarts. Existing items in the store will not be indexed

  12:

  13: $iFilterDirName = "C:\Program Files\Common Files\Microsoft Shared\Filters\"

  14:

  15: $KeyParent = "HKLM:\SOFTWARE\Microsoft\ExchangeServer\v15\HubTransportRole"

  16: $CLSIDKey = "HKLM:\SOFTWARE\Microsoft\ExchangeServer\v15\HubTransportRole\CLSID"

  17: $FiltersKey = "HKLM:\SOFTWARE\Microsoft\ExchangeServer\v15\HubTransportRole\filters"

  18:

  19: # Filter DLL Locations

  20: $ONEFilterLocation = $iFilterDirName + "\ONIFilter.dll"

  21: $PUBFilterLocation = $iFilterDirName + "\PUBFILT.dll"

  22:

  23: # Filter GUIDs

  24: $ONEGuid    ="{B8D12492-CE0F-40AD-83EA-099A03D493F1}"

  25: $PUBGuid    ="{A7FD8AC9-7ABF-46FC-B70B-6A5E5EC9859A}"

  26:

  27:

  28: # Create CLSID and filters root registry keys if they do not exist

  29: Write-Host -foregroundcolor Green "Creating parent registry keys"

  30:

  31: New-Item -Path $KeyParent -Name CLSID -ErrorAction SilentlyContinue | Out-Null

  32: New-Item -Path $KeyParent -Name filters -ErrorAction SilentlyContinue | Out-Null

  33:

  34:

  35: # Create CLSIDs

  36: Write-Host -foregroundcolor Green "Creating CLSIDs..."

  37:

  38: New-Item -Path $CLSIDKey -Name $ONEGuid -Value $ONEFilterLocation -Type String | Out-Null

  39: New-Item -Path $CLSIDKey -Name $PUBGuid -Value $PUBFilterLocation -Type String | Out-Null

  40:

  41: # Set Threading model

  42: Write-Host -foregroundcolor Green "Setting threading model..."

  43:

  44: New-ItemProperty -Path "$CLSIDKey\$ONEGuid" -Name "ThreadingModel" -Value "Both" -Type String | Out-Null

  45: New-ItemProperty -Path "$CLSIDKey\$PUBGuid" -Name "ThreadingModel" -Value "Both" -Type String | Out-Null

  46:

  47: # Set Flags

  48: Write-Host -foregroundcolor Green "Setting Flags..."

  49: New-ItemProperty -Path "$CLSIDKey\$ONEGuid" -Name "Flags" -Value "1" -Type Dword | Out-Null

  50: New-ItemProperty -Path "$CLSIDKey\$PUBGuid" -Name "Flags" -Value "1" -Type Dword | Out-Null

  51:

  52: # Create Filter Entries

  53: Write-Host -foregroundcolor Green "Creating Filter Entries..."

  54:

  55: New-Item -Path $FiltersKey -Name ".one" -Value $ONEGuid -Type String | Out-Null

  56: New-Item -Path $FiltersKey -Name ".pub" -Value $PUBGuid -Type String | Out-Null

  57:

  58: # Setting permissions

  59: Write-Host -foregroundcolor Green "Granting NETWORK SERVICE read access to $KeyParent and child keys "

  60: $acl = Get-Acl $KeyParent

  61: $rule = New-Object System.Security.AccessControl.RegistryAccessRule ("NETWORK SERVICE","ReadKey","Allow")

  62: $acl.SetAccessRule($rule)

  63: $acl | Set-Acl -Path $KeyParent

  64:

  65: # Restarting required services

  66: Write-Host -foregroundcolor Green "Stopping Microsoft Exchange Transport service (this takes a few minutes)"

  67: Stop-Service "Microsoft Exchange Transport" | Out-Null

  68: Write-Host -foregroundcolor Green "Stopping Microsoft Filtering Management Service"

  69: Stop-Service "Microsoft Filtering Management Service" | Out-Null

  70: Write-Host -foregroundcolor Green "Starting Microsoft Exchange Transport service (this takes a few minutes)"

  71: Start-Service "Microsoft Exchange Transport" | Out-Null

  72: Write-Host -foregroundcolor Green "Starting Microsoft Filtering Management Service"

  73: Start-Service "Microsoft Filtering Management Service" | Out-Null

Testing Attachment Filtering

The download above contains the script and some test files for different document types. To test just create a transport rule where:

    • The sender is your mailbox.
  • Any attachment’s content includes “Testing IFilters”. (the files in the download include these words)

 

  • Generate an incident report and send it to your mailbox. Incident Reports are advanced transport rule actions.

 

If you create this rule before you run the script then you will get incident reports for the TXT file, DOCX file and the PDF file (note, you did not need to install the Adobe IFilter to get this functionality). But sending the ONE file and the PUB file before running the above script, even though you have the Microsoft Filter Pack installed, will not generate an incident report.

Once you have run the script, email yourself the ONE and PUB files and both should generate an incident report. From now on trasnport rules will process OneNote and Microsoft Publisher documents correctly, including any that match any Data Loss Prevention rules that you have enabled.

Posted

in

, , , , ,

by

Brian Reid

Tags:

Comments

One response to “Enabling Exchange 2013 to Filter OneNote and Publisher Files”

  1. Brian Reid avatar
    Brian Reid

    This script has been added to the Exchange 2013 automated install script by Michel de Rooij at http://gallery.technet.microsoft.com/Exchange-2013-Unattended-e97ccda4. So if you have used that script you do not need to run this one as well.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.