Old and unpatched Outlook clients can pose a serious security risk to your network. Further, older versions of
Outlook don’t have the newer features that significantly improve network
communications, and may place an additional load on an already strained network.
In both Exchange 2000 SP1+ and Exchange 2003, you can selectively disable
specific versions of Outlook from connecting to your Exchange servers by making
modifications to the registry on your Exchange servers.
To block versions of Outlook, do the following:
the registry editor.
Edit > Add Value.
the new REG_SZ value Disable MAPI
the new key values that match the version of the MAPI client you want to
You can provide values in a number of ways. Here are some
single value: “5.2653.11”
range of values: “5.2653.11-5.2653.22”
- Up to
a particular version: “-5.2653.11” (disable all MAPI clients
older than this version.)
a particular version: “5.2653.11” (disable all MAPI clients
newer than this version. I can’t imagine why you would do this, but
included it for completeness)
values: “5.2653.11, 5.2653.22” or “5.2653.11; 5.2653.22”
or “5.2653.11-5.2653.22; 5.2818.9”
If a client using one of the restricted versions attempts to
connect they will receive an error message:
2002 and earlier: “Cannot start Microsoft Outlook. The attempt to log
on to the Microsoft Exchange Server computer has failed.”
2003: “Your Exchange Server administrator has blocked the version of
Outlook that you are using. Contact your administrator for assistance.”
To determine the MAPI version for a particular version of
Outlook, you need to look at the version of the Emsmdb32.dll file, not at Help
> About, or anything else. A MAPI version for this
file may read “11.0.8006.0”. In fact, most MAPI versions have four
values, but only three are used for this registry key. “11.0.8006.0”
would become “11.8006.0”. Drop the second part of the version.