System Administration Guide for Cisco Unity Connection in Cisco Unified CMBE Release 6.x
Securing User Messages: Controlling Access, Distribution, and Longevity

Table Of Contents

Securing User Messages: Controlling Access, Distribution, and Longevity

How Connection Handles Messages That Are Marked Private or Secure

Disabling the "Save Recording As" Option in the Media Master for All Voice Messages

Message Security Options for IMAP Client Access


Securing User Messages: Controlling Access, Distribution, and Longevity


By setting message sensitivity, users can control who can access a voice message and whether it can be redistributed to others. Connection also offers ways for you to prevent users from saving voice messages as WAV files to their hard drives or other locations outside the Connection server, enabling you to maintain control of how long messages are retained before they are archived or purged.

See the following sections:

How Connection Handles Messages That Are Marked Private or Secure

Disabling the "Save Recording As" Option in the Media Master for All Voice Messages

Message Security Options for IMAP Client Access

How Connection Handles Messages That Are Marked Private or Secure

When users send messages by phone in Cisco Unity Connection, the messages can be marked private, secure, or both private and secure. You can also specify whether Connection will mark messages that are left by outside callers as secure.

Private Messages

When users send a message, they can choose to mark it private.

When outside callers leave messages for users, they cannot mark them private.

Any recipient can receive a private message—including non-Connection users. Recipients can use the phone, the Cisco Unity Inbox, or an IMAP client to listen to private messages (as applicable).

When a user replies to a private message, the reply is marked normal.

Private messages cannot be forwarded by phone or from the Cisco Unity Inbox.

A private message can be saved locally and copied as a WAV file when accessed from an IMAP client unless you specify otherwise. (See the "Message Security Options for IMAP Client Access" section to learn how to prohibit users from saving private messages as WAV files.)

For private messages, the Save Recording As option is automatically disabled on the Options menu on the Media Master in the Cisco Unity Inbox. Thus, private messages are stored only on the Connection server, allowing you to control how long messages are retained before they are archived or purged.

Secure Messages

When users send a message, class of service settings determine whether the message is marked secure. By default, Connection automatically marks a message secure whenever the user marks it private.

Outside callers cannot mark a message secure (or private and secure). Instead, the Unidentified Callers Message Security check box on the Edit > Messages page for a user account and call handler determines whether Connection automatically marks messages from outside callers secure, or delivers them with normal sensitivity.

Only Connection users can receive a secure message. (VPIM contacts may also be able to receive the message, but only when the VPIM location is configured to change the message sensitivity to normal before delivering it. See the "Using VPIM Networking" chapter to learn more.)

A secure message can be played over the phone and from the Cisco Unity Inbox, but it cannot be accessed via an IMAP client.

Replies to secure messages are also marked secure.

A secure message may be forwarded to other Connection users and to the Connection users in a distribution list. The forwarded message is also marked secure. Users cannot change the sensitivity of forwarded messages and replies.

For secure messages, the Save Recording As option is automatically disabled on the Options menu on the Media Master in the Cisco Unity Inbox. Thus, secure messages are stored only on the Connection server, allowing you to control how long messages are retained before they are archived or purged.

Disabling the "Save Recording As" Option in the Media Master for All Voice Messages

By default, except for messages that are marked private, secure, or private and secure, users can save their messages as WAV files to their hard disks by using the Save Recording As option, available on the Media Master Options menu in the Cisco Unity Inbox. You can prevent users from saving any voice message—regardless of its sensitivity—by disabling the Save Recording As option on the Options menu of the Media Master in the Cisco Unity Inbox.

Note the following as you consider this security option:

When you prevent users from by saving messages to their hard disks, they may choose to retain them in their Inboxes and Deleted Items folders longer as a way of archiving them.

Disabling the Save Recording As option affects all users who are associated with the Connection server; you cannot disable it only for individual users.

Users can continue to use the Media Master to save greetings or recorded names as WAV files.

To Disable the Save Recording As Option in the Media Master in the Cisco Unity Inbox


Step 1 In Cisco Unity Connection Administration, expand Settings > Advanced, then click PCA.

Step 2 On the PCA Configuration page, check the Unity Inbox: Disable Save Recording As Option in Media Master check box.

Step 3 Click Save.


Message Security Options for IMAP Client Access

When users access voice messages that are marked with normal or private sensitivity from an IMAP client, the IMAP client may allow users to save messages as WAV files to their hard disks, and may allow users to forward the messages. To prevent users from saving and/or forwarding voice messages from their IMAP client, consider specifying one of the following class of service options:

Users can only access message headers in an IMAP client—regardless of message sensitivity.

Users can access message bodies for all messages except those that are marked private. (Secure messages can never be accessed in an IMAP client.)