How to restrict users from accessing Outlook Web Application
I have requirements to disallow users to access Outlook Web app from internet and only allow them when they are available in LAN. Can anyone help me to implement
the same?
Exchange Server Version: 2010
July 5th, 2010 7:40pm
Hi,
Set-CASMailbox user@domain.com -OWAEnabled $false
will turn off OWA for the user, whether he is accessing it internally or externally.
Regards,Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM)
www.HostingController.com
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2010 9:02pm
How are you publishing to the internet? If using TMG or ISA, you can create rule to block this...anything with /owa, that way they other functions can still work (OA, ActiveSynce, etc.)Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
July 5th, 2010 9:08pm
External Facing server is published to internet directly. I need to disble it for few users when they are connecting from internet and all the intranet users should be able to access the OWA.
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2010 9:52pm
On Mon, 5 Jul 2010 18:52:21 +0000, rkart77 wrote:
>External Facing server is published to internet directly. I need to disble it for few users when they are connecting from internet and all the intranet users should be able to access the OWA.
If you have only one web virtual directory that's shared by both sets
of IP addresses you're pretty much out of luck, I'd say. If you know
the IP addresses used by those people you could block thaem, but you
can't just turn off access to a user without denying them access from
everywhere if you have only one virtual directory.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
July 5th, 2010 10:53pm
Here is the situation
Site A ----- 4 Exchange Server 2003.
Site B ----- 1 Exchange Server 2010 with CAS+MBX+HUB roles.
Site C ----- 4 Exchange Server 2003 +1 Exchange Server 2010 with HUB Role +1 Exchange Server 2010 with CAS Role (Internet Facing)
I am able to restrict users by simply adding specified security group to Access this computers from network in Exchange Server 2010 with CAS Role (Internet Facing)
server. The Problem is when users from Site A (not part of specified security group) open outlook 2007,it tries to contact Site C CAS server and prompting to enter username and pwd ,so I will have to add them to specified security group to
complete auto configuration. Not sure why outlook from site A contacts CAS in Site C, i am fine if it contacts Site B CAS .With current scenario I will have to add all users to specified security group which will in turn open OWA
for everyone from internet.
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2010 11:46pm
On Mon, 5 Jul 2010 20:46:29 +0000, rkart77 wrote:
>
>
>Here is the situation
>
>Site A ----- 4 Exchange Server 2003.
>
>Site B ----- 1 Exchange Server 2010 with CAS+MBX+HUB roles.
>
>Site C ----- 4 Exchange Server 2003 +1 Exchange Server 2010 with HUB Role +1 Exchange Server 2010 with CAS Role (Internet Facing)
>
> I am able to restrict users by simply adding specified security group to Access this computers from network in Exchange Server 2010 with CAS Role (Internet Facing) server.
Doesn't that prevent them for using OWA internally, too?
>The Problem is when users from Site A (not part of specified security group) open outlook 2007,it tries to contact Site C CAS server and prompting to enter username and pwd ,so I will have to add them to specified security group to complete auto configuration.
Not sure why outlook from site A contacts CAS in Site C,
Because there are no CAS roles in Site A?
>i am fine if it contacts Site B CAS .With current scenario I will have to add all users to specified security group which will in turn open OWA for everyone from internet.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
July 6th, 2010 12:41am
Hi,
Outlook 2007 will try to find the SCP record from AD. One of two lists is created, an
in-site list or an out-of-site list.
If there are no in-site records, an out-of-site SCP record list will be generated. The list is not sorted in any particular order. Therefore, the list is approximately in the order of oldest SCP records (based on creation date) first.
So for this issue, it will try to connect the first installed CAS server.
How the Autodiscover Service Works with Clients
http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx#HowTheADSWorks
For the OWA issue, I'd like to know the following information:
Do you have Front-end configured in SiteA or SiteC?
Do you have internet-facing FE in Site A or Site C?
With Exchange 2003 and Exchange 2010 mix environment, we have to use redirection. We have to add the legacyURL to CAS2010, then CAS2010 can redirect the requst to Exchange 2003.
Exchange 2010: Proxy or Redirect?
http://blogs.technet.com/b/mbaher/archive/2009/12/17/exchange-2010-proxy-or-redirect.aspx
Transitioning Client Access to Exchange Server 2010
http://msexchangeteam.com/archive/2009/11/20/453272.aspx
Regards,
Xiu
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2010 5:41am