Outlook Anywhere - Disable Internally but allow external
I am trying to figure out the best way to handle such a need. For now Outlook Anywhere is working great both on thetheinternal and from the Internet (using various componenets such as ISA etc.)I am looking for disablingOutlook Anywhere ONLY for clients connecting on the internal network (various reasons !!). I do understand that these clients will use TCP/IP when on the internal network etc but still (!) do not want Anywhere enabled for internal clients. OR is there a way to modify the dynamically generated AutoDiscover info so that only internal clients do not get the Anywhere settings ?TIAPrakash
April 18th, 2009 5:33am
hi,when you enable outlook anywhere on Client Access server all the users that have got mailbox can use outlook anywhere.and there is a link about wihch you are looking, please look at ;http://forums.msexchange.org/m_1800471489/printable.htmand you can configure the security settings for your outlook anywhere;http://technet.microsoft.com/en-us/library/aa997193.aspxregards,
Exchange - MVP | www.cozumpark.com | www.mumincicek.com
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2009 3:25pm
Thanks - already reviewed many client based solutions but i am looking for a server based solution:in the interest of sharing what i am thinking---So it seemes like there is no way to tell autodiscover to use a different set of settings for OutlookAnywhere internally/ Or is there a way to turn off Auto Discover completely (i found that you can deploy the autodiscover xml file locally to all clients) but again that'sa client based solutionIs there a way to deploy CAS role separately for extrenally facing clients ( i thougth about a different site or changing the site affinity etc.) but those do not seem to help in my scenario.Prakash
April 18th, 2009 3:56pm
Hi,
From your description, I understand that you would like to disable internal clients connect to Exchange Server through RPC over Http. If I am off base, please let me know.
At this time, I suggest you configure IP Address access restriction on RPC Virtual directory to block internal client connect to RPC virtual directory to disable internal client connects to Exchange Server through RPC over HTTPs.
IIS Manager->RPC virtual directory->Directory Security tab->IP Address and domain name restrictions
Mike
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2009 9:59am
hi,maybe you can create an access rule on isa server from internal clients to client access server.regards,Exchange - MVP | www.cozumpark.com | www.mumincicek.com
April 20th, 2009 12:51pm
Thanks Mike. That's a good suggestion.I guess there is no real solution then for what i was looking for. Ideally i would have liked the following:a) Leave the Anywhere functionality ON for all clientsb) Have the Autodiscover publish that Anywhere is OFF for internal clients so all outlook config's internally do not chnage the way they were prior to migrating to 2007c) Clients who we would like to connect to Anywhere, we will explicitly configure it that way if neededThanksPrakash
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2009 3:22pm
Hi,
Based on my research, I am afraid that we are not able to disable Outlook Anywhere feature when configuring Outlook profile using Autodiscover feature.
We can only disable Autodiscover Feature on Outlook client by adding registry key on the client computer. You can refer to following article:
Deploying additional registry values in the Office Customization Tool for Outlook 2007
http://technet.microsoft.com/en-us/library/cc837949.aspx
Mike
April 20th, 2009 5:35pm
Ok. For now i guess i will exploreclient based solution via group policies then.Disabling AutoDiscover completely may not be an option as it maybreak other featires related to EWS.ThanksPrakash
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2009 6:21pm