All,We would like to provide OWA internally to a specific group because they can be at any one of several PCs during their work day. However, we would like to restrict these employees to using OWA internally and not be able to access OWA from outside. All other employees would be able to access OWA normally. Can we give one group of users access to only access OWA internally, and give other users the ability to access it anywhere? I have not been able to determine the best way to do this.

Not sure if this will work as never tested this but can give it a shot in a test labSet the default OWA virtual directory to only allow internal access from the LAN. Add another OWA virtual directory, specifically for external access, and control the access in IIS by setting Permissions on the virtual directory.lets wait for some other ideasRaj

Not sure if this will work as never tested this but can give it a shot in a test labSet the default OWA virtual directory to only allow internal access from the LAN. Add another OWA virtual directory, specifically for external access, and control the access in IIS by setting Permissions on the virtual directory.lets wait for some other ideas Raj This is how I do it in my environment. I have two OWA virtual directories on the CAS servers, one just called owa.mycompany.com and the other called owa-public.mycompany.com. Permissions can be set on both virtual directories as you see fit. My company uses split DNS, so on the outside of the network owa.mycompany.com goes to a reverse proxy that presents owa-public.mycompany.com. That way no matter where the users are they can just go to owa.mycompany.com and get there.