[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Outlok Web Access (OWA) exchange 2003 and Small Business Server 2003 implementation

Posted on 2006-05-09
13
Medium Priority
?
420 Views
Last Modified: 2012-06-27
We installed a small business server 2003 with exchange 2003. We set up web access so all users could access there mail out of the office. The problem we started to experience was users were able to access any computer on the network with there username and password. Under the server management, users in the account properties you can configur the "log on to" we configured this so that the users could only access there specific machines. After altering this users can no longer access the OWA over the internet. They can only access the OWA via the web browser on the machines listed in the log on to. Does anyone know of a work around for this or do we have to leave it that users can logon to any computer on our domain if they need to access e-mail outside of the office?
0
Comment
Question by:gruntspeed
  • 5
  • 4
  • 2
  • +2
13 Comments
 
LVL 18

Expert Comment

by:amaheshwari
ID: 16639320
Hi,

You have to leave it that users can log on to our domain from any machine otherwise they will not be able to access it from other machines.

Thanks
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16639365
Try adding the server name to the Log On To list.
0
 
LVL 2

Author Comment

by:gruntspeed
ID: 16639369
I had realised that but I am looking for a work around. THis is simply not an option.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 2

Author Comment

by:gruntspeed
ID: 16639381
adding the server name has been done but does not work and is a securty risk
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16639474
It may take some time for AD to replicate the change - on the other hand, it may still not be sufficient, either.  When you are running OWA (in fact any authenticated application), though, you are logging on to the server.  I really hope that someone can up with a way around this for you, but I don't think there is one.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16639743
gruntspeed,

You should not have entered anything in the Log Onto field.  Remove that and OWA will be fixed.

When you say that they could access any computer on the network with their username and password... are you referring to LOCAL login or REMOTE?

Because the design of an SBS network IS to allow them to log onto any workstation... but they do not have administrative priviliges on any workstation except the one they are assigned to.  Therefore, can you explain why this is a problem?

Basically you've created many problems by incorrectly solving another one... if you don't want users logging on to other workstations, there is a way to accomplish that, but it's not with the log onto field.

Jeff
TechSoEasy
0
 
LVL 1

Expert Comment

by:-Garren-
ID: 16641168
In our network, we use group policies to limit who can log onto what system. We also use OWA and have not seen a problem with unwarranted access. Group Policies is where you want logon limits applied. TechSoEasy is right in that you should remove entries into the "Log Onto" field.

I am not even sure that the Exchange server had anything to do with users ability to log onto any workstation... unless during installation, a policy was created that would allow this but I don't recall anything in the installation process other than the domain prep that would do this.

Hope that help a bit.
0
 
LVL 2

Author Comment

by:gruntspeed
ID: 16645359
All I am looking for is a way to limit users ability to move from one computer to the next without limiting there access to OWA
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1500 total points
ID: 16645394
You CAN limit the users ability from moving from one computer to the next by removing the "Domain Users" from the local Users group of the workstations.  Then only the individual user account will remain in the Local Administrators group.  This will essentially deny logon rights to any other user.

But don't use an actual "DENY" setting because that would override everything else and lock out even the assigned user.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:gruntspeed
ID: 16658149
I have spent some time now looking for a way to limit access using the group policies but am getting know where. How do I limit user access to a single computer on the network using the group policies on my domain server?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16660502
Well, here's the problem.  When you run connectcomputer to join a system to the network part of that script adds the "Domain Users" to the local "users" group.  This is done because usually an organization does NOT want to prohibit users from logging on to other machines... and this is the first time I've heard of wanting to do that.  

It can't be corrected by Group Policy but it can be undone by creating a script... or manually opening the Computer Management Console for each machine (from the server) and changing the group membership.

I asked above, and would still ask why you are trying to do this... I have a feeling that you think this compromises the security of your systems in some way?  If you could explain a bit more about the reasons for wanting to do this, I am sure that I can provide you with either the information you need to know that it won't be a problem, or at least an alternative method to achieve the same goal.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:gruntspeed
ID: 16664738
We currently have over 60 computers on our business network. OUr network spans over about 30 kms all together. Users will be on one side of the property and decide they need to check their mail and logon to a machine there. This doenloads there whole profile and also gives them access to files on that computer that they are not permitted to access. For example a user from Research accessing Finance files. The other reason being the downloading of files accross the point to point network is slowing doen our other network applications. THey are clogging up needed space on the server, and each user is issued a computer for there work. They now move because they like this office or computer better and we have no control over this. As you can imagine this is a nightmare to try and administer and backup.

G
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16670647
A user logging onto another workstation should NOT have access to files on that machine.  Because they only have "user" rights, not Administrator rights.  Furthermore, you really would be better off if all files were stored centrally on the server, for backup purposes as well as management of user rights.  This is generally handled with the Configure My Documents Folder Redirection Wizard.  Files should not be stored on the computers local drives... and even if they were, a user who logs onto someone elses machine would not have access to those files.

If bandwidth is the problem, I think you would be better off inhibiting the use of Outlook for those who log onto a computer that they are not assigned to.  Instead they would use Outlook Web Access.  In my opinion, if a user is 30 km away from their own machine then it would not be the best policy (from a productivity standpoint) to not let them check email from whatever machine is closer to them.

If there is a lack of space on the server for centrally storing files, then you really should consider adding additional drives or even adding a Windows Storage Server to your network.  None of this should be nightmarish to administer or backup... the Windows Operating Systems have tools to deal with these situations... it's just a matter of carefully planning and deploying these tools so that everyone benefits.

Since you've already closed out this question, please open a new one if you have further questions about your systems.

Jeff
TechSoEasy



0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question