[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 372
  • Last Modified:

Limit RPC over HTTP Exchange 2003

Is there a way to limit the users that are able to access Exchange over RPC over HTTP from home? i.e. Everyone should be able to get on Exchange in the office but only a select group of users are allowed to configure their home computers to access Exchange.
0
victornegri
Asked:
victornegri
  • 4
  • 4
1 Solution
 
northcideCommented:
The only way i can think of doing this is by going into IIS and set security restrictions on the IIS virtual site for RPC.  The one caveat for this to work however would be for the users you want to allow access for to have static ip addresses, and frankly that wont work out so well for a few other reasons.

Is it that you really want to limit certain users from accessing RPC over HTTPS from home or is there another underlying issue that might be attacked?
0
 
victornegriAuthor Commented:
I only want the directors of the company to be able to check email from home because I don't want sensitive information from the company leaving the office (most users can only send/receive email within the company and cannot send/receive to the internet).
0
 
northcideCommented:
do these users have access to OWA?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
victornegriAuthor Commented:
No. OWA is not installed. Would that be easier to restrict?

In your previous post you mentioned setting security restrictions on IIS and stated that they would need static IP addresses... why would they need static IP addresses?
0
 
northcideCommented:
Well you see Exchange doesnt differentiate access form different locations based on which user is connecting.  You can either
a) restrict users that are allowed to connect to exchange by username
b) restrict which ip addresses are allowed to connect via IIS
I could explain that in more detail, however it can get complicated.  I dont think it will be possible to do what you want without the use of a VPN connection and strict security policies setup.  You have no facility to set this type of access running normal NAT/Static routing from public ip through firewall to exchange server.
0
 
victornegriAuthor Commented:
Currently the directors are VPN'ing into the system and we have the RPC ports open to the Exchange server (only through the VPN) so they can use Outlook from home. It's a pain and sometimes they get disconnected from Exchange. I want to see whether eliminating VPN and enabling RPC over HTTP will have any effect on speed and performance but the solution will also have to be able to limit it to just them.

Is it possible to set ACL permissions on the C:\WINDOWS\SYSTEM32\RPCPROXY folder to limit it to those people I want to access RPC over HTTP?
0
 
northcideCommented:
Speed and general performance WILL improve when you get remote users out of a VPN connection.  I wouldnt mess will ACL permissions on that folder, i cant imagine that would work, and owuld probably break something.  Might want to just allow it to work but dont tell anyone it is possible for them to get their email via outlook remotely except for the imporant people that have access.  and if they figure out that other people are doing it then say "nope, sorry it wont work for you because you dont have permission on the server" - they'll give up at that point.

Obviously not the most secure method, but a method nonetheless :)
0
 
victornegriAuthor Commented:
I personally don't believe in the security of user ignorance. :)

I think what I might try is a MAC address filter on the firewall to limit it to only those computers that I want to have access. I'll see if that works. Thanks for the help.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now