restrict OWA

Posted on 2006-05-25
Last Modified: 2010-03-06
hi, we use owa on our intranet for people not logged on to our domain but within our network.

we have never provided owa externally for some political reason i have yet to under stand,

recently updated to exchange2003 and whilst doing this got all the other bits up and running,
owa oma direct push etc all works fine over ssl we o have exchange front end inside our firewall at this point.

problem is  how can i leave owa for a few people  and block it for rest, but still allowing them internall access to it? (i think that makes sense?)

i cant see a way of denying access to owa from external sources but allowing from internal sources on a users by user basis
Question by:mhamer
    LVL 30

    Accepted Solution

    hmmm.. OWA (Outlook WEB Access)....

    The political reason is self defeating.  Users should access their accounts locally by a Outlook personal profile (that is more efficient).  By doing so, you wouldn't have to worry about OWA on the Internal LAN.  OWA was made for remote access.  If you want to grant just a few people, then you go into Active Directory, right-click on the user, choose Properties, then select Exchange Features, highlight OWA, then DISABLE.

    Author Comment

    we have a large training enviroment, alot of the time users will be on machines that are behind firewalls only allowing 80
    and office may well not be installed

    having said that,  never noticed the disable for owa on the user  i was only looking at the server which doesnt do that :-)
    LVL 30

    Expert Comment

    While in Active Directory....upon right-click on a user name, EXCHANGE TASKS appears?
    LVL 104

    Expert Comment

    Are you using a frontend / backend scenario?
    The only way that I can think to do this would be to use a fe/be or an ISA server and then restrict access to the /exchange virtual directory (on an FE) or restrict access through the ISA for the external people.

    However, this is going to cause you problems if the people with the restricted OWA access need to use PDAs. EAS uses the /exchange virtual directory in the data transfer, so if they cannot use OWA, they will not be able to use anything else that comes through the web interface.

    LVL 30

    Expert Comment

    cool. thank you..

    Just a accepting, you've helped me get my Exchange Server Master ceritficate.

    Much appreciated!!

    Aloha from Hawaii,


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Find out how to use dynamic social media in email signatures with this top 10 DOs & DON’Ts.
    Use email signature images to promote corporate certifications and industry awards.
    In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now