[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 455
  • Last Modified:

restrict OWA

hi, we use owa on our intranet for people not logged on to our domain but within our network.

we have never provided owa externally for some political reason i have yet to under stand,

recently updated to exchange2003 and whilst doing this got all the other bits up and running,
owa oma direct push etc all works fine over ssl we o have exchange front end inside our firewall at this point.

problem is  how can i leave owa for a few people  and block it for rest, but still allowing them internall access to it? (i think that makes sense?)

i cant see a way of denying access to owa from external sources but allowing from internal sources on a users by user basis
  • 3
1 Solution
Irwin SantosComputer Integration SpecialistCommented:
hmmm.. OWA (Outlook WEB Access)....

The political reason is self defeating.  Users should access their accounts locally by a Outlook personal profile (that is more efficient).  By doing so, you wouldn't have to worry about OWA on the Internal LAN.  OWA was made for remote access.  If you want to grant just a few people, then you go into Active Directory, right-click on the user, choose Properties, then select Exchange Features, highlight OWA, then DISABLE.
mhamerAuthor Commented:
we have a large training enviroment, alot of the time users will be on machines that are behind firewalls only allowing 80
and office may well not be installed

having said that,  never noticed the disable for owa on the user  i was only looking at the server which doesnt do that :-)
Irwin SantosComputer Integration SpecialistCommented:
While in Active Directory....upon right-click on a user name, EXCHANGE TASKS appears?
Are you using a frontend / backend scenario?
The only way that I can think to do this would be to use a fe/be or an ISA server and then restrict access to the /exchange virtual directory (on an FE) or restrict access through the ISA for the external people.

However, this is going to cause you problems if the people with the restricted OWA access need to use PDAs. EAS uses the /exchange virtual directory in the data transfer, so if they cannot use OWA, they will not be able to use anything else that comes through the web interface.

Irwin SantosComputer Integration SpecialistCommented:
cool. thank you..

Just a note...by accepting, you've helped me get my Exchange Server Master ceritficate.

Much appreciated!!

Aloha from Hawaii,


Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now