Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 423
  • Last Modified:

Create Domain user with OWA access only

Hi experts,

I need to create a new user in my 2003 domain that only has access to OWA – nothing else. That users needs to work local at the office where his laptop will be assigned a IP from our DHCP server.

He may be needing to add a printer, so it’s not a total lockout.

Thanks in advance.
/David
0
dsl77
Asked:
dsl77
  • 3
  • 2
  • 2
  • +1
1 Solution
 
NJComputerNetworksCommented:
Create an account, and an email address for this users.  Remove the user from the domain users group and add it to the domain guests group.
0
 
NJComputerNetworksCommented:
(note: you may have to give this user explicit rights to the printer and possibly to OWA)
0
 
TheCleanerCommented:
Sounds like NJ is on the right track.

Make sure you remove all of the Exchange features in his AD account except for OWA.

Another thing may be to do what NJ said then:

1.  Don't put his computer on the domain
2.  Have him log in to his machine with a local account

When he goes to the OWA link it will prompt him for credentials, which you can supply him.  Then he wouldn't have access to anything else for the most part, and if he did try to reach another resource it would prompt him for credentials (and most users will then try the local useraccount they are using).



If you had said he doesn't need a network printer I would have said if your network can do it to put him outside your internal LAN and have him access the OWA site from external.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
TheCleanerCommented:
Also if you wanted to you could setup the computer prior to his arrival, and lock it down to bare minimum using group policies.
0
 
canaliCommented:
with exchange 2003 and a domain controller 2003 in native mode  you can use inetOrgPerson.
The InetOrgPerson object is designed to be used as an outward facing security context. Therefore, it is ideal for use as e-mail recipients for external users or for Internet access to mail in a hosting scenario.
http://support.microsoft.com/?id=822591

_GAS_
0
 
dsl77Author Commented:
Hi all,

Thanks for all you replies.

The InetOrgPerson option sounds like the way to go, but I don’t think it’s enabled. Where can I check this?

/David
0
 
dsl77Author Commented:
When adding my users to ’Domain Guest’ and removing him from ’Domain Users’ … he can still browse through to NETLOGON and SYSVOL – is that ‘normal’?

Thanks in advance
/David
0
 
canaliCommented:

yes it's normal.
look at the sharing permissions...

Gas
0
 
dsl77Author Commented:
Canali ... the InetOrgPerson worked perfect! Thanks for the tip! ;)
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now