Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Create Domain user with OWA access only

Posted on 2006-06-09
9
414 Views
Last Modified: 2008-02-01
Hi experts,

I need to create a new user in my 2003 domain that only has access to OWA – nothing else. That users needs to work local at the office where his laptop will be assigned a IP from our DHCP server.

He may be needing to add a printer, so it’s not a total lockout.

Thanks in advance.
/David
0
Comment
Question by:dsl77
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16872379
Create an account, and an email address for this users.  Remove the user from the domain users group and add it to the domain guests group.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 16872390
(note: you may have to give this user explicit rights to the printer and possibly to OWA)
0
 
LVL 23

Expert Comment

by:TheCleaner
ID: 16873420
Sounds like NJ is on the right track.

Make sure you remove all of the Exchange features in his AD account except for OWA.

Another thing may be to do what NJ said then:

1.  Don't put his computer on the domain
2.  Have him log in to his machine with a local account

When he goes to the OWA link it will prompt him for credentials, which you can supply him.  Then he wouldn't have access to anything else for the most part, and if he did try to reach another resource it would prompt him for credentials (and most users will then try the local useraccount they are using).



If you had said he doesn't need a network printer I would have said if your network can do it to put him outside your internal LAN and have him access the OWA site from external.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 23

Expert Comment

by:TheCleaner
ID: 16873429
Also if you wanted to you could setup the computer prior to his arrival, and lock it down to bare minimum using group policies.
0
 
LVL 14

Accepted Solution

by:
canali earned 500 total points
ID: 16873461
with exchange 2003 and a domain controller 2003 in native mode  you can use inetOrgPerson.
The InetOrgPerson object is designed to be used as an outward facing security context. Therefore, it is ideal for use as e-mail recipients for external users or for Internet access to mail in a hosting scenario.
http://support.microsoft.com/?id=822591

_GAS_
0
 

Author Comment

by:dsl77
ID: 16883949
Hi all,

Thanks for all you replies.

The InetOrgPerson option sounds like the way to go, but I don’t think it’s enabled. Where can I check this?

/David
0
 

Author Comment

by:dsl77
ID: 16884019
When adding my users to ’Domain Guest’ and removing him from ’Domain Users’ … he can still browse through to NETLOGON and SYSVOL – is that ‘normal’?

Thanks in advance
/David
0
 
LVL 14

Expert Comment

by:canali
ID: 17107066

yes it's normal.
look at the sharing permissions...

Gas
0
 

Author Comment

by:dsl77
ID: 17237560
Canali ... the InetOrgPerson worked perfect! Thanks for the tip! ;)
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft Office Customization Tool’s Outlook problem 12 89
ADMT Intra Forest migration questions 7 212
DHCP server 6 62
Migrating files on WS2003SP2 to Azure File Share 7 44
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question