Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can you restrict OWA access in Exchange 2003 to internal users?

Posted on 2006-07-17
3
Medium Priority
?
254 Views
Last Modified: 2008-02-07
I am working on an Inter-Org migration from Exchange 5.5 to Exchange 2003.  The customer requires that OWA be available for some users via the Internet and Intranet, but for some users OWA should only be available on the Intranet (users have a VPN connection).  With Exchange 2000, there was a way to provision OWA access for internal use only.  Refer to following tech article for more details.  http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;830827

However, this capability does not seem possible with Exchange 2003 because the Web DAV address check is not present in Exchange 2003.  I know I can disable the http protocol, but then users cannot access OWA at all.  Is there a way to allow some users to access OWA internally, and others to use OWA both via the Internet and Intranet?  We are migrating to Exchange 2003 SP2.  One workaround may be able to post two different URLS, and have the internal one only on the internal DNS, so it is not accessible from the outside.  But if users know what the external posted URL is, they will would be able to get into OWA from the Internet.

Thanks for any suggestions.

Robyn
0
Comment
Question by:rkopischke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17124616
This question has come up before, but I cannot find the original question to post the link.

With Exchange 2003 the only control you have over OWA is on or off. If it is enabled for the user account then the user can access it anyway that they like. OWA doesn't care and you cannot control the access with Exchange.

The only way that I am aware that you could control access would be to use an ISA server. Publish OWA through the ISA and then have the users who are allowed to access OWA authenticate when they hit the ISA address.
Internal users would hit the Exchange directly so wouldn't be under the same control.

Simon.
0
 

Author Comment

by:rkopischke
ID: 17124691
Thank you so much for the quick response.  The Exchange server does sit behind an ISA server, so that may be an option.  I'm not familair with ISA configuration and how they would athenticate.  Would I set up a group or rule, and if they are a member of the group they can pass through?  I will look into this further.  Thanks again.

-Robyn
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 17124725
My ISA skills are not very good either, so I can't really help you with that.

Simon.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question