Solved

Limiting OWA Access With ISA

Posted on 2006-11-10
6
471 Views
Last Modified: 2010-03-06
Hi Everybody,

 We have an Exchange 2003 environment that has been in place for a little over a month now. We are still actively migrating users from our Domino 5 server. Our next batch of migrations includes users that have no permanent desks. Currently, when we have finished migrating a group of users we will manually apply a profile that has been created using the Office Deployment Tools. However, despite our test environment showing a different result, anytime a user logs into a machine that is not their own, Outlook tries to run the manual configuration again (in our test lab the profile that was installed via the GPO installation of Outlook was applied for all users).

 As a result of this situations our helpdesk has been configuring the handful of users that use more than one computer. For this next batch of users this is unacceptable - both because we are talking about 200 users and fifty workstations but also because of the rotational nature of their shifts many are working when our helpdesk is closed.

 Roaming windows profiles are not an option.

 The ideal solution that I see is to give these users access only to OWA. However, because they deal with information of an extremely sensitive nature, management does not want to allow 95% of these users to access OWA from anywhere outside of our  network. Our OWA is currently published to the outside world through and ISA 2004 server. So my question is this, given that OWA is published through ISA is there a way to use the users tab of the OWA publishing rule to block the users that do not need external access while still allowing all other users through?

 Our ISA server is not a member server of our Active Directory environment and contains two NICs, on one connected to our internal network and the other connected to our DMZ.

Thanks,
MD
0
Comment
Question by:danielsm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 26

Expert Comment

by:Vahik
ID: 17916947
i am sure u folks use SSL for ur OWA access....
for those users that u do not wish to access OWA from outside....do not issue certificates....
0
 

Author Comment

by:danielsm
ID: 17917373
Vahik,

 We are using SSL but we only have a single server side SSL certificate. We are not using certificates on the client side.

MD
0
 
LVL 26

Expert Comment

by:Vahik
ID: 17918001
Ok so u dont require client side certificate....no problem... now lets try another suggestion...

I am not a firewall expert but for instance in pix u can deny entry or outside access for certain GROUPS and for specific protocols....i am not an ISA expert and hopefully someone could tell u with certainty wherher this will be possible with ISA.....or u could try ur REAL firewall and see if it is capable of blocking certain groups for specific protocol
0
 

Author Comment

by:danielsm
ID: 17948327
Apparently with ISA it is possible. Where I have been going wrong with my tests is our ISA box is not a member of our AD domain (as it should not have been). Limiting access to certain users requires the box to be a member server in order to add AD accounts to the access rules.

This may be the route we pursue - its not such a big deal that the ISA box is a member server as its not our perimeter firewall but everything has been put on hold for the time being - management has decided to go ahead with the deployment and configuration (and reconfiguration, and reconfiguration, and reconfiguration...) of Outlook on those workstations.

MD
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18176982
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question