How do I allow anonymous access to one public folder without compromising the security of the rest of them?

philodendrin
philodendrin used Ask the Experts™
on
I want to be able to share a public folder on  Exchange on the Web without being prompted for a log-in. Specifically, this is a public folder calendar.

If I set the permissions in Outlook 2003 on the calendar itself to Anonymous = owner ...that, in itself didn't do it. I had to get into inetmgr (IIS) and browse to "public" under default Web Site, go to properties of "public" and then under directory security - "authentication and access control" - ck. the "enable anonymous access" ck. box.

Problem is... now all the public folders are available anonymously. I only want the calendar able to be accessed without logging-in. I've seen this done on other Exchange servers... so, I know it can be done. Just don't know how to set it up that way.

We're using Exchange 2003 Std. on SBS 03 Standard.

We're accessing the calendar directly via a URL like http://servername/public/public_cal 

If I lop off the "public_cal" part... all the folders are visible... which is not what I want.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Expert of the Year 2007
Expert of the Year 2006

Commented:
You need to change the default permission on all the folders to none.
And then ensure that no other permissions are allowing access.

Simon.

Author

Commented:
Okay... I've done that and also removed "require SSL" from the Exadmin and Public virtual directories.

So... now I can get to the page, but it just says "updating view" continuously, with a spinning hour glass and never actually shows the calendar content. Same thing happens if I go to http://servername/public

Shouldn't I be prompted for password if I go to http://servername/public



Expert of the Year 2007
Expert of the Year 2006

Commented:
I have never granted anonymous access to public folders so I wouldn't know what behaviour to expect. If you have enabled anonymous access to the /public virtual directory then you will not get a username and password prompt.

Simon.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Okay... so, we're back to square one.

I had granted anonymous access to the /public Virtual Directory... this makes all public folders accessible anonymously. So, I've unchecked that option. It no longer has anonymous access...

My understanding is that I should be able to control Web access to individual public folders. This guy did it...

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21811263.html?sfQueryTermInfo=1+folder+public+publish+web

But, I don't know how he did it.

Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
Why do you want to allow anonymous access to an Exchange Public Folder?  Are you trying to publish a calendar?

I'd suggest instead that you publish your calendar to Office Online:
http://office.microsoft.com/en-us/outlook/HA100809831033.aspx?pid=CH100776881033

Or use Google Calendars:  http://calendar.google.com which you can publish to as well.

Jeff
TechSoEasy

Author

Commented:
Yes, we are trying to publish a calendar. The primary reason for this is that they want the public calendar to be easily accessible via cell phone browsers.

I've successfully tested this on a cell phone and it works, however, I'd like to only allow anonymous access to the calendar itself. If you look at the link I've provided, the user in that post did exactly what I'm looking to do, without allowing anonymous access to the rest of his public folders. I just want to do the same thing.

As for your other suggestions, they just don't fit the bill. But, I appreciate the options. Does the Office online thing work with Outlook 2003? Your link is for Outlook 2007.  
Principal Consultant
Most Valuable Expert 2016
Top Expert 2014
Commented:
Y'know... it really would have been better if your original question was...

"How do we publish a company-wide calendar to be easily accessible via cell phone browsers using anonymous access"

First, I still like using Google Calendars for this purpose.  So that'd be my first recommendation since they work very well via mobile devices.

However if you still want to accomplish what you linked above, it's fairly complicated, but there is a simple way....

Just create a public folder with Anonymous having READ permissions called calendar (for example).

Then, you need to enable anonymous access to the URL that access your public folders, ie, http://server.domain.com/public

Do this by opening IIS manager and expanding Web Sites > Default Web Site.  
Right click on Public and select Properties > Directory Security
Click the Edit... button for Authentication and access control and tick the Enable anonymous access box.
The User name and password should already be there (IUSR_SERVERNAME).

OK out of that and then you should be able to navigate to http://server.domain.com/public/calendar without authenticating.

You should be aware that now ALL public folders are accessible... so make sure that all other public folders do not have any permissions for anonymous, and uncheck the box to allow viewing folder.  That way, none of the other public folders can be seen should someone try to go to just http://server.domain.com/public/

I would think though, that this doesn't render very well in a mobile browser.

Jeff
TechSoEasy

Author

Commented:
Thanks, Jeff... that clarified things quite a bit and seems to work well enough in a mobile browser (on a Blackjack, anyway).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial