Exchange 2007 OWA external access restriction

We just installed Exchange 2007 and so far all works flawless. I have asked a few people so far and have not gotten a solid answer yet on OWA external access restriction so here goes:

Our company wants to allow OWA access internally and externally for salaried employees. We DO NOT want to allow EXTERNAL access for hourly employees, only internal.

I realize I can restrict OWA access for individuals through EMC, but from all of my test it will disable OWA in and out.....which is not what I want.

So, does anyone know of a way to allow certain employees to access OWA internally, but NOT externally?
EHRNOGAsked:
Who is Participating?
 
KOTiSCommented:
You can publish OWA through an ISA server and then disable access to ISA Server for those users. This is the only possible way i can think of...
0
 
EHRNOGAuthor Commented:
Thanks KOTiS, that is all I have come up with at the moment too. Unfortunately we do not have a ISA sever yet.

the seconday solution is to publish through Citrix and only allow certain individuals citrix access. (current setup).
0
 
KOTiSCommented:
Publishing OWA through Citrix is an expensive and complex solution, but if you already have Citrix installed then it's acceptable i suppose...

You can also make OWA available externally through VPN connected users only. Then you can give VPN Access only to the accounts you want... It's easy to setup a VPN connrection on any online PC and you don't need to install the ICA Client to use OWA
0
 
EHRNOGAuthor Commented:
I agree KOTiS. But we do currently run Citrix and do make it available that way. What we\I am trying to do is to not require someone to connect to Citrix just to check email.

You're right, VPN is a solution, but we try not to push anyone towards that (management decision). We only give VPN to certain individuals.

thanks for all of your input so far.
0
 
KOTiSCommented:
I have another idea... I believe you can configure the OWA Web site to require a client certificate. Then you can deploy certificates to all internal clients and allow only certain remote users to request a certificate. If a user has no Certificate then IIS won't allow access.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.