Exchange 2007 OWA external access restriction

Posted on 2009-04-23
Last Modified: 2012-05-06
We just installed Exchange 2007 and so far all works flawless. I have asked a few people so far and have not gotten a solid answer yet on OWA external access restriction so here goes:

Our company wants to allow OWA access internally and externally for salaried employees. We DO NOT want to allow EXTERNAL access for hourly employees, only internal.

I realize I can restrict OWA access for individuals through EMC, but from all of my test it will disable OWA in and out.....which is not what I want.

So, does anyone know of a way to allow certain employees to access OWA internally, but NOT externally?
Question by:EHRNOG
    LVL 6

    Accepted Solution

    You can publish OWA through an ISA server and then disable access to ISA Server for those users. This is the only possible way i can think of...

    Author Comment

    Thanks KOTiS, that is all I have come up with at the moment too. Unfortunately we do not have a ISA sever yet.

    the seconday solution is to publish through Citrix and only allow certain individuals citrix access. (current setup).
    LVL 6

    Expert Comment

    Publishing OWA through Citrix is an expensive and complex solution, but if you already have Citrix installed then it's acceptable i suppose...

    You can also make OWA available externally through VPN connected users only. Then you can give VPN Access only to the accounts you want... It's easy to setup a VPN connrection on any online PC and you don't need to install the ICA Client to use OWA

    Author Comment

    I agree KOTiS. But we do currently run Citrix and do make it available that way. What we\I am trying to do is to not require someone to connect to Citrix just to check email.

    You're right, VPN is a solution, but we try not to push anyone towards that (management decision). We only give VPN to certain individuals.

    thanks for all of your input so far.
    LVL 6

    Expert Comment

    I have another idea... I believe you can configure the OWA Web site to require a client certificate. Then you can deploy certificates to all internal clients and allow only certain remote users to request a certificate. If a user has no Certificate then IIS won't allow access.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Learn more about how the humble email signature can be used as more than just an electronic business card. When used correctly, a signature can easily be tailored for different purposes by different departments within an organization.
    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
    This video discusses moving either the default database or any database to a new volume.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now