OWA only account with No Sign-On Rights

Posted on 2009-04-30
Last Modified: 2012-05-06
We have a generic email account that multiple users check using OWA.

We want users to sign onto the domain using their regular credentials, but sign into OWA using our generic account.

We dont want that generic account to be able to sign onto the domain computers. Local logon is restricted, users can only sign onto a workstation via the domain.

Any suggestions?
Question by:josephfreer
    LVL 57

    Expert Comment

    by:Mike Kline
    You can set "deny log on locally" at the domain level for that account
    You may have already done that when you said "local logon is restricted"
    LVL 1

    Author Comment

    We arent worried about local logon - only admins can do that. Everyone else authenticates to the domain.

    Right now this is a "generic" AD domain account and users can sign onto the domain using the generic account.

    We want this as an email only account via OWA with no sign on rights to the domain computers.
    LVL 65

    Accepted Solution

    Change the setting for "log on to" to only the Exchange server, nothing else.
    As long as the account is not an administrator they will be unable to login to the server, but will only be able to use OWA.

    LVL 57

    Expert Comment

    by:Mike Kline
    That way is better, I was over thinking it.  Thanks simon

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
    Easy CSR creation in Exchange 2007,2010 and 2013
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now