[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 400
  • Last Modified:

How to block Outlook Anywhere but still allow Outlook Web Access?

We use Exchange 2003/Windows 2003 in a front-end/back-end configuration. We have users who have their Outlook client configured to use "Outlook Anywhere", which is RPC over SSL. This enables them to get their corporate email without needing a VPN connection when working remotely. We also have some users that use "Outlook Web Access", which allows them to get their corporate email in a web browser, also using SSL. We now want to stop users from using Outlook Anywhere but still allow them to use Outlook Web Access. We do not use client certificates.

Is this possible to accomplish? If so, how?
0
robw24
Asked:
robw24
  • 4
  • 3
1 Solution
 
Alan HardistyCommented:
The simplest way is to restrict access in IIS to the RPC virtual directory by IP address and only allow access from the Server's internal IP address.
0
 
robw24Author Commented:
I'm confused a little with your answer because we have the front-end and back-end servers, and I don't know which ones you refer to.
0
 
Alan HardistyCommented:
Change the Front-End server settings and set it to only allow access from itself (by IP).
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
robw24Author Commented:
Thanks, that makes sense. May I ask though, why not just disable RPC altogether on the front-end server?
0
 
Alan HardistyCommented:
There are many ways to skin a cat!

That would be another option - more difficult and less easily reversed, but doable.
0
 
robw24Author Commented:
I assume not, but this should not affect smart phones from using active-sync against the front-end server, correct?
0
 
Alan HardistyCommented:
Correct.  Different methods of communication, so shouldn't be an issue.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now