We help IT Professionals succeed at work.

How to block Outlook Anywhere but still allow Outlook Web Access?

robw24
robw24 asked
on
We use Exchange 2003/Windows 2003 in a front-end/back-end configuration. We have users who have their Outlook client configured to use "Outlook Anywhere", which is RPC over SSL. This enables them to get their corporate email without needing a VPN connection when working remotely. We also have some users that use "Outlook Web Access", which allows them to get their corporate email in a web browser, also using SSL. We now want to stop users from using Outlook Anywhere but still allow them to use Outlook Web Access. We do not use client certificates.

Is this possible to accomplish? If so, how?
Comment
Watch Question

Co-Owner
CERTIFIED EXPERT
Top Expert 2011
Commented:
The simplest way is to restrict access in IIS to the RPC virtual directory by IP address and only allow access from the Server's internal IP address.

Author

Commented:
I'm confused a little with your answer because we have the front-end and back-end servers, and I don't know which ones you refer to.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Change the Front-End server settings and set it to only allow access from itself (by IP).

Author

Commented:
Thanks, that makes sense. May I ask though, why not just disable RPC altogether on the front-end server?
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
There are many ways to skin a cat!

That would be another option - more difficult and less easily reversed, but doable.

Author

Commented:
I assume not, but this should not affect smart phones from using active-sync against the front-end server, correct?
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Correct.  Different methods of communication, so shouldn't be an issue.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.