Solved

How to block Outlook Anywhere but still allow Outlook Web Access?

Posted on 2012-03-09
7
386 Views
Last Modified: 2012-04-24
We use Exchange 2003/Windows 2003 in a front-end/back-end configuration. We have users who have their Outlook client configured to use "Outlook Anywhere", which is RPC over SSL. This enables them to get their corporate email without needing a VPN connection when working remotely. We also have some users that use "Outlook Web Access", which allows them to get their corporate email in a web browser, also using SSL. We now want to stop users from using Outlook Anywhere but still allow them to use Outlook Web Access. We do not use client certificates.

Is this possible to accomplish? If so, how?
0
Comment
Question by:robw24
  • 4
  • 3
7 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37702622
The simplest way is to restrict access in IIS to the RPC virtual directory by IP address and only allow access from the Server's internal IP address.
0
 
LVL 1

Author Comment

by:robw24
ID: 37702656
I'm confused a little with your answer because we have the front-end and back-end servers, and I don't know which ones you refer to.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702667
Change the Front-End server settings and set it to only allow access from itself (by IP).
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:robw24
ID: 37702702
Thanks, that makes sense. May I ask though, why not just disable RPC altogether on the front-end server?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702902
There are many ways to skin a cat!

That would be another option - more difficult and less easily reversed, but doable.
0
 
LVL 1

Author Comment

by:robw24
ID: 37886446
I assume not, but this should not affect smart phones from using active-sync against the front-end server, correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37886722
Correct.  Different methods of communication, so shouldn't be an issue.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
If you don't know how to downgrade, my instructions below should be helpful.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now