[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How to block Outlook Anywhere but still allow Outlook Web Access?

Posted on 2012-03-09
7
Medium Priority
?
398 Views
Last Modified: 2012-04-24
We use Exchange 2003/Windows 2003 in a front-end/back-end configuration. We have users who have their Outlook client configured to use "Outlook Anywhere", which is RPC over SSL. This enables them to get their corporate email without needing a VPN connection when working remotely. We also have some users that use "Outlook Web Access", which allows them to get their corporate email in a web browser, also using SSL. We now want to stop users from using Outlook Anywhere but still allow them to use Outlook Web Access. We do not use client certificates.

Is this possible to accomplish? If so, how?
0
Comment
Question by:robw24
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 37702622
The simplest way is to restrict access in IIS to the RPC virtual directory by IP address and only allow access from the Server's internal IP address.
0
 
LVL 1

Author Comment

by:robw24
ID: 37702656
I'm confused a little with your answer because we have the front-end and back-end servers, and I don't know which ones you refer to.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702667
Change the Front-End server settings and set it to only allow access from itself (by IP).
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 1

Author Comment

by:robw24
ID: 37702702
Thanks, that makes sense. May I ask though, why not just disable RPC altogether on the front-end server?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702902
There are many ways to skin a cat!

That would be another option - more difficult and less easily reversed, but doable.
0
 
LVL 1

Author Comment

by:robw24
ID: 37886446
I assume not, but this should not affect smart phones from using active-sync against the front-end server, correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37886722
Correct.  Different methods of communication, so shouldn't be an issue.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question