Solved

How to block Outlook Anywhere but still allow Outlook Web Access?

Posted on 2012-03-09
7
391 Views
Last Modified: 2012-04-24
We use Exchange 2003/Windows 2003 in a front-end/back-end configuration. We have users who have their Outlook client configured to use "Outlook Anywhere", which is RPC over SSL. This enables them to get their corporate email without needing a VPN connection when working remotely. We also have some users that use "Outlook Web Access", which allows them to get their corporate email in a web browser, also using SSL. We now want to stop users from using Outlook Anywhere but still allow them to use Outlook Web Access. We do not use client certificates.

Is this possible to accomplish? If so, how?
0
Comment
Question by:robw24
  • 4
  • 3
7 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37702622
The simplest way is to restrict access in IIS to the RPC virtual directory by IP address and only allow access from the Server's internal IP address.
0
 
LVL 1

Author Comment

by:robw24
ID: 37702656
I'm confused a little with your answer because we have the front-end and back-end servers, and I don't know which ones you refer to.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702667
Change the Front-End server settings and set it to only allow access from itself (by IP).
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 1

Author Comment

by:robw24
ID: 37702702
Thanks, that makes sense. May I ask though, why not just disable RPC altogether on the front-end server?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702902
There are many ways to skin a cat!

That would be another option - more difficult and less easily reversed, but doable.
0
 
LVL 1

Author Comment

by:robw24
ID: 37886446
I assume not, but this should not affect smart phones from using active-sync against the front-end server, correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37886722
Correct.  Different methods of communication, so shouldn't be an issue.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
how to add IIS SMTP to handle application/Scanner relays into office 365.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question