Solved

How to block Outlook Anywhere but still allow Outlook Web Access?

Posted on 2012-03-09
7
392 Views
Last Modified: 2012-04-24
We use Exchange 2003/Windows 2003 in a front-end/back-end configuration. We have users who have their Outlook client configured to use "Outlook Anywhere", which is RPC over SSL. This enables them to get their corporate email without needing a VPN connection when working remotely. We also have some users that use "Outlook Web Access", which allows them to get their corporate email in a web browser, also using SSL. We now want to stop users from using Outlook Anywhere but still allow them to use Outlook Web Access. We do not use client certificates.

Is this possible to accomplish? If so, how?
0
Comment
Question by:robw24
  • 4
  • 3
7 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37702622
The simplest way is to restrict access in IIS to the RPC virtual directory by IP address and only allow access from the Server's internal IP address.
0
 
LVL 1

Author Comment

by:robw24
ID: 37702656
I'm confused a little with your answer because we have the front-end and back-end servers, and I don't know which ones you refer to.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702667
Change the Front-End server settings and set it to only allow access from itself (by IP).
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:robw24
ID: 37702702
Thanks, that makes sense. May I ask though, why not just disable RPC altogether on the front-end server?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702902
There are many ways to skin a cat!

That would be another option - more difficult and less easily reversed, but doable.
0
 
LVL 1

Author Comment

by:robw24
ID: 37886446
I assume not, but this should not affect smart phones from using active-sync against the front-end server, correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37886722
Correct.  Different methods of communication, so shouldn't be an issue.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question