?
Solved

How to block Outlook Anywhere but still allow Outlook Web Access?

Posted on 2012-03-09
7
Medium Priority
?
397 Views
Last Modified: 2012-04-24
We use Exchange 2003/Windows 2003 in a front-end/back-end configuration. We have users who have their Outlook client configured to use "Outlook Anywhere", which is RPC over SSL. This enables them to get their corporate email without needing a VPN connection when working remotely. We also have some users that use "Outlook Web Access", which allows them to get their corporate email in a web browser, also using SSL. We now want to stop users from using Outlook Anywhere but still allow them to use Outlook Web Access. We do not use client certificates.

Is this possible to accomplish? If so, how?
0
Comment
Question by:robw24
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 37702622
The simplest way is to restrict access in IIS to the RPC virtual directory by IP address and only allow access from the Server's internal IP address.
0
 
LVL 1

Author Comment

by:robw24
ID: 37702656
I'm confused a little with your answer because we have the front-end and back-end servers, and I don't know which ones you refer to.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702667
Change the Front-End server settings and set it to only allow access from itself (by IP).
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:robw24
ID: 37702702
Thanks, that makes sense. May I ask though, why not just disable RPC altogether on the front-end server?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37702902
There are many ways to skin a cat!

That would be another option - more difficult and less easily reversed, but doable.
0
 
LVL 1

Author Comment

by:robw24
ID: 37886446
I assume not, but this should not affect smart phones from using active-sync against the front-end server, correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37886722
Correct.  Different methods of communication, so shouldn't be an issue.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses
Course of the Month12 days, 11 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question