?
Solved

Prevent Users From Adding Exchaneg Account From Home PC's

Posted on 2014-03-18
4
Medium Priority
?
177 Views
Last Modified: 2014-04-10
Hello team,
   we have a policy of not allowing users to add emails on to their home PC.
But if any user is even a little computer literate i don't see anyway i can stop any user from adding exchange account on their Home PC's
Is there any way i can restrict any user not not add any additional machines that they already have within the network.

by the way half of our employees have to have company laptops to out on the road so can't restrict outlook anyware and autodiscover
Thanks
0
Comment
Question by:Sabi Goraya
  • 2
4 Comments
 
LVL 43

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 39938611
The only way you could restrict this the way you want to is to implement certificate based authentication, and even that may not fully restrict someone with enough savvy about handling certificates. http://blogs.technet.com/b/exchange/archive/2012/11/28/configure-certificate-based-authentication-for-exchange-activesync.aspx has some information on how it works and some instructions for implementation. Essentially you would control access to Exchange by issuing Certificates to devices. Any device with an authorized certificate could authenticate against Exchange, but devices without could not. The tricky part is deploying certificates to people. Other than that, there isn't much you can do to limit access to users' personal computers without disabling autodiscover and outlook anywhere externally.
0
 
LVL 10

Assisted Solution

by:Scott Thomson
Scott Thomson earned 1000 total points
ID: 39938751
There are a few options depending on what you are willing to spend ^_^

You could always cut access to outlook externally and then run it through citrix so that users can still access via a web portal. then close the access off via a security group??

You could use VPN so only internal ip addresses get Outlook and therefore the users would need a GRAS/RSA token?

you could always kill outlook and use OWA?

let me know how far you are willing to go with this and i can suggest some more solutions and maybe specifics.. Are you willing to change much about your current setup?
How large is your company?
0
 
LVL 4

Author Comment

by:Sabi Goraya
ID: 39960494
Thanks for the information guys
So in short, as it is now..its not possible .

to get this done we have to look or another solution but the way its setup now...we can't restrict users?
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 39960504
Yeah, pretty much.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month17 days, 3 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question