Prevent Users From Adding Exchaneg Account From Home PC's

Hello team,
   we have a policy of not allowing users to add emails on to their home PC.
But if any user is even a little computer literate i don't see anyway i can stop any user from adding exchange account on their Home PC's
Is there any way i can restrict any user not not add any additional machines that they already have within the network.

by the way half of our employees have to have company laptops to out on the road so can't restrict outlook anyware and autodiscover
Thanks
LVL 4
Costas GeorgiouNetwork AdministratorAsked:
Who is Participating?
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
The only way you could restrict this the way you want to is to implement certificate based authentication, and even that may not fully restrict someone with enough savvy about handling certificates. http://blogs.technet.com/b/exchange/archive/2012/11/28/configure-certificate-based-authentication-for-exchange-activesync.aspx has some information on how it works and some instructions for implementation. Essentially you would control access to Exchange by issuing Certificates to devices. Any device with an authorized certificate could authenticate against Exchange, but devices without could not. The tricky part is deploying certificates to people. Other than that, there isn't much you can do to limit access to users' personal computers without disabling autodiscover and outlook anywhere externally.
0
 
Scott ThomsonConnect With a Mentor Commented:
There are a few options depending on what you are willing to spend ^_^

You could always cut access to outlook externally and then run it through citrix so that users can still access via a web portal. then close the access off via a security group??

You could use VPN so only internal ip addresses get Outlook and therefore the users would need a GRAS/RSA token?

you could always kill outlook and use OWA?

let me know how far you are willing to go with this and i can suggest some more solutions and maybe specifics.. Are you willing to change much about your current setup?
How large is your company?
0
 
Costas GeorgiouNetwork AdministratorAuthor Commented:
Thanks for the information guys
So in short, as it is now..its not possible .

to get this done we have to look or another solution but the way its setup now...we can't restrict users?
0
 
Adam BrownSr Solutions ArchitectCommented:
Yeah, pretty much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.