Solved

password access from Outlook to Exchange for just two users

Posted on 2014-12-05
7
86 Views
Last Modified: 2014-12-08
At a certain small office most users don't have to enter passwords to access exchange from their outlook. Its controlled by their windows login. But two of the users wish to have to enter a different password in order to access exchange. The rest are happy with the way it is. How do I do that? Exchange Server 2010.
0
Comment
Question by:Peter Heinicke
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Outlook can only use the AD domain for authentication.
Therefore the only way you can do it is to have two accounts - one for Windows login and one for email. The Windows login would not have any permissions on the email account, so they have to login to it.

Simon.
0
 
LVL 4

Expert Comment

by:SEHC
Comment Utility
HI

if you are using outlook anywhere you can set it to connect via slow and fast networks and that will ask for there login and passwords all the time.  

other then that Simon would be correct.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
It will only prompt for a password if you use basic authentication. If you use integrated authentication then it will not.
Furthermore, Autodiscover will remove the entry to use Outlook Anywhere on fast connections.

Simon.
0
Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 24

Expert Comment

by:VB ITS
Comment Utility
You can create a separate mailbox with a different password, and then create a new Outlook profile for this new mailbox on the two users' machines. As their account won't have access to these new mailboxes by default they'll be prompted for credentials when they open Outlook.

You can then look at importing their emails and email addresses to this separate mailbox.
0
 

Author Comment

by:Peter Heinicke
Comment Utility
Here's what I did which was not that great. I checked the "Always prompt for Login Credentials" in the outlook security tab for the account. Then, I had to change the username to the windows username domain\user in order to connect from outlook. This still lets me see the already received mail if I can't connect so it isn't that great, but the users can't then get any more email that hasn't been received yet.

VB ITS: Which group in EMC do I add the email account to which is not connected to an AD user? I have Windows Server 2011 SBS.
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
Comment Utility
Create a new dummy account and attach it to that. What I tend to do is create the account in a separate OU (as this will let you use the same display name) but use a different username and mailbox alias.

Consider the following:
The user account for John Doe is in located in domain.com\Company\Users in Active Directory Users and Computers
The username for John Doe is john
The mailbox alias for John Doe is john

I would then create a dummy account for John Doe using the below details:
Create a new account for John Doe in domain.com\Company\Mailboxes in Active Directory Users and Computers (create the Mailboxes Organizational Unit if it doesn't exist)
Assign a new account with the username john.doe (as usernames are unique) for both the user logon name and pre-Windows 2000 user logon name
Assign this account the mailbox alias of john.doe

Set up a new Outlook profile to connect to the new john.doe dummy mailbox and configure Outlook to prompt for which profile to use. As the john account won't have access to the john.doe mailbox, the user will be prompted for the username and password for the john.doe account.

If this works, you will then need to export the contents of the john mailbox then import them into the john.doe mailbox as well as the email addresses.
You'll also need to configure Outlook to always launch the profile for john.doe going forward.

Bit of a pain setting it up but it'll do what you want.

May I ask what is pre-empting this request? Do these two users have concerns regarding security of some sort? Just wondering why the strange request.
0
 

Author Comment

by:Peter Heinicke
Comment Utility
Yes, it is sort of an internal politics sort of thing. As long as the users are part of the organization, management wants to give them some privacy or at least a feeling of privacy. If they leave, management wants to be able to read their emails.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now