If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.
Block External Outlook Web Access only for few users
Hi,
We are using 4 Exchange 2010 Multi Role Servers with F5 Load balancer for OWA access from outside.
Right now OWA is accessible from Inside and outside environment for all users.
As per our client he have a requirement to "Disable the External OWA access for only few users and only during weekends" . There should be no impact to Internal OWA access for these users.
Let me explain the condition once again
1) Disable External OWA access
2) Only for few users
3) Only During Weekend and
4) No impact to Internal OWA access for these users
Is there any way to do it using Exchange 2010 or F5 or TMG and how feasible is that to deploy?
Thanks in advance for your help.
We are using 4 Exchange 2010 Multi Role Servers with F5 Load balancer for OWA access from outside.
Right now OWA is accessible from Inside and outside environment for all users.
As per our client he have a requirement to "Disable the External OWA access for only few users and only during weekends" . There should be no impact to Internal OWA access for these users.
Let me explain the condition once again
1) Disable External OWA access
2) Only for few users
3) Only During Weekend and
4) No impact to Internal OWA access for these users
Is there any way to do it using Exchange 2010 or F5 or TMG and how feasible is that to deploy?
Thanks in advance for your help.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
I am not sure if there is a setting, but you can script it with PowerShell and schedule the script to run at the time you want. I do not think you can control from exchange to allow internal, but not external. It is on or off for this feature.
I would create a group in AD and add the users you need to restrict.
From there combined both AD Powershell and Exchange PowerShell.
You will need two scripts one to disable for the weekend the other to enable.
I tested this and it worked, but it did force me to re-authenticate to my Outlook App. I am not using the native Mail App.
This should be run from your CAS Server.
Disabled:
Enabled:
Once created open Task Scheduler and create two task to run at the time you wish to disable and enable. Remember that you need to use powershell.exe with the argument <Script file Path>
I would create a group in AD and add the users you need to restrict.
From there combined both AD Powershell and Exchange PowerShell.
You will need two scripts one to disable for the weekend the other to enable.
I tested this and it worked, but it did force me to re-authenticate to my Outlook App. I am not using the native Mail App.
This should be run from your CAS Server.
Disabled:
Import-module ActiveDirectory
Get-PSSnapin -Registered | Add-PSSnapin
Get-ADGroupMember -Identity <GroupName> | %{Set-CASMailbox -Identity $_.sAMAccountName -ActiveSyncEnabled $False}
Enabled:
Import-module ActiveDirectory
Get-PSSnapin -Registered | Add-PSSnapin
Get-ADGroupMember -Identity <GroupName> | %{Set-CASMailbox -Identity $_.sAMAccountName -ActiveSyncEnabled $True}
Once created open Task Scheduler and create two task to run at the time you wish to disable and enable. Remember that you need to use powershell.exe with the argument <Script file Path>
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Thanks MAS and yo_bee for your prompt response.
I am really not good with changing the .aspx code as per my requirement.
And yes, as per my understanding yo_bee from Exchange its either ON or OFF .
I have TMG and F5 in my environment so, if not from Exchange is there any other way to do from F5 Loadbalancer or TMG?
I am really not good with changing the .aspx code as per my requirement.
And yes, as per my understanding yo_bee from Exchange its either ON or OFF .
I have TMG and F5 in my environment so, if not from Exchange is there any other way to do from F5 Loadbalancer or TMG?
even in TMG you won't be able to do such things. as OWA publishing rule does not work properly on AD group wise. I tried to configure it many times but does not work but when we add All users then it works. by default Exchange has feature to enable/disable OWA from internal and External. No way to block on from external. May be there are third paty applications those are actually support such features.. but no awareness as of now.
From what others are posting it looks like all or nothing.
Just out of curiosity why do u need to restrict external access, but still allow them to access internally?
I would figure that if you are restricting access over the weekend for this set group of users there would be no need for them to be in the office and have access?
Just out of curiosity why do u need to restrict external access, but still allow them to access internally?
I would figure that if you are restricting access over the weekend for this set group of users there would be no need for them to be in the office and have access?
Hi yo_bee, honestly speaking this question did not come to my mind that time. But I have shared the alternate solutions suggested by you and MAS.
Thank you for your help..
Thank you for your help..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2013 Par… 139 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - PowerPoint 2010… 139 lessons
-
IT AdministrationCertification: ISCAP Information Systems Certification and Accreditati… 16 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Word 2013 Part … 213 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
Please check this as a work around http://blog.leederbyshire.com/2013/03/13/block-or-allow-selected-users-depending-on-location-and-ad-group-membership-in-microsoft-exchange-2010-outlook-web-app/