Link to home
Create AccountLog in
Avatar of parv kumar
parv kumar

asked on

Block External Outlook Web Access only for few users


We are using 4 Exchange 2010 Multi Role Servers with F5 Load balancer for OWA access from outside.
Right now OWA is accessible from Inside and outside environment for all users.
As per our client he have a requirement to "Disable the External OWA access for only few users and only during weekends" . There should be no impact to Internal OWA access for these users.
Let me explain the condition once again
1) Disable External OWA access
2) Only for few users
3) Only During Weekend and
4) No impact to Internal OWA access for these users

Is there any way to do it using Exchange 2010 or F5 or TMG and how feasible is that to deploy?

Thanks in advance for your help.
Avatar of M A
Flag of United States of America image

There is no easy or built-in way to block OWA external access only for few users.
Please check this as a work around
Avatar of yo_bee
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of parv kumar
parv kumar


Thanks MAS and yo_bee for your prompt response.

I am really not good with changing the .aspx code as per my requirement.
And yes, as per my understanding yo_bee from Exchange its either ON or OFF .
I have TMG and F5 in my environment so, if not from Exchange is there any other way to do from F5 Loadbalancer or TMG?
I have never used TMG or F5 so there is not much I can say on them.

Even F5 doesn't have such feature.  I am not sure about TMG.
even in TMG you won't be able to do such things. as OWA publishing rule does not work properly on AD group wise. I tried to configure it many times but does not work but when we add All users then it works. by default Exchange has feature to enable/disable OWA from internal and External. No way to block on from external. May be there are third paty applications those are actually support such features.. but no awareness as of now.
From what others are posting it looks like  all or nothing.

Just out of curiosity why do u need to restrict external access, but still allow them to access internally?

I would figure that if you are restricting access over the weekend for this set group of users there would be no need for them to be in the office and have access?
yo_bee, I am also curious . But that's the client,'s requirement.
Have you inquired or just said let me see?
Hi yo_bee, honestly speaking this question did not come to my mind that time. But I have shared the alternate solutions suggested by you and MAS.
Thank you for your help..
You will still need to script the adding remove of the group membership for scheduling.
Yes, I would. Thanks  a lot for your help yo_bee