Limiting OWA use over the internet

Limiting OWA use over the internet

Post by Rob » Tue, 22 Jun 2004 22:52:08

We need to limit the prople who have access from the
outside via a front-end back end OWA server setup, but we
also need to have users internally access web based email
(gives us flexibility for users to acces their email from
any PC). I know you can enable or disable the protocol
http for the user per server, but is thre any way to
grant one group of users that are availaible from the
outside while maintinaing the usability of inside http
without building another server and moving the users to

Limiting OWA use over the internet

Post by Megan Kiel » Tue, 22 Jun 2004 23:43:04

On the Front-end server, go to the "Exchange" Virtual directory. From the
Directory Security tab, click Edit under "IP address and domain name
restrictions" and enter the IP ranges that need to be granted/denied.


Limiting OWA use over the internet

Post by anonymou » Wed, 23 Jun 2004 02:47:32

Thats a good suggestion, however I would have to know all
if the different IP's that the user would attempt to
connect from on the internet. We were trying to give the
uer the flexibility to log in anywhere over the internet,
so we would not be able to do it with IP (we could
certainly add users with static IP's at their ISP), but
then if they traveled and had access to the internet at a
genric location that would present a problem. We want it
to be based on user ID if at all possible. We also are
using Cisco ACS server for some other internal
applications, have you heard of any ways to incorporate
authentication against that?

directory. From the
domain name


Limiting OWA use over the internet

Post by Megan Kiel » Wed, 23 Jun 2004 23:36:58

I had a conversation with a Microsoft Support Personell and this is the
method that they suggested to me. If there is another way I would be
interested as well.

Limiting OWA use over the internet

Post by AJ » Sat, 26 Jun 2004 06:52:52

and this is the
I would be



When you create a new user in AD and you give him/her an
email address the server (if configured to do so) will
give the user 1 2 or even 3 email addreses. One of those
email addresses is the Internal XXXX@XXXXX.COM

For example I work for a company named abccompany our
public domain name is however in AC my domain

When you create a new user Exchange gives the new user
XXXX@XXXXX.COM and XXXX@XXXXX.COM just wipe out the
internal email address for thos you don't want to have
access to OWA.

Hope this helps.