No announcement yet.

OWA Restrictions

  • Filter
  • Time
  • Show
Clear All
new posts

  • OWA Restrictions

    Dear Friends,

    I have an Exchange Server 2007 in my environment. I have a certain query raised up and would like your help on how could i go about doing it or any knowledge base help .....

    The exchange is integrate with active directory and internal users are using Outlook, OWA Access from Internal as well as external.

    My query is that there are certain set/group (OU) of users whom i want to deny access to OWA from Internet (Public IP) but they can access OWA from internally and without hampering any other user access settings.

    Please let me know.


  • #2
    Re: OWA Restrictions

    AFAIK if you have ISA server then you can acheive this.
    Michigan dispensaries
    Last edited by Dks; 13th March 2011, 00:21.

    MCP E2K3 & MCITP E2K7
    MCITP Enterprise Win2k8


    • #3
      Re: OWA Restrictions

      Hey Dks,

      Could you please let me know, how can i achieve this in ISA 2006 SP1.



      • #4
        Re: OWA Restrictions

        Sorry and what about google ? ISA rules for access, authentication users ...
        Standard is users in ISA (authenticated users or other user group in AD)

        be sure, nobody know what you think, but we know what you do.


        • #5
          Re: OWA Restrictions

          I haven't tested this in lab but you might want to give a try this way..
          • Create separate virtual directories(owa-intern; owa-extern) for owa access for internal and external(if you have two CAS boxes, then you don't need to do this even)
          New-OWAVirtualDirectory -OwaVersion:Exchange2007 -Name "owa-extern" -WebSite "Default Web Site"
          New-OWAVirtualDirectory -OwaVersion:Exchange2007 -Name "owa-intern" -WebSite "Default Web Site"
          • By default both will have read security permissions for authenticated users.
          • Create a group named "blocked extern users" and add the user IDs for whom you want to block OWA from internet
          • Add "blocked extern users" security group to owa-extern virtual directory permissions list and deny read(or deny all) access
          • Now give owa-intern to all your internal users and owa-extern to all your external users.
          Let me know how it goes for you.

          Last edited by Sembee; 2nd November 2009, 11:16. Reason: Live link removed