|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
OWA blocked by logon restrictionI have a user that when we configure it in ADUC to have logon restrictions
to only a certain computer he can no longer open OWA from anywhere else EXCEPT that station. Exchange 2007 SP1 in Win2003 SP2 any ideas? On Wed, 24 Jun 2009 17:34:38 -0300, "Guillermo G. Lovato"
<glov***@mast.com.ar> wrote: >I have a user that when we configure it in ADUC to have logon restrictions Wasnt that expected?>to only a certain computer he can no longer open OWA from anywhere else >EXCEPT that station. > >Exchange 2007 SP1 in Win2003 SP2 > >any ideas? > all the contrary, is totally unexpected as it doesn't counts as a regular
login. what i want is that user to only be able to work on it's specified workstation, but to be able to open OWA from anywhere(even when he's home) as that doesn't entails a computer-level domain login. Whats more, when the user is logged on that station, then he can open OWA from anywhere else, the moment you logoff, it goes back to the anomalous behaviour Show quoteHide quote "Andy David {MVP}" <ada***@pleasekeepinngcheesebucket.com> wrote in message news:5q4545ha59hjdejihpo2nuv561gn9s4g8p@4ax.com... > On Wed, 24 Jun 2009 17:34:38 -0300, "Guillermo G. Lovato" > <glov***@mast.com.ar> wrote: > >>I have a user that when we configure it in ADUC to have logon restrictions >>to only a certain computer he can no longer open OWA from anywhere else >>EXCEPT that station. >> >>Exchange 2007 SP1 in Win2003 SP2 >> >>any ideas? >> > > > Wasnt that expected? > This is a bit of a long shot. But when someone logs into the domain, they
become a member of the built-in security group Authenticated Users. Now, imagine that you have Forms-Based Authentication enabled, but the logon.asp page on the server has its access restricted to Authenticated Users (instead of, say, Domain Users, or Everyone); then, they would never be able to log onto OWA without logging in, first. And, if you restricted their logon to one computer, they would only ever be able to access it from there. Of course, if only one user is affected... Maybe all the other users are in another group that has access to the logon page, and this user isn't? It would help to see the iis log file entries generated when they try to use OWA. Lee. -- Show quoteHide quote_______________________________________ Outlook Web Access for PDA, OWA For WAP: www.leederbyshire.com ________________________________________ "Guillermo G. Lovato" <glov***@mast.com.ar> wrote in message news:u6%23ySmm9JHA.4176@TK2MSFTNGP02.phx.gbl... > all the contrary, is totally unexpected as it doesn't counts as a regular > login. > what i want is that user to only be able to work on it's specified > workstation, but to be able to open OWA from anywhere(even when he's home) > as that doesn't entails a computer-level domain login. > > Whats more, when the user is logged on that station, then he can open OWA > from anywhere else, the moment you logoff, it goes back to the anomalous > behaviour > > "Andy David {MVP}" <ada***@pleasekeepinngcheesebucket.com> wrote in > message news:5q4545ha59hjdejihpo2nuv561gn9s4g8p@4ax.com... >> On Wed, 24 Jun 2009 17:34:38 -0300, "Guillermo G. Lovato" >> <glov***@mast.com.ar> wrote: >> >>>I have a user that when we configure it in ADUC to have logon >>>restrictions >>>to only a certain computer he can no longer open OWA from anywhere else >>>EXCEPT that station. >>> >>>Exchange 2007 SP1 in Win2003 SP2 >>> >>>any ideas? >>> >> >> >> Wasnt that expected? >> > > It's the only user with logon restrictions, if i configure any other user,
the same happens i've managed to duplicate this in my lab with E2003 Show quoteHide quote "Lee Derbyshire [MVP]" <email a@t leederbyshire d.0.t c.0.m> wrote in message news:uemr6939JHA.1492@TK2MSFTNGP03.phx.gbl... > This is a bit of a long shot. But when someone logs into the domain, they > become a member of the built-in security group Authenticated Users. Now, > imagine that you have Forms-Based Authentication enabled, but the > logon.asp page on the server has its access restricted to Authenticated > Users (instead of, say, Domain Users, or Everyone); then, they would never > be able to log onto OWA without logging in, first. And, if you restricted > their logon to one computer, they would only ever be able to access it > from there. Of course, if only one user is affected... Maybe all the > other users are in another group that has access to the logon page, and > this user isn't? > > It would help to see the iis log file entries generated when they try to > use OWA. > > Lee. > > -- > _______________________________________ > > Outlook Web Access for PDA, OWA For WAP: > www.leederbyshire.com > ________________________________________ > > "Guillermo G. Lovato" <glov***@mast.com.ar> wrote in message > news:u6%23ySmm9JHA.4176@TK2MSFTNGP02.phx.gbl... >> all the contrary, is totally unexpected as it doesn't counts as a regular >> login. >> what i want is that user to only be able to work on it's specified >> workstation, but to be able to open OWA from anywhere(even when he's >> home) as that doesn't entails a computer-level domain login. >> >> Whats more, when the user is logged on that station, then he can open OWA >> from anywhere else, the moment you logoff, it goes back to the anomalous >> behaviour >> >> "Andy David {MVP}" <ada***@pleasekeepinngcheesebucket.com> wrote in >> message news:5q4545ha59hjdejihpo2nuv561gn9s4g8p@4ax.com... >>> On Wed, 24 Jun 2009 17:34:38 -0300, "Guillermo G. Lovato" >>> <glov***@mast.com.ar> wrote: >>> >>>>I have a user that when we configure it in ADUC to have logon >>>>restrictions >>>>to only a certain computer he can no longer open OWA from anywhere else >>>>EXCEPT that station. >>>> >>>>Exchange 2007 SP1 in Win2003 SP2 >>>> >>>>any ideas? >>>> >>> >>> >>> Wasnt that expected? >>> >> >> > > Can you find the IIS log file entries that are generated when they fail to
gain access to OWA? Show quoteHide quote "Guillermo G. Lovato" <glov***@mast.com.ar> wrote in message news:OaY%23Flk%23JHA.4432@TK2MSFTNGP05.phx.gbl... > It's the only user with logon restrictions, if i configure any other user, > the same happens > i've managed to duplicate this in my lab with E2003 > > "Lee Derbyshire [MVP]" <email a@t leederbyshire d.0.t c.0.m> wrote in > message news:uemr6939JHA.1492@TK2MSFTNGP03.phx.gbl... >> This is a bit of a long shot. But when someone logs into the domain, >> they become a member of the built-in security group Authenticated Users. >> Now, imagine that you have Forms-Based Authentication enabled, but the >> logon.asp page on the server has its access restricted to Authenticated >> Users (instead of, say, Domain Users, or Everyone); then, they would >> never be able to log onto OWA without logging in, first. And, if you >> restricted their logon to one computer, they would only ever be able to >> access it from there. Of course, if only one user is affected... Maybe >> all the other users are in another group that has access to the logon >> page, and this user isn't? >> >> It would help to see the iis log file entries generated when they try to >> use OWA. >> >> Lee. >> >> -- >> _______________________________________ >> >> Outlook Web Access for PDA, OWA For WAP: >> www.leederbyshire.com >> ________________________________________ >> >> "Guillermo G. Lovato" <glov***@mast.com.ar> wrote in message >> news:u6%23ySmm9JHA.4176@TK2MSFTNGP02.phx.gbl... >>> all the contrary, is totally unexpected as it doesn't counts as a >>> regular login. >>> what i want is that user to only be able to work on it's specified >>> workstation, but to be able to open OWA from anywhere(even when he's >>> home) as that doesn't entails a computer-level domain login. >>> >>> Whats more, when the user is logged on that station, then he can open >>> OWA from anywhere else, the moment you logoff, it goes back to the >>> anomalous behaviour >>> >>> "Andy David {MVP}" <ada***@pleasekeepinngcheesebucket.com> wrote in >>> message news:5q4545ha59hjdejihpo2nuv561gn9s4g8p@4ax.com... >>>> On Wed, 24 Jun 2009 17:34:38 -0300, "Guillermo G. Lovato" >>>> <glov***@mast.com.ar> wrote: >>>> >>>>>I have a user that when we configure it in ADUC to have logon >>>>>restrictions >>>>>to only a certain computer he can no longer open OWA from anywhere else >>>>>EXCEPT that station. >>>>> >>>>>Exchange 2007 SP1 in Win2003 SP2 >>>>> >>>>>any ideas? >>>>> >>>> >>>> >>>> Wasnt that expected? >>>> >>> >>> >> >> > > 
Other interesting topics
Unable to bind to the destination server in DNS status
Exchange 2000-2003 upgrade and rebuild server proper way to remove an ex2k3 server Exchange not sending or receiving emails Exchange/outlook on two computers Distribution Group & Mailboxes Company WEBSITE will not load on my computer reliably Outlook Junk-Email folder Exchange 2003 - making space RE: All services disabled Exchange 2007 |
|||||||||||||||||||||||
