Re: Outlook Web Access through ISA on internal- - LAN

• From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 15 May 2002 09:35:17 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 08:12 AM 5/15/2002, you wrote:
>http://www.ISAserver.org
>
>
>Hey Tim,

Greetings, Doctor!


>I have the Domain Users with the Logon Locally Right enabled on all
>Exchange Servers running OWA. I figured this isn't an issue since these
>users don't have any other rights on the server that could get me in
>trouble. They don't have access to shares they're not supposed to access
>(admin shares disabled), Terminal Services only allow admins, and most
>of the other cool stuff noted in the Hacking Exposed Windows 2000 has
>been implemented.
>
>So, I don't *think* allowing domain users the log on locally right
>should be a problem. Heck if inet_user can, surely the domain users can
>:-)

As do I.  In all of my configs, it was a requirement for basic 
authentication to work- Basic authenticaion is Logon Type 2, which requires 
"log on locally" rights.   The thread started when JD could not get 
internal folks to access OWA via the FQDN- however, they could access via 
the NetBIOS name.  In his config, he has Basic and NT Integrated selected, 
but says his users are *not* members of a group that can log on locally, 
yet it still works, so I am thinking that internal clients are using NT 
Integrated.

However, I have not heard back from him whether his internal clients have 
to enter a password or not, so I don't know.

I think it is one of two things:  One, he is using NT Integrated 
internally, which is Logon Type 3 (or a "network logon") which does not 
need "log on locally" rights, but is failing because he done not have the 
FQDN in his Intranet Sites and/or "Logon automatically only in the Intranet 
Zone" is not set.  In this case, I think it is then falling back to Basic 
Authentication, which fails because they can't log on locally.

The only strange part is that his external people can use it, and he says 
they log in, which means it is basic authentication, which means they have 
to be set for "log on locally."

It is a mystery!  We'll see what the deal is when he posts back.

Thanks!

Timbomatic


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPOKORYhsmyD15h5gEQKfbwCgwPNt75y4nU7PmTN48TVDes09PdkAoOn9
V/vx9QUWBjH8Ym5NlAwV5Jxj
=fknf
-----END PGP SIGNATURE-----

Other related posts:

• » Outlook Web Access through ISA on internal LAN
• » Re: Outlook Web Access through ISA on internal LAN
• » Re: Outlook Web Access through ISA on internal LAN
• » Re: Outlook Web Access through ISA on internal LAN
• » Re: Outlook Web Access through ISA on internal- LAN
• » Re: Outlook Web Access through ISA on internal LAN
• » Re: Outlook Web Access through ISA on internal- LAN
• » Re: Outlook Web Access through ISA on internal- LAN
• » Re: Outlook Web Access through ISA on internal- - LAN
• » Re: Outlook Web Access through ISA on internal- - LAN
• » Re: Outlook Web Access through ISA on internal- - LAN
• » Re: Outlook Web Access through ISA on internal- - LAN
• » Re: Outlook Web Access through ISA on internal- - LAN
• » Re: Outlook Web Access through ISA on internal- - - LAN
• » Re: Outlook Web Access through ISA on internal- - - LAN
• » Re: Outlook Web Access through ISA on internal- - - LAN
• » Re: Outlook Web Access through ISA on internal-- - - LAN
• » Re: Outlook Web Access through ISA on internal-- - - LAN
• » Re: Outlook Web Access through ISA on internal- - - LAN
• » Re: Outlook Web Access through ISA on internal LAN
• » Re: Outlook Web Access through ISA on internal LAN

1. Home
2. isalist
3. Archive
4. 05-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---