-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 08:12 AM 5/15/2002, you wrote: >http://www.ISAserver.org > > >Hey Tim, Greetings, Doctor! >I have the Domain Users with the Logon Locally Right enabled on all >Exchange Servers running OWA. I figured this isn't an issue since these >users don't have any other rights on the server that could get me in >trouble. They don't have access to shares they're not supposed to access >(admin shares disabled), Terminal Services only allow admins, and most >of the other cool stuff noted in the Hacking Exposed Windows 2000 has >been implemented. > >So, I don't *think* allowing domain users the log on locally right >should be a problem. Heck if inet_user can, surely the domain users can >:-) As do I. In all of my configs, it was a requirement for basic authentication to work- Basic authenticaion is Logon Type 2, which requires "log on locally" rights. The thread started when JD could not get internal folks to access OWA via the FQDN- however, they could access via the NetBIOS name. In his config, he has Basic and NT Integrated selected, but says his users are *not* members of a group that can log on locally, yet it still works, so I am thinking that internal clients are using NT Integrated. However, I have not heard back from him whether his internal clients have to enter a password or not, so I don't know. I think it is one of two things: One, he is using NT Integrated internally, which is Logon Type 3 (or a "network logon") which does not need "log on locally" rights, but is failing because he done not have the FQDN in his Intranet Sites and/or "Logon automatically only in the Intranet Zone" is not set. In this case, I think it is then falling back to Basic Authentication, which fails because they can't log on locally. The only strange part is that his external people can use it, and he says they log in, which means it is basic authentication, which means they have to be set for "log on locally." It is a mystery! We'll see what the deal is when he posts back. Thanks! Timbomatic -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPOKORYhsmyD15h5gEQKfbwCgwPNt75y4nU7PmTN48TVDes09PdkAoOn9 V/vx9QUWBjH8Ym5NlAwV5Jxj =fknf -----END PGP SIGNATURE-----