Create a custom local group and then go to advances rights in the user manager for domains and find the log on locally right.\ Log on Locally One common problem encountered in installing OWA is that users do not have the right to "log on locally." Each Windows NT account that will be accessing the Exchange Server through OWA must have the "log on locally" right assigned on IIS. If this right is not enabled, users will not be able to log on to OWA using Basic Authentication. The 'Log on Locally' right - The administrator can assign this right to the Everyone group or to specific groups, if access must be restricted. To assign this right to an account, perform the following steps: 1. Start User Manager for Domains. 2. On the Policies menu, click User Rights. 3. In Right, select Log on Locally. 4. Click Add. 5. In Add Users and Groups, click Show Users and select one or more user or group accounts from Names. 6. Click Add, and then click OK. 7. Click OK again, and then exit User Manager for Domains. Note If the IIS computer is a Member server in a Windows NT domain, you must grant the "Log on Locally" right to the appropriate Windows NT account using the local computer's accounts database, and not the domain's accounts database. To do this, start User Manager for Domains in one of the following ways before you grant the Log on Locally right to the user account: 8. Log on to the IIS computer using the local computer's Administrator account and start User Manager for Domains. 9. If you are logged on to the IIS computer with a domain account that is a member of the local Administrator's group, start User Manager for Domains, and then on the User menu, click Select Domain. Type the local computer's name as \\<servername>. 10. From the MS-DOS prompt, start User Manager for Domains by typing the following command-line syntax: usrmgr \\<servername> where <servername> is the name of the IIS computer. The end result is that the local computer's name will appear in the title bar of User Manager for Domains, instead of the domain name. The IUSR_<ServerName> Account Make sure that the IUSR_<ServerName> account has been assigned the Log on Locally right on the IIS server. Also, make sure that the password for this account is the same in both User Manager and the Internet Service Manager. These passwords can be changed independently and differences will cause access problems. By default, the IUSR_<ServerName> account is given a random password when IIS is installed. Password Authentication The WWW service on the IIS server must be configured to use the appropriate password authentication method, depending on how you intend to set up your Exchange and IIS servers. If both Exchange and IIS are installed on the same computer, you can use any of the three supported authentication methods. If Exchange and IIS are on separate computers, only Basic (Clear Text) and Anonymous can be used. Windows NT Challenge/Response (also called NTLM) authentication cannot be used if a browser other than Internet Explorer will be used for OWA. If you plan to use the NTLM method for authentication, any resources your clients need to access must reside on the local IIS/Exchange server. This will include mailboxes, any Public Folders, Free/Busy data, organizational forms, and so forth. Note If you plan to use Basic (Clear Text) authentication and you want to have a more secure environment, configure Secure Sockets Layer (SSL) support on the IIS server. For more information about setting up SSL, see your IIS documentation. Anonymous Access Another potential problem in installing OWA is setting up anonymous access to Public Folders. To set up anonymous access to public folders, perform the following steps: 1. On the Windows NT desktop, click Start, point to Programs, point to Microsoft Exchange, and then click Microsoft Exchange Administrator. 2. Select the server you want to configure, and then open the Configuration container. 3. Click Protocols, and then double-click HTTP (Web) Site Settings. 4. Select Allow anonymous users to access the anonymous public folders. 5. Select the Folder Shortcuts tab. 6. Click New to add folders for anonymous viewing, and select an existing folder in Public Folders. 7. Click OK. Published folders must have at least Read permission granted to the Anonymous account. This is set on the Permissions tab for the specified folder. Folder permissions can be accessed from either the Microsoft Exchange Server Administrator program or from the client. To grant permissions to the Anonymous account, perform the following steps: 1. In Microsoft Exchange Server Administrator, find the public folder for which you created a shortcut. 2. On the File menu, click Properties. 3. Click Client Permissions. 4. In the box at the top of Client Permissions, click Anonymous, and then change its role from None to the desired level of access. 5. If you want to publish all subfolders of this folder for anonymous access, select Propagate these properties to all subfolders. 6. Click OK. Conclusion OWA provides a cost-effective way to retrieve e-mail, personal calendars, and scheduling through a secure connection through the Internet. OWA can eliminate long distance Remote Access Service (RAS) connections, with the use of a local Internet Service Provider (ISP) number that allows you to connect through the Internet into your Small Business Server. For more information about Small Business Server: http://www.microsoft.com/smallbusinessserver For more information about OWA: http://www.microsoft.com/exchange -----Original Message----- From: Omppu [mailto:Omppu@xxxxxxxxxxxx] Sent: Tuesday, January 29, 2002 5:50 AM To: [ExchangeList] Subject: [exchangelist] RE: help OWA!! http://www.MSExchange.org/ err where from can i provide this local logon rights so that owa would work? ----- Original Message ----- From: "Jonathan E. Cox" <jon@xxxxxxxxxxxxxx> To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx> Sent: Tuesday, January 29, 2002 1:15 AM Subject: [exchangelist] RE: help OWA!! http://www.MSExchange.org/ Only if you give them the logon locally right. I suggest that you create a local group and give the group the logon locally right. Then add what users you want to be able to access the OWA interface. Good Luck TopDOC -----Original Message----- From: Robert Abela [mailto:robert@xxxxxxx] Sent: Monday, January 28, 2002 3:07 AM To: [ExchangeList] Subject: [exchangelist] RE: help OWA!! http://www.MSExchange.org/ Do all users have access to logon on the server? Regards Robert Abela robert@xxxxxxx -----Original Message----- From: Omppu [mailto:Omppu@xxxxxxxxxxxx] Sent: Monday, January 28, 2002 8:58 AM To: [ExchangeList] Subject: [exchangelist] help OWA!! http://www.MSExchange.org/ hello for some reason some accounts can access OWA on exchange 2000 and then others cannot, the error after authenticating that they get is page not found!!! any ideas?? regards O. ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: robert@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') GFI - Security & communications products for Windows NT/2000 http://www.gfi.com ********************************************************** This mail was content checked for malicious code or viruses by Mail essentials. Mail essentials for Exchange/SMTP is an email security, content checking & anti-virus gateway that removes all types of email-borne threats before they can affect your email users. Spam, viruses, dangerous attachments & offensive content can be removed before they reach your mail server. In addition it has server-based email encryption, disclaimers and other email features. *********************************************************** In addition to Mail essentials, GFI also produces the FAXmaker fax server product range & LANguard internet access control & intrusion detection. For more information on our products please visit http://www.gfi.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: jon@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: omppu@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: jon@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')