RE: help OWA!!

  • From: "Jonathan E. Cox" <jon@xxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 1 Feb 2002 19:45:32 -0500

Create a custom local group and then go to advances rights in the user
manager for domains and find the log on locally right.\

Log on Locally
One common problem encountered in installing OWA is that users do not
have the right to "log on locally." Each Windows NT account that will be
accessing the Exchange Server through OWA must have the "log on locally"
right assigned on IIS. If this right is not enabled, users will not be
able to log on to OWA using Basic Authentication. 
The 'Log on Locally' right - The administrator can assign this right to
the Everyone group or to specific groups, if access must be restricted.
To assign this right to an account, perform the following steps: 
1. Start User Manager for Domains. 
2. On the Policies menu, click User Rights. 
3. In Right, select Log on Locally. 
4. Click Add. 
5. In Add Users and Groups, click Show Users and select one or more user
or group accounts from Names. 
6. Click Add, and then click OK. 
7. Click OK again, and then exit User Manager for Domains. 
Note If the IIS computer is a Member server in a Windows NT domain, you
must grant the "Log on Locally" right to the appropriate Windows NT
account using the local computer's accounts database, and not the
domain's accounts database. To do this, start User Manager for Domains
in one of the following ways before you grant the Log on Locally right
to the user account: 
8. Log on to the IIS computer using the local computer's Administrator
account and start User Manager for Domains. 
9. If you are logged on to the IIS computer with a domain account that
is a member of the local Administrator's group, start User Manager for
Domains, and then on the User menu, click Select Domain. Type the local
computer's name as \\<servername>. 
10. From the MS-DOS prompt, start User Manager for Domains by typing the
following command-line syntax: 
usrmgr \\<servername> 
where <servername> is the name of the IIS computer. The end result is
that the local computer's name will appear in the title bar of User
Manager for Domains, instead of the domain name. 
The IUSR_<ServerName> Account 
Make sure that the IUSR_<ServerName> account has been assigned the Log
on Locally right on the IIS server. Also, make sure that the password
for this account is the same in both User Manager and the Internet
Service Manager. These passwords can be changed independently and
differences will cause access problems. By default, the
IUSR_<ServerName> account is given a random password when IIS is
Password Authentication
The WWW service on the IIS server must be configured to use the
appropriate password authentication method, depending on how you intend
to set up your Exchange and IIS servers. If both Exchange and IIS are
installed on the same computer, you can use any of the three supported
authentication methods. If Exchange and IIS are on separate computers,
only Basic (Clear Text) and Anonymous can be used. Windows NT
Challenge/Response (also called NTLM) authentication cannot be used if a
browser other than Internet Explorer will be used for OWA. If you plan
to use the NTLM method for authentication, any resources your clients
need to access must reside on the local IIS/Exchange server. This will
include mailboxes, any Public Folders, Free/Busy data, organizational
forms, and so forth. 
Note If you plan to use Basic (Clear Text) authentication and you want
to have a more secure environment, configure Secure Sockets Layer (SSL)
support on the IIS server. For more information about setting up SSL,
see your IIS documentation. 
Anonymous Access
Another potential problem in installing OWA is setting up anonymous
access to Public Folders. To set up anonymous access to public folders,
perform the following steps: 
1. On the Windows NT desktop, click Start, point to Programs, point to
Microsoft Exchange, and then click Microsoft Exchange Administrator. 
2. Select the server you want to configure, and then open the
Configuration container. 
3. Click Protocols, and then double-click HTTP (Web) Site Settings. 
4. Select Allow anonymous users to access the anonymous public folders. 
5. Select the Folder Shortcuts tab. 
6. Click New to add folders for anonymous viewing, and select an
existing folder in Public Folders. 
7. Click OK. 
Published folders must have at least Read permission granted to the
Anonymous account. This is set on the Permissions tab for the specified
folder. Folder permissions can be accessed from either the Microsoft
Exchange Server Administrator program or from the client. To grant
permissions to the Anonymous account, perform the following steps: 
1. In Microsoft Exchange Server Administrator, find the public folder
for which you created a shortcut. 
2. On the File menu, click Properties. 
3. Click Client Permissions. 
4. In the box at the top of Client Permissions, click Anonymous, and
then change its role from None to the desired level of access. 
5. If you want to publish all subfolders of this folder for anonymous
access, select Propagate these properties to all subfolders. 
6. Click OK. 
OWA provides a cost-effective way to retrieve e-mail, personal
calendars, and scheduling through a secure connection through the
Internet. OWA can eliminate long distance Remote Access Service (RAS)
connections, with the use of a local Internet Service Provider (ISP)
number that allows you to connect through the Internet into your Small
Business Server. 
For more information about Small Business Server: 
For more information about OWA:

 -----Original Message-----
From:   Omppu [mailto:Omppu@xxxxxxxxxxxx] 
Sent:   Tuesday, January 29, 2002 5:50 AM
To:     [ExchangeList]
Subject:        [exchangelist] RE: help OWA!!

err where from can i provide this local logon rights so that
owa would work?

----- Original Message -----
From: "Jonathan E. Cox" <jon@xxxxxxxxxxxxxx>
To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Sent: Tuesday, January 29, 2002 1:15 AM
Subject: [exchangelist] RE: help OWA!!

Only if you give them the logon locally right.

I suggest that you create a local group and give the group the logon
locally right. Then add what users you want to be able to access the OWA

Good Luck

 -----Original Message-----
From: Robert Abela [mailto:robert@xxxxxxx]
Sent: Monday, January 28, 2002 3:07 AM
To: [ExchangeList]
Subject: [exchangelist] RE: help OWA!!

Do all users have access to logon on the server?

Robert Abela

-----Original Message-----
From: Omppu [mailto:Omppu@xxxxxxxxxxxx]
Sent: Monday, January 28, 2002 8:58 AM
To: [ExchangeList]
Subject: [exchangelist] help OWA!!

for some reason some accounts can access OWA on exchange 2000 and then
others cannot,
the error after authenticating that they get is page not found!!!
any ideas??


You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to

GFI - Security & communications products for Windows NT/2000

This mail was content checked for malicious code or viruses
by Mail essentials. Mail essentials for Exchange/SMTP is an
email security, content checking & anti-virus gateway that
removes all types of email-borne threats before they can affect
your email users. Spam, viruses, dangerous attachments & offensive
content can be removed before they reach your mail server.
In addition it has server-based email encryption, disclaimers
and other email features.

In addition to Mail essentials, GFI also produces the FAXmaker
fax server product range & LANguard internet access control &
intrusion detection. For more information on our products please

You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to

You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to

You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to

Other related posts: