Wouldn't it also be possible to create a deny rule with the paths for which you're looking to restrict access and place that above the allow rule? On Thu, Sep 2, 2010 at 9:19 AM, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > Easy-peasy. > If you authenticate OWA access at ISA, you can: > 1. create an "external mail allowed" user group in AD > 2. populate it with the users allowed external OWA access > 3. replace "authenticated users" with the user group for the rule > > If you don't authenticate OWA access at ISA, this is not possible. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Ellis, John P. > Sent: Thursday, September 02, 2010 1:36 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] ISA 2004 Enterprise - Stopping OWA access to certain > accounts > > http://www.ISAserver.org <http://www.isaserver.org/> > ------------------------------------------------------- > > ISA 2004 Enterprise with RSA tokens for two factor authentication Exchange > 2003 > > We have a number of users who have two email accounts, one is a day-to-day > account and the other is a secure email account used to send emails to other > Government bodies. > > What I have been asked is, is it possible to deny access to OWA for certain > accounts from outside the company, yet still let the users have access to > these OWA accounts internally? > > These mailboxes reside on the same servers as other mailboxes so denying > access to certain servers is not an option. > > Any thoughts/Questions? > > John > > > ********************************************************************** > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. > > www.clearswift.com > ********************************************************************** > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer Young Consulting & Staffing Services Company - Owner www.youngcss.com