[isalist] Re: ISA 2004 Enterprise - Stopping OWA access to certain accounts

• From: Jim Harrison <Jim@xxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 2 Sep 2010 14:02:05 +0000

You could, but it's simpler to have one allow rule.
If the user doesn't fit into the "allowed groups", then they don't get access.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jerry Young
Sent: Thursday, September 02, 2010 6:32 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2004 Enterprise - Stopping OWA access to certain 
accounts

Wouldn't it also be possible to create a deny rule with the paths for which 
you're looking to restrict access and place that above the allow rule?
On Thu, Sep 2, 2010 at 9:19 AM, Jim Harrison 
<Jim@xxxxxxxxxxxx<mailto:Jim@xxxxxxxxxxxx>> wrote:
http://www.ISAserver.org<http://www.isaserver.org/>
-------------------------------------------------------

Easy-peasy.
If you authenticate OWA access at ISA, you can:
1.  create an "external mail allowed" user group in AD
2. populate it with the users allowed external OWA access
3. replace "authenticated users" with the user group for the rule

If you don't authenticate OWA access at ISA, this is not possible.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On 
Behalf Of Ellis, John P.
Sent: Thursday, September 02, 2010 1:36 AM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] ISA 2004 Enterprise - Stopping OWA access to certain accounts

http://www.ISAserver.org<http://www.isaserver.org/>
-------------------------------------------------------

ISA 2004 Enterprise with RSA tokens for two factor authentication Exchange 2003

We have a number of users who have two email accounts, one is a day-to-day 
account and the other is a secure email account used to send emails to other 
Government bodies.

What I have been asked is, is it possible to deny access to OWA for certain 
accounts from outside the company, yet still let the users have access to these 
OWA accounts internally?

These mailboxes reside on the same servers as other mailboxes so denying access 
to certain servers is not an option.

Any thoughts/Questions?

John


**********************************************************************
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager.

This footnote also confirms that this email message has been swept by 
MIMEsweeper for the presence of computer viruses.

www.clearswift.com<http://www.clearswift.com/>
**********************************************************************


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com<http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx<mailto:listadmin@xxxxxxxxxxxxx>


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com<http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx<mailto:listadmin@xxxxxxxxxxxxx>



--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com<http://www.youngcss.com>

• References:
  • [isalist] ISA 2004 Enterprise - Stopping OWA access to certain accounts
    • From: Ellis, John P.
  • [isalist] Re: ISA 2004 Enterprise - Stopping OWA access to certain accounts
    • From: Jim Harrison
  • [isalist] Re: ISA 2004 Enterprise - Stopping OWA access to certain accounts
    • From: Jerry Young

Other related posts:

• » [isalist] ISA 2004 Enterprise - Stopping OWA access to certain accounts- Ellis, John P.
• » [isalist] Re: ISA 2004 Enterprise - Stopping OWA access to certain accounts- Jim Harrison
• » [isalist] Re: ISA 2004 Enterprise - Stopping OWA access to certain accounts- Jerry Young
• » [isalist] Re: ISA 2004 Enterprise - Stopping OWA access to certain accounts - Jim Harrison

1. Home
2. isalist
3. Archive
4. 09-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---