General discussion

Locked

OWA & workstation access permissions

By shanna ·
Our company has recently instituted a security policy to restrict staff from logging onto any other office PC than their own, and a few select communal workstations. This restriction was put in place through the user's Active Directory user account "Log On To" properties.

The problem is though, once those restriction were put in, they disabled the ability of the staff to connect to their Exchange 2003 mailbox via the Outlook Web Access application. Any staff with no logon restrictions (myself and the company owners) have no issues connecting, but restricted accounts are blocked. The users receive the error "The local security authority cannot be contacted" or (if Show friendly HHTP error messages is turned off) "HTTP 500 - Internal server error"

So... is there any work around for this problem, or perhaps a group policy that would allow both the restrictions AND the OWA to function properly, or am I stuck?

Any assistance is greatly appreciated.

Shaun.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to OWA & workstation access ...

Since you've restricted them to logging onto only their workstation, they cannot login to the OWA system. You will need to either remvoe the policy, or grant them permission to log into their workstation AND the OWA system.

Collapse -

by shanna In reply to

BFilmFans input confirms what I was thinking, but I'll leave the question open in case someone else has a work around for me.

Thanks.

Collapse -

by shanna In reply to OWA & workstation access ...

Thanks for your input BFilmFan, I appreciate it.

When you say "grant them permission to log into their workstation AND the OWA system", I had actually already tried that by adding the Exchange server to the workstations the users were allowed to log onto. It still made no difference... the staff couldn't access OWA.

If I can't have the OWA access AND the logon restriction in place concurrently it will be unacceptable for our management. There HAS to be some sort of work-around, user policy, or registry hack that would allow both to function properly.

Any other suggestions? Anyone???

Collapse -

Same Problem Much Later

by torrey In reply to

I found the same problem with restricting workstation access causing the OWA not to work for those users. I also tried to add the Exchange OWA computer (same machine for all parts) to the allowed workstation, but that didn't change anything. Did anyone find a solution to this? Thanks in advance.

Collapse -

by calvinc In reply to Same Problem Much Later

Hi All,
I too would love to hear of a solution to this problem! cheers,

Collapse -

by dukep In reply to OWA & workstation access ...

I found your post as I was searching for a solution to this same issue. I came upon a solution shortly after and wanted to share it.

outlook web access for our domain is at
https://mail.ourdomain.com/exchange

To the machine logon restrictions in active directory I added the name mail and then the test account was able to logon to OWA without being able to log on to all machines in our domain.

Collapse -

by gmontoya In reply to

please share how you configured machine logon restrictions in active directory.

thx!
-Greg

Collapse -

by cstubing In reply to

Duke I would love to get some further information from you on this as I am also stuck on this exact issue. I tried adding "mail" as well as the name of our mail server and "mail.ourdomain.com" and it still does not work. Am I missing something from your post?

Collapse -

by aparadis In reply to

I added just our common domain name domain.org (not mail.domain.org) and it works great. But it seems that there is only a limit number of characters that can be entered, so I'm curious what happens if your domain name is longer than that?

Back to Software Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums