OWA permission and WM6 (Full Version)

All Forums >> [Microsoft Exchange 2000] >> Outlook Web Access



Message

Esteban -> OWA permission and WM6 (13.Feb.2008 6:27:00 PM)

We have a separate exchange and owa server. We run exch 2003 on server 2003.  We are successfully using a motorola q9 pda with windows mobile 6 that syncs the mail/calendar ect.  We can also use a web browser on a non-company pc to access exchange via OWA.  In other words,  it is all hooked up and working.

My question is whether there is a way to allow a user to use OWA via the web but not use a WM6 device.   On the exchange features snap in,  we have OWA enabled under protocols,  and we have all the options under Mobile Services enabled.   Does the 'OWA enabled'  control both the web access and a WM6 device sync access?

I have some users that should have OWA web,  but I dont want them hooking up a WM6 device without me knowing.  It seems like all they need to know is the webmail server name.

Thanks



leederbyshire -> RE: OWA permission and WM6 (14.Feb.2008 8:22:29 AM)

It can be done if you use Forms-based Authentication.  Look at your IIS Log File to see what the user agent for WM6 IE looks like.  Probably something like this:
Mozilla/4.0+(compatible;+MSIE+4.01;+Windows+CE;+PPC;+240x320)
Then add a line near the beginning of your logon.asp file:

<% If Instr(Request.ServerVariables("USER_AGENT"), "PPC") <> 0 Then Response.End %>

If you don't use FBA, I don't know of a way to do it.



marobertson -> RE: OWA permission and WM6 (14.Feb.2008 12:46:48 PM)

Why dont you just disable everyone's mobile services, then enable the service as they request it? With their mobile services disabled, then they will not be able to sync any mobile device and can still check their OWA from the web.

Why would you want to stop someone with WM6 from syncing with your exchange server?



Esteban -> RE: OWA permission and WM6 (14.Feb.2008 1:16:04 PM)

marobertson - If I knew what flag to flip to disable just mobile, I would.  Please describe how I would do that.  It appears to me that the OWA flag controls both web and mobile access (i think that wm6/active sync is leveraging owa).  I initially tried to disable OMA and it had no effect.

leederbyshire - We do use forms based authentication.  I have looked at the logfile and when I use the Qphone, an entry looks like this:
2008-02-14 00:04:22 W3SVC1 192.168.108.192 POST /Microsoft-Server-ActiveSync User=USERX&DeviceId=BB01FBCB688C570A74B2167E3FC97B8X&DeviceType=SmartPhone&Cmd=Ping&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:2C20I12277S378512R0S0L1380H0P 443 SERVERX.com\USERX 70.6.57.54 MSFT-SPhone/5.2.603 200 0 0

An entry from a user using the web looks like this:
111.111.111.111 GET /exchange - 443 ABC-corp\USERY 227 11.1.11.111 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 1326




marobertson -> RE: OWA permission and WM6 (14.Feb.2008 2:20:09 PM)

You said in your first message that:
" On the exchange features snap in,  we have OWA enabled under protocols,  and we have all the options under Mobile Services enabled."

If you disable all mobile servers for a user, then they will not be able to sync with a mobile device.

I have the exchange management tools installed on XP, I go to my AD Users and Computers MMC, and find the user that i want to modify. In the user's properties, there is a tab for Exchange Features, from there, disable all mobile services for that user (should be three of them), but leave the Protocols enabled that you want them to be able to use. That will allow them to view OWA, but not OMA on any mobile device.



Esteban -> RE: OWA permission and WM6 (15.Feb.2008 12:49:58 PM)

You are correct, disabling all three of the 'Mobile Services' did the trick in my test.   I was still able to use OWA,  but not allowed to sync from the WM6 device.    It seems so obvious now,  thank you for clarifying to me.



Page: [1]