Re: Stuff on RPC over HTTP and Outlook
- From: "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 9 Jul 2007 12:08:35 -0400
There's a 1:1 relationship between Exchange mailboxes and AD user accounts,
so you have to create the user to get the mailbox. Then you have to grant
the "real" users rights to log into the info@ or whatever mailboxes that
aren't associated with actual people. That's most easily done in Outlook
(and you can do it more granularly than using the limited permissions
settings in AD), so I just log in once as the info@ user and set the
permissions in Outlook. You can delete the profile afterward if you care -
I don't bother, I just use a shared conference room PC for this and there
are already a zillion profiles on there anyway.
Russ - pass-through NTLM auth doesn't work with ISA, and it can cause that
thing you see posted here where people get tons of password prompts that
fail even with the correct password.
"tatat" <default@xxxxxxxxxx> wrote in message
news:YNgki.4161$rL1.897@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Regarding item 4, we need to share a few mailboxes also that aren't
associated with actual users. When you say "create the accounts, log into
them" does that mean you need to create user accounts on the server then
create user accounts (fake/temporary) on a client to gain access to the
mailboxes?
"Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:OvAaYoMwHHA.4528@xxxxxxxxxxxxxxxxxxxxxxx
1. Is this Premium? NTLM won't work with ISA. And, since RPC over
HTTPS uses SSL anyway, your password is not transmitted in clear text.
IMO you're better off just configuring RPC using the instructions from
the RWW main page, exactly as they are.
2. I can't remember the deal with this. Doesn't it remember the
username from last time, in the correct format?
3. I wouldn't bother using RPC over HTTPS internally. I haven't thought
about the various security implications, but the default security is
fine. IMO there's no reason to add complexity or another possible point
of failure by trying to make Outlook more secure within your LAN. A user
will not attempt to hijack your Outlook data as it passes between the
server and your desktop on the wire, they'll sit down at your desk while
you're at lunch and read your mail right in Outlook. Depending on your
office policy, if you catch someone trying to intercept ethernet traffic,
just hit them in the elbow with your phone. It doesn't leave a bruise
but it hurts like crazy. Then fire them.
4. As for the info@ account, etc. you don't need CALs for those accounts
since they're not actual users. What I would do is to create the
accounts, log into them, open the mailbox in Outlook, go to the
permissions at the top level (Mailbox - Username), and change the
permission for Default to whatever you want all the users to have. Then
go to CP -> Mail, view or change e-mail accounts. Select Exchange and
click Change -> More Settings. Go to the Advanced tab and add the info@
mailbox as an additional mailbox. If you set the default permissions
correctly on the info mailbox, when the user opens Outlook, they'll see
the additional mailbox in the Folder List.
<bob.smith.0182@xxxxxxxxx> wrote in message
news:1183784971.413701.45080@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All,
Just some questions about RPC over HTTP (first two relate to an
external client machine NOT joined to domain):
1. Can we use NTLM rather than Basic Authentication and how do i
configure it - i tried to get the IIS sub directory RPC to use NTLM
authentication and the outlook client but when it tries to use NTLM,
it does not allow me to log on - even though passwords are right, it
repeatedly keeps on prompting for username and password.
2. How do we get it so that you DO NOT need to type Domain\Username
when logging onto RPC over HTTP, only need to type Username and then
password?
3. Which is more secure to use internally (i.e. within own office
building):
a) RPC over HTTP
b) Just normal connection without configuring RPC over HTTP settings
4. Our company has two email accounts: an info @ domain.com and a
sales @ domain.com account, which my boss wants all staff to access.
All staff have their own CALs for logon to SBS. Is there any way for
them to establish a profile in Outlook, that opens up the info @
domain.com Email account (the info and sales accounts have their own
CALs for Exchange to collect mail via POP3), however when they are
logging on, must prompt for username and password and instead of
using
the info @ domain.com's CAL details, but instead allow them to use
their own CAL logons.
Thanks a lot
.
- Follow-Ups:
- Re: Stuff on RPC over HTTP and Outlook
- From: tatat
- Re: Stuff on RPC over HTTP and Outlook
- References:
- Stuff on RPC over HTTP and Outlook
- From: bob . smith . 0182
- Re: Stuff on RPC over HTTP and Outlook
- From: Dave Nickason [SBS MVP]
- Re: Stuff on RPC over HTTP and Outlook
- From: tatat
- Stuff on RPC over HTTP and Outlook
- Prev by Date: Re: How to run a script when users logon due VPN
- Next by Date: Re: Virtual Server on SBS
- Previous by thread: Re: Stuff on RPC over HTTP and Outlook
- Next by thread: Re: Stuff on RPC over HTTP and Outlook
- Index(es):
Relevant Pages
|
