exchangefaq.org
brought to you by Simpler-Webb

Table of Contents

Exchange 2003 FAQ
Exchange 2000 FAQ
Exchange 5.5 FAQ

Exchange Resource Manager

Find out how you can manage rooms and resources though Exchange with out the hassles and complications of scripting!

» Download a free trial today

01


You can enable a new logon page for Outlook Web Access that will store the user's user name and password in a cookie instead of in the browser. When a user closes their browser, the cookie will be cleared. Additionally, after a period of inactivity, the cookie will be cleared automatically. The new logon page requires users to enter either their domain name\alias and password or their full UPN e-mail address and password to access their e-mail.


Figure 2.8 Outlook Web Access logon page

This logon page represents more than a cosmetic change; it offers several new features.

To enable forms-based authentication

  1. In Exchange System Manager, expand the Servers node.
  2. Expand the Protocols node under the Exchange server for which you wish to enable forms-based authentication.
  3. Expand HTTP, and then right-click the Exchange Virtual Server.
  4. On the Exchange Virtual Server properties page, select the check box next to Enable Forms Based Authentication for Outlook Web Access.
  5. Click Apply, and then click OK.

Cookie Authentication Timeout

Outlook Web Access user credentials are now stored in a cookie. When the user logs out of Outlook Web Access, the cookie is cleared and is no longer valid for authentication. Additionally, by default the cookie is set to expire automatically after 20 minutes of user inactivity.

The automatic timeout is valuable for keeping a user’s account secure from unauthorized access. Although this timeout does not completely eliminate the possibility that an unauthorized user might access an account if an Outlook Web Access session is accidentally left running on a public computer, it greatly reduces this risk.

Note: Cookie Authentication Timeout is available for the rich experience version of Outlook Web Access only.

The inactivity timeout value can be configured by an administrator to match the security needs of your organization.

Note: The default value for the cookie timeout is 10 minutes. If you want to set this value to something other than 10 minutes, you must modify the registry settings on the server. Warning This section contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about restoring the registry, see the “Restore the Registry” Help topic in Regedit.exe or Regedt32.exe

To set the Outlook Web Access cookie timeout value

  1. Click Start, click Run, and type Regedit in the box next to Open. Click OK.
  2. Navigate to the following registry key:
    HKey_local_machine\system\ CurrentControlSet\Services\MSExchangeWeb\OWA\
  3. Create a new Dword value and name it KeyInterval.
  4. Right-click the KeyInterval Dword value and click Modify.
  5. In the Base window, click the button next to Decimal.
  6. In the Value Data field, enter a value (in minutes) between 1 and 1440.
  7. Click OK.


Last Updated by Simpler-Webb on 3/18/2004 4:37:55 PM (QID #1133)
Categories: Exchange 2003/Logon Modifications for OWA Users |