E-mail Only

I have a customer who is asking to have 5 users setup with only an e-mail
account. They don't want them accessing the network. Is it possible for
someone to only have access to OWA and nothing else?

Basic setup: SBS 2003 Standard 10 users.


Thanks!
Tim

Hi Tim,

Try this: (once you have the user accounts created)

Server Management | Standard Management | (double click a user account in
the right pane) | Account (tab) | "Log on to"

Now specify just the SBS server. This should restrict the user to logging
into RWW or OWA, but not let him log on locally or remotely to workstations.
(Note: he will not be able to log into the SBS server locally or remotely
either)

--
Merv Porter [SBS-MVP]
============================

"Tim H" <> wrote in message
news:#...
> I have a customer who is asking to have 5 users setup with only an e-mail
> account. They don't want them accessing the network. Is it possible for
> someone to only have access to OWA and nothing else?
>
> Basic setup: SBS 2003 Standard 10 users.
>
>
> Thanks!
> Tim
>

I'm not sure you need to provide access even to the server. Certainly in SBS
2008, you do not. In fact, setting this in SBS 208 is trivial - you simply
create the user without assigning them to any computers. They'll have OWA
rights without any local logon rights.

--
Charlie.
http://msmvps.com/blogs/russel




"Merv Porter" <mwport@no_spam_hotmail.com> wrote in message
news:%...
> Hi Tim,
>
> Try this: (once you have the user accounts created)
>
> Server Management | Standard Management | (double click a user account in
> the right pane) | Account (tab) | "Log on to"
>
> Now specify just the SBS server. This should restrict the user to logging
> into RWW or OWA, but not let him log on locally or remotely to
> workstations. (Note: he will not be able to log into the SBS server
> locally or remotely either)
>
> --
> Merv Porter [SBS-MVP]
> ============================
>
> "Tim H" <> wrote in message
> news:#...
>> I have a customer who is asking to have 5 users setup with only an e-mail
>> account. They don't want them accessing the network. Is it possible for
>> someone to only have access to OWA and nothing else?
>>
>> Basic setup: SBS 2003 Standard 10 users.
>>
>>
>> Thanks!
>> Tim
>>

In article <>,
says...
>
> I'm not sure you need to provide access even to the server. Certainly in SBS
> 2008, you do not. In fact, setting this in SBS 208 is trivial - you simply
> create the user without assigning them to any computers. They'll have OWA
> rights without any local logon rights.

If you don't give them access to the server they won't be able to RWW,
but they can still OWA.

Since we never setup file/folder access for "Everyone" or "Domain
Users", since we create new security groups for every business folder,
it's fairly easy to make Email Only accounts, but we don't allow them
RWW access either, just OWA.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)

Leythos <> wrote:
> In article <>,
> says...
>>
>> I'm not sure you need to provide access even to the server.
>> Certainly in SBS 2008, you do not. In fact, setting this in SBS 208
>> is trivial - you simply create the user without assigning them to
>> any computers. They'll have OWA rights without any local logon
>> rights.

Hmm. I thought that was only for RWW. I thought all domain users by default
had local login privileges on all domain workstations (I certainly want them
to). If you're talking about via RWW, then yes, that's correct. I always add
the Remote Web Workplace Users group to each workstation's Remote Desktop
Users group....you can then add/remove domain users to that as needed for
remote access. (I also add the user's primary computer in the SBS2008 wizard
thingy so they have RWW access easily)
>
> If you don't give them access to the server they won't be able to RWW,
> but they can still OWA.
>
> Since we never setup file/folder access for "Everyone" or "Domain
> Users", since we create new security groups for every business folder,
> it's fairly easy to make Email Only accounts, but we don't allow them
> RWW access either, just OWA.

I like to do that too. I set up security groups for my clients and use them
to secure the shared folders. When a temp or visitor needs an account i can
easily create it and simply not add them to the groups they don't need to be
in.

"Lanwench [MVP - Exchange]"
< hoo.com> wrote in message
news:...
> Leythos <> wrote:
>> In article <>,
>> says...
>>>
>>> I'm not sure you need to provide access even to the server.
>>> Certainly in SBS 2008, you do not. In fact, setting this in SBS 208
>>> is trivial - you simply create the user without assigning them to
>>> any computers. They'll have OWA rights without any local logon
>>> rights.
>
> Hmm. I thought that was only for RWW. I thought all domain users by
> default had local login privileges on all domain workstations (I certainly
> want them to). If you're talking about via RWW, then yes, that's correct.
> I always add the Remote Web Workplace Users group to each workstation's
> Remote Desktop Users group....you can then add/remove domain users to that
> as needed for remote access. (I also add the user's primary computer in
> the SBS2008 wizard thingy so they have RWW access easily)
>>
>> If you don't give them access to the server they won't be able to RWW,
>> but they can still OWA.
>>
>> Since we never setup file/folder access for "Everyone" or "Domain
>> Users", since we create new security groups for every business folder,
>> it's fairly easy to make Email Only accounts, but we don't allow them
>> RWW access either, just OWA.
>
> I like to do that too. I set up security groups for my clients and use
> them to secure the shared folders. When a temp or visitor needs an account
> i can easily create it and simply not add them to the groups they don't
> need to be in.
>


I've created numerous accounts with this in mind, for remote email-only
users. They simply access OWA with a direct URL that I make provisions to
work by adding it to the html in the Company Web page when connecting to SBS
from the outside. But I do secure it with SSL and disable anonymous, so on
the initial connection, they must provide credentials, then the company web
pops up, and they can click on a link that I created called (you can call it
what you like), "Connect to Microsoft Exchange WebMail." I even took a
picture of an envelope and made it into an icon for the link.

As for ADUC, in the user account properties, Account tab, Logon To, I click
"on the following computers" but leave the list blank. Works nicely. This
does not affect accessing the company web site nor Exchange OWA.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Ace Fekay [MCT] <> wrote:

>
> I've created numerous accounts with this in mind, for remote
> email-only users. They simply access OWA with a direct URL that I
> make provisions to work by adding it to the html in the Company Web
> page when connecting to SBS from the outside. But I do secure it with
> SSL and disable anonymous, so on the initial connection, they must
> provide credentials, then the company web pops up, and they can click
> on a link that I created called (you can call it what you like),
> "Connect to Microsoft Exchange WebMail." I even took a picture of an
> envelope and made it into an icon for the link.
> As for ADUC, in the user account properties, Account tab, Logon To, I
> click "on the following computers" but leave the list blank. Works
> nicely. This does not affect accessing the company web site nor
> Exchange OWA.

Some day I'd love you to show me how you did that

"Lanwench [MVP - Exchange]"
< hoo.com> wrote in message
news:%...
> Ace Fekay [MCT] <> wrote:
>
>>
>> I've created numerous accounts with this in mind, for remote
>> email-only users. They simply access OWA with a direct URL that I
>> make provisions to work by adding it to the html in the Company Web
>> page when connecting to SBS from the outside. But I do secure it with
>> SSL and disable anonymous, so on the initial connection, they must
>> provide credentials, then the company web pops up, and they can click
>> on a link that I created called (you can call it what you like),
>> "Connect to Microsoft Exchange WebMail." I even took a picture of an
>> envelope and made it into an icon for the link.
>> As for ADUC, in the user account properties, Account tab, Logon To, I
>> click "on the following computers" but leave the list blank. Works
>> nicely. This does not affect accessing the company web site nor
>> Exchange OWA.
>
> Some day I'd love you to show me how you did that
>


I can remote in...