Three Ways to Tighten OWA 2010 Security

By Brian Posey,

While Exchange Server 2010 includes solid security out-of-the-box, further strengthening Outlook Web App is never a bad idea. After all, OWA is exposed to the Internet as a Web application and, like any other Internet-facing Web app, is prone to attacks. Here are a few tweaks you can make to bolster OWA 2010 security.

Eliminate the OWA private computer option

When users log into OWA 2010, they have the option to select whether they are accessing OWA 2010 from a public computer or a private computer; many users skip this step. If users do not explicitly choose public or private, OWA assumes they are logging on from a public computer, and therefore uses a more secure profile.

One way to improve OWA 2010 security is to eliminate the private computer access option entirely. This forces users into the more secure profile. The easiest way to do so is to modify the logon.aspx file.

Note: Make sure you create a backup of this file before modifying it.

The logon.aspx file is located in the c:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\Auth folder. To modify it, open the file in Notepad, then locate the following line of code:

<td><input id="rdoPrvt" value="4" onclick="clkSec()"></td>

In this line of code, change the type from radio to hidden. After doing so, save your changes.

Next, open a command prompt window and enter the IISRESET command. This resets both Internet Information Services (IIS) and OWA. The logon.aspx file will use your modified code after the reset. Users can no longer select the This is a Private Computer option.

Another public/private computer option

In some cases it may actually be better to tighten the private computer security settings rather than abandon them altogether. One way to do so is to change the automatic logout setting. Idle OWA sessions are disconnected after 12 hours of inactivity by default. You can modify this setting to make the time-out period much shorter.

To read the full article, go to: SearchExchange

Use Ctrl+Shift+R to "Reply all" to the selected message.


Will tablet and Smart phone use be a big part of your OWA 2013 deployment?