RE: rpc over https

[Chris Orovet]

Thanks I appreciate it!

Regards,
 
Chris Orovet  Technical Support

O: (727)812-0276 Ext. 125
F: (727)812-0278
Email: supp...@atsi-inc.com
Web: http://www.atsi-inc.com


"Whatever relationships you have attracted in your life at this moment, are 
precisely the ones you need in your life at this moment. There is a hidden 
meaning behind all events, and this hidden meaning is serving your own 
evolution." ~Chopra

Confidentiality Notice: This e-mail message and any attachments are for the 
sole use of the intended recipient and may contain proprietary, confidential, 
trade secret or privileged information. Any unauthorized review, use, 
disclosure, or distribution is prohibited and may be a violation of law. If you 
are not the intended recipient or a person responsible for delivering this 
message to an intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message immediately. 

-Original Message-
From: Richard Stovall [mailto:richard.stov...@researchdata.com] 
Sent: Tuesday, September 08, 2009 8:03 AM
To: NT System Admin Issues
Subject: RE: rpc over https

Agreed, if the client you're setting up is a machine you can manage via Group 
Policy.

-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, September 08, 2009 7:39 AM
To: NT System Admin Issues
Subject: RE: rpc over https

" The easiest way to do this is with IE."

IMO the easiest was to push is via GPO.






-Original Message-
From: Richard Stovall [mailto:richard.stov...@researchdata.com] 
Sent: Friday, September 04, 2009 4:01 PM
To: NT System Admin Issues
Subject: RE: rpc over https

The SSL cert must be for whatever address your users will use from the outside 
(the inside will work too if you set up a split DNS structure).  The site 
really depends on how you set it up.  Could be the default, or possibly 
something else if you customize it.  I set ours up 4 or 5 years ago and haven't 
touched it since, so I don't really remember how much choice you have.  A quick 
look at the IIS config on our Exchange server puts it in the default site.

One thing about the cert you need to understand.  The trusted chain in the 
certificate store on your user's machines must go all the way up to the issuing 
authority.  It doesn't have to be a commercial cert, but the issuing authority 
must be trusted.  You can even use a self-signed cert, but it must be installed 
manually.  The easiest way to do this is with IE.

Once you get this working I think you'll really appreciate the benefits, at 
least with Exchange 2003.  The folks here rave about 2010's OWA, so maybe it 
won't be needed in the future.

Good luck,
RS

-Original Message-
From: Chris Orovet [mailto:coro...@atsi-inc.com] 
Sent: Friday, September 04, 2009 4:48 PM
To: NT System Admin Issues
Subject: rpc over https
Importance: High

Hey Guys and Gals,
 Can someone clarify this for me please. Im setting up rpc over https for some 
remote users that require access to mail and the contacts. Im finding 
conflicting information when setting up the ssl portion. Should the ssl cert be 
setup for my exchange internal fqdn or my external address? Also everything is 
pointing towards setting this up for my default website. Should this be setup 
for the exchange website and not the default?

I have 1 exchange server:

Windows 2003 ent sp2
Exchange 2003 ent sp2- This is my only DC as well(don't ask was made to set it 
up this way)
If anyone has a link they can shoot me that would clarify this id appreciate 
it. 


Regards,
 
Chris Orovet  Technical Support

O: (727)812-0276 Ext. 125
F: (727)812-0278
Email: supp...@atsi-inc.com
Web: http://www.atsi-inc.com


"Whatever relationships you have attracted in your life at this moment, are 
precisely the ones you need in your life at this moment. There is a hidden 
meaning behind all events, and this hidden meaning is serving your own 
evolution." ~Chopra

Confidentiality Notice: This e-mail message and any attachments are for the 
sole use of the intended recipient and may contain proprietary, confidential, 
trade secret or privileged information. Any unauthorized review, use, 
disclosure, or distribution is prohibited and may be a violation of law. If you 
are not the intended recipient or a person responsible for delivering this 
message to an intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message immediately. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/&g

RE: rpc over https

[Richard Stovall]

Agreed, if the client you're setting up is a machine you can manage via Group 
Policy.

-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, September 08, 2009 7:39 AM
To: NT System Admin Issues
Subject: RE: rpc over https

" The easiest way to do this is with IE."

IMO the easiest was to push is via GPO.






-Original Message-
From: Richard Stovall [mailto:richard.stov...@researchdata.com] 
Sent: Friday, September 04, 2009 4:01 PM
To: NT System Admin Issues
Subject: RE: rpc over https

The SSL cert must be for whatever address your users will use from the outside 
(the inside will work too if you set up a split DNS structure).  The site 
really depends on how you set it up.  Could be the default, or possibly 
something else if you customize it.  I set ours up 4 or 5 years ago and haven't 
touched it since, so I don't really remember how much choice you have.  A quick 
look at the IIS config on our Exchange server puts it in the default site.

One thing about the cert you need to understand.  The trusted chain in the 
certificate store on your user's machines must go all the way up to the issuing 
authority.  It doesn't have to be a commercial cert, but the issuing authority 
must be trusted.  You can even use a self-signed cert, but it must be installed 
manually.  The easiest way to do this is with IE.

Once you get this working I think you'll really appreciate the benefits, at 
least with Exchange 2003.  The folks here rave about 2010's OWA, so maybe it 
won't be needed in the future.

Good luck,
RS

-Original Message-
From: Chris Orovet [mailto:coro...@atsi-inc.com] 
Sent: Friday, September 04, 2009 4:48 PM
To: NT System Admin Issues
Subject: rpc over https
Importance: High

Hey Guys and Gals,
 Can someone clarify this for me please. Im setting up rpc over https for some 
remote users that require access to mail and the contacts. Im finding 
conflicting information when setting up the ssl portion. Should the ssl cert be 
setup for my exchange internal fqdn or my external address? Also everything is 
pointing towards setting this up for my default website. Should this be setup 
for the exchange website and not the default?

I have 1 exchange server:

Windows 2003 ent sp2
Exchange 2003 ent sp2- This is my only DC as well(don't ask was made to set it 
up this way)
If anyone has a link they can shoot me that would clarify this id appreciate 
it. 


Regards,
 
Chris Orovet  Technical Support

O: (727)812-0276 Ext. 125
F: (727)812-0278
Email: supp...@atsi-inc.com
Web: http://www.atsi-inc.com


"Whatever relationships you have attracted in your life at this moment, are 
precisely the ones you need in your life at this moment. There is a hidden 
meaning behind all events, and this hidden meaning is serving your own 
evolution." ~Chopra

Confidentiality Notice: This e-mail message and any attachments are for the 
sole use of the intended recipient and may contain proprietary, confidential, 
trade secret or privileged information. Any unauthorized review, use, 
disclosure, or distribution is prohibited and may be a violation of law. If you 
are not the intended recipient or a person responsible for delivering this 
message to an intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message immediately. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: rpc over https

[Sam Cayze]

" The easiest way to do this is with IE."

IMO the easiest was to push is via GPO.






-Original Message-
From: Richard Stovall [mailto:richard.stov...@researchdata.com] 
Sent: Friday, September 04, 2009 4:01 PM
To: NT System Admin Issues
Subject: RE: rpc over https

The SSL cert must be for whatever address your users will use from the outside 
(the inside will work too if you set up a split DNS structure).  The site 
really depends on how you set it up.  Could be the default, or possibly 
something else if you customize it.  I set ours up 4 or 5 years ago and haven't 
touched it since, so I don't really remember how much choice you have.  A quick 
look at the IIS config on our Exchange server puts it in the default site.

One thing about the cert you need to understand.  The trusted chain in the 
certificate store on your user's machines must go all the way up to the issuing 
authority.  It doesn't have to be a commercial cert, but the issuing authority 
must be trusted.  You can even use a self-signed cert, but it must be installed 
manually.  The easiest way to do this is with IE.

Once you get this working I think you'll really appreciate the benefits, at 
least with Exchange 2003.  The folks here rave about 2010's OWA, so maybe it 
won't be needed in the future.

Good luck,
RS

-Original Message-
From: Chris Orovet [mailto:coro...@atsi-inc.com] 
Sent: Friday, September 04, 2009 4:48 PM
To: NT System Admin Issues
Subject: rpc over https
Importance: High

Hey Guys and Gals,
 Can someone clarify this for me please. Im setting up rpc over https for some 
remote users that require access to mail and the contacts. Im finding 
conflicting information when setting up the ssl portion. Should the ssl cert be 
setup for my exchange internal fqdn or my external address? Also everything is 
pointing towards setting this up for my default website. Should this be setup 
for the exchange website and not the default?

I have 1 exchange server:

Windows 2003 ent sp2
Exchange 2003 ent sp2- This is my only DC as well(don't ask was made to set it 
up this way)
If anyone has a link they can shoot me that would clarify this id appreciate 
it. 


Regards,
 
Chris Orovet  Technical Support

O: (727)812-0276 Ext. 125
F: (727)812-0278
Email: supp...@atsi-inc.com
Web: http://www.atsi-inc.com


"Whatever relationships you have attracted in your life at this moment, are 
precisely the ones you need in your life at this moment. There is a hidden 
meaning behind all events, and this hidden meaning is serving your own 
evolution." ~Chopra

Confidentiality Notice: This e-mail message and any attachments are for the 
sole use of the intended recipient and may contain proprietary, confidential, 
trade secret or privileged information. Any unauthorized review, use, 
disclosure, or distribution is prohibited and may be a violation of law. If you 
are not the intended recipient or a person responsible for delivering this 
message to an intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message immediately. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: rpc over https

[Richard Stovall]

Absotively you should be using SSL for OWA.  I was just referring to
RPC over https, the use of which for external mail clients might be
obviated in Exchange 2010 if the reviews are correct.  We're still on
2003, so I wasn't aware of the Exchange 2007 bits.

Thanks,
RS

On Fri, Sep 4, 2009 at 6:43 PM, Brian Desmond wrote:
> Well it's still required post 2003.
>
> You shouldn't be doing OWA without SSL anyway.
>
> Outlook 2007+ and Exchange 2007+ use SSL connectivity even while on the LAN 
> for certain things - autodiscover, address book download, web services, etc.
>
> Thanks,
> Brian Desmond
> br...@briandesmond.com
>
> c - 312.731.3132
>
>
> -Original Message-
> From: Richard Stovall [mailto:richard.stov...@researchdata.com]
> Sent: Friday, September 04, 2009 4:01 PM
> To: NT System Admin Issues
> Subject: RE: rpc over https
>
> The SSL cert must be for whatever address your users will use from the 
> outside (the inside will work too if you set up a split DNS structure).  The 
> site really depends on how you set it up.  Could be the default, or possibly 
> something else if you customize it.  I set ours up 4 or 5 years ago and 
> haven't touched it since, so I don't really remember how much choice you 
> have.  A quick look at the IIS config on our Exchange server puts it in the 
> default site.
>
> One thing about the cert you need to understand.  The trusted chain in the 
> certificate store on your user's machines must go all the way up to the 
> issuing authority.  It doesn't have to be a commercial cert, but the issuing 
> authority must be trusted.  You can even use a self-signed cert, but it must 
> be installed manually.  The easiest way to do this is with IE.
>
> Once you get this working I think you'll really appreciate the benefits, at 
> least with Exchange 2003.  The folks here rave about 2010's OWA, so maybe it 
> won't be needed in the future.
>
> Good luck,
> RS
>
> -Original Message-
> From: Chris Orovet [mailto:coro...@atsi-inc.com]
> Sent: Friday, September 04, 2009 4:48 PM
> To: NT System Admin Issues
> Subject: rpc over https
> Importance: High
>
> Hey Guys and Gals,
>  Can someone clarify this for me please. Im setting up rpc over https for 
> some remote users that require access to mail and the contacts. Im finding 
> conflicting information when setting up the ssl portion. Should the ssl cert 
> be setup for my exchange internal fqdn or my external address? Also 
> everything is pointing towards setting this up for my default website. Should 
> this be setup for the exchange website and not the default?
>
> I have 1 exchange server:
>
> Windows 2003 ent sp2
> Exchange 2003 ent sp2- This is my only DC as well(don't ask was made to set 
> it up this way) If anyone has a link they can shoot me that would clarify 
> this id appreciate it.
>
>
> Regards,
>
> Chris Orovet  Technical Support
>
> O: (727)812-0276 Ext. 125
> F: (727)812-0278
> Email: supp...@atsi-inc.com
> Web: http://www.atsi-inc.com
>
>
> "Whatever relationships you have attracted in your life at this moment, are 
> precisely the ones you need in your life at this moment. There is a hidden 
> meaning behind all events, and this hidden meaning is serving your own 
> evolution." ~Chopra
>
> Confidentiality Notice: This e-mail message and any attachments are for the 
> sole use of the intended recipient and may contain proprietary, confidential, 
> trade secret or privileged information. Any unauthorized review, use, 
> disclosure, or distribution is prohibited and may be a violation of law. If 
> you are not the intended recipient or a person responsible for delivering 
> this message to an intended recipient, please contact the sender by reply 
> e-mail and destroy all copies of the original message immediately.
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: rpc over https

[Brian Desmond]

Well it's still required post 2003.

You shouldn't be doing OWA without SSL anyway.

Outlook 2007+ and Exchange 2007+ use SSL connectivity even while on the LAN for 
certain things - autodiscover, address book download, web services, etc.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


-Original Message-
From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Friday, September 04, 2009 4:01 PM
To: NT System Admin Issues
Subject: RE: rpc over https

The SSL cert must be for whatever address your users will use from the outside 
(the inside will work too if you set up a split DNS structure).  The site 
really depends on how you set it up.  Could be the default, or possibly 
something else if you customize it.  I set ours up 4 or 5 years ago and haven't 
touched it since, so I don't really remember how much choice you have.  A quick 
look at the IIS config on our Exchange server puts it in the default site.

One thing about the cert you need to understand.  The trusted chain in the 
certificate store on your user's machines must go all the way up to the issuing 
authority.  It doesn't have to be a commercial cert, but the issuing authority 
must be trusted.  You can even use a self-signed cert, but it must be installed 
manually.  The easiest way to do this is with IE.

Once you get this working I think you'll really appreciate the benefits, at 
least with Exchange 2003.  The folks here rave about 2010's OWA, so maybe it 
won't be needed in the future.

Good luck,
RS

-Original Message-
From: Chris Orovet [mailto:coro...@atsi-inc.com]
Sent: Friday, September 04, 2009 4:48 PM
To: NT System Admin Issues
Subject: rpc over https
Importance: High

Hey Guys and Gals,
 Can someone clarify this for me please. Im setting up rpc over https for some 
remote users that require access to mail and the contacts. Im finding 
conflicting information when setting up the ssl portion. Should the ssl cert be 
setup for my exchange internal fqdn or my external address? Also everything is 
pointing towards setting this up for my default website. Should this be setup 
for the exchange website and not the default?

I have 1 exchange server:

Windows 2003 ent sp2
Exchange 2003 ent sp2- This is my only DC as well(don't ask was made to set it 
up this way) If anyone has a link they can shoot me that would clarify this id 
appreciate it.


Regards,

Chris Orovet  Technical Support

O: (727)812-0276 Ext. 125
F: (727)812-0278
Email: supp...@atsi-inc.com
Web: http://www.atsi-inc.com


"Whatever relationships you have attracted in your life at this moment, are 
precisely the ones you need in your life at this moment. There is a hidden 
meaning behind all events, and this hidden meaning is serving your own 
evolution." ~Chopra

Confidentiality Notice: This e-mail message and any attachments are for the 
sole use of the intended recipient and may contain proprietary, confidential, 
trade secret or privileged information. Any unauthorized review, use, 
disclosure, or distribution is prohibited and may be a violation of law. If you 
are not the intended recipient or a person responsible for delivering this 
message to an intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message immediately.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: rpc over https

[Chris Orovet]

Thanks finally figured it out. I will probably see the latest version of 
exchange in production in about 5 years if im lucky...

Regards,
 
Chris Orovet  Technical Support

O: (727)812-0276 Ext. 125
F: (727)812-0278
Email: supp...@atsi-inc.com
Web: http://www.atsi-inc.com


"Whatever relationships you have attracted in your life at this moment, are 
precisely the ones you need in your life at this moment. There is a hidden 
meaning behind all events, and this hidden meaning is serving your own 
evolution." ~Chopra

Confidentiality Notice: This e-mail message and any attachments are for the 
sole use of the intended recipient and may contain proprietary, confidential, 
trade secret or privileged information. Any unauthorized review, use, 
disclosure, or distribution is prohibited and may be a violation of law. If you 
are not the intended recipient or a person responsible for delivering this 
message to an intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message immediately. 


-Original Message-
From: Richard Stovall [mailto:richard.stov...@researchdata.com] 
Sent: Friday, September 04, 2009 5:01 PM
To: NT System Admin Issues
Subject: RE: rpc over https

The SSL cert must be for whatever address your users will use from the outside 
(the inside will work too if you set up a split DNS structure).  The site 
really depends on how you set it up.  Could be the default, or possibly 
something else if you customize it.  I set ours up 4 or 5 years ago and haven't 
touched it since, so I don't really remember how much choice you have.  A quick 
look at the IIS config on our Exchange server puts it in the default site.

One thing about the cert you need to understand.  The trusted chain in the 
certificate store on your user's machines must go all the way up to the issuing 
authority.  It doesn't have to be a commercial cert, but the issuing authority 
must be trusted.  You can even use a self-signed cert, but it must be installed 
manually.  The easiest way to do this is with IE.

Once you get this working I think you'll really appreciate the benefits, at 
least with Exchange 2003.  The folks here rave about 2010's OWA, so maybe it 
won't be needed in the future.

Good luck,
RS

-Original Message-
From: Chris Orovet [mailto:coro...@atsi-inc.com] 
Sent: Friday, September 04, 2009 4:48 PM
To: NT System Admin Issues
Subject: rpc over https
Importance: High

Hey Guys and Gals,
 Can someone clarify this for me please. Im setting up rpc over https for some 
remote users that require access to mail and the contacts. Im finding 
conflicting information when setting up the ssl portion. Should the ssl cert be 
setup for my exchange internal fqdn or my external address? Also everything is 
pointing towards setting this up for my default website. Should this be setup 
for the exchange website and not the default?

I have 1 exchange server:

Windows 2003 ent sp2
Exchange 2003 ent sp2- This is my only DC as well(don't ask was made to set it 
up this way)
If anyone has a link they can shoot me that would clarify this id appreciate 
it. 


Regards,
 
Chris Orovet  Technical Support

O: (727)812-0276 Ext. 125
F: (727)812-0278
Email: supp...@atsi-inc.com
Web: http://www.atsi-inc.com


"Whatever relationships you have attracted in your life at this moment, are 
precisely the ones you need in your life at this moment. There is a hidden 
meaning behind all events, and this hidden meaning is serving your own 
evolution." ~Chopra

Confidentiality Notice: This e-mail message and any attachments are for the 
sole use of the intended recipient and may contain proprietary, confidential, 
trade secret or privileged information. Any unauthorized review, use, 
disclosure, or distribution is prohibited and may be a violation of law. If you 
are not the intended recipient or a person responsible for delivering this 
message to an intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message immediately. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: rpc over https

[Richard Stovall]

The SSL cert must be for whatever address your users will use from the outside 
(the inside will work too if you set up a split DNS structure).  The site 
really depends on how you set it up.  Could be the default, or possibly 
something else if you customize it.  I set ours up 4 or 5 years ago and haven't 
touched it since, so I don't really remember how much choice you have.  A quick 
look at the IIS config on our Exchange server puts it in the default site.

One thing about the cert you need to understand.  The trusted chain in the 
certificate store on your user's machines must go all the way up to the issuing 
authority.  It doesn't have to be a commercial cert, but the issuing authority 
must be trusted.  You can even use a self-signed cert, but it must be installed 
manually.  The easiest way to do this is with IE.

Once you get this working I think you'll really appreciate the benefits, at 
least with Exchange 2003.  The folks here rave about 2010's OWA, so maybe it 
won't be needed in the future.

Good luck,
RS

-Original Message-
From: Chris Orovet [mailto:coro...@atsi-inc.com] 
Sent: Friday, September 04, 2009 4:48 PM
To: NT System Admin Issues
Subject: rpc over https
Importance: High

Hey Guys and Gals,
 Can someone clarify this for me please. Im setting up rpc over https for some 
remote users that require access to mail and the contacts. Im finding 
conflicting information when setting up the ssl portion. Should the ssl cert be 
setup for my exchange internal fqdn or my external address? Also everything is 
pointing towards setting this up for my default website. Should this be setup 
for the exchange website and not the default?

I have 1 exchange server:

Windows 2003 ent sp2
Exchange 2003 ent sp2- This is my only DC as well(don't ask was made to set it 
up this way)
If anyone has a link they can shoot me that would clarify this id appreciate 
it. 


Regards,
 
Chris Orovet  Technical Support

O: (727)812-0276 Ext. 125
F: (727)812-0278
Email: supp...@atsi-inc.com
Web: http://www.atsi-inc.com


"Whatever relationships you have attracted in your life at this moment, are 
precisely the ones you need in your life at this moment. There is a hidden 
meaning behind all events, and this hidden meaning is serving your own 
evolution." ~Chopra

Confidentiality Notice: This e-mail message and any attachments are for the 
sole use of the intended recipient and may contain proprietary, confidential, 
trade secret or privileged information. Any unauthorized review, use, 
disclosure, or distribution is prohibited and may be a violation of law. If you 
are not the intended recipient or a person responsible for delivering this 
message to an intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message immediately. 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: RPC over HTTPS

[Thomas W Shinder]

Hi Jeff,

 

You need to consider the MS IAG. You will like it!

 

Tom

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 6:53 PM
To: NT System Admin Issues
Subject: RPC over HTTPS

 



We are getting ready to roll out RPC over HTTPS for email. For quite
awhile we have had most of our users internal to the company and have
just used the Outlook client to access Exchange natively. As we have
brought remote offices online the VPN tunnels enabled similar access.
Then we had a few roaming users that we gave VPN access to for their
email. And of course everyone has OWA for access from home, and
ActiveSync for access from their mobile devices. 

There is one overwhelming concern we have with enabling RPC over HTTPS
though, and I am wondering if anyone has any commentary on this, or
suggestions. By allowing RPC over HTTPS we are enabling our staff to
download all of their company email on a machine which may or may not be
within our control. Sure, with OWA they can access their email from home
and selectively grab a message here and there, but with RPC over HTTPS
they can grab an entire mailbox and do whatever they want with it. This
is definitely one of those areas that could come back to haunt us later.


For the short term we would only set it up on company laptops of course,
however there is nothing stopping someone from copying those settings to
their own personal machine. Or is there? Is there any solution that can
be implemented so we control which computers can access our Exchange
over RPC? 

Thanks, 
Jeff 






 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: RPC over HTTPS

[Thomas W Shinder]

Hi Andy,
 
IAG is licensed on a per client basis, but there are number of options
available. ISA is installed on it as a host based firewall, but you
would never configure the ISA components. The ISA configuration is done
automatically when you configure the IAG SSL VPN. So, the IAG is used
*only* for SSL VPN, not as an inbound or outbound firewall as ISA would
be used. 
 
Right now, IAG is only available as a hardware offering from from select
OEMs.
 
Tom
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- Microsoft Firewalls (ISA)

 




From: Andy Shook [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 07, 2008 6:17 AM
To: NT System Admin Issues
    Subject: RE: RPC over HTTPS




Dr. Tom,

How is IAG licensed, is it part of ISA 2006 natively or what? 

 

Thanks, 

 

Shook

http://www.linkedin.com/in/andyshook  





From: Thomas W Shinder [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 07, 2008 12:07 AM
To: NT System Admin Issues
    Subject: RE: RPC over HTTPS

 

 

Of course you can control this.  

IAG.

 

From: Michael B. Smith [mailto:[EMAIL PROTECTED]

Sent: Wednesday, February 06, 2008 7:36 PM
To: NT System Admin Issues
    Subject: RE: RPC over HTTPS

 

 

It is a valid concern, and no - I'm not aware of any way to
prevent it on a machine-by-machine basis.

 

Regards,

 

Michael B. Smith

MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 7:53 PM
To: NT System Admin Issues
Subject: RPC over HTTPS

 



We are getting ready to roll out RPC over HTTPS for email. For
quite awhile we have had most of our users internal to the company and
have just used the Outlook client to access Exchange natively. As we
have brought remote offices online the VPN tunnels enabled similar
access. Then we had a few roaming users that we gave VPN access to for
their email. And of course everyone has OWA for access from home, and
ActiveSync for access from their mobile devices. 

There is one overwhelming concern we have with enabling RPC over
HTTPS though, and I am wondering if anyone has any commentary on this,
or suggestions. By allowing RPC over HTTPS we are enabling our staff to
download all of their company email on a machine which may or may not be
within our control. Sure, with OWA they can access their email from home
and selectively grab a message here and there, but with RPC over HTTPS
they can grab an entire mailbox and do whatever they want with it. This
is definitely one of those areas that could come back to haunt us later.


For the short term we would only set it up on company laptops of
course, however there is nothing stopping someone from copying those
settings to their own personal machine. Or is there? Is there any
solution that can be implemented so we control which computers can
access our Exchange over RPC? 

Thanks, 
Jeff 











 










 
 
 


 

 










 
 


 

 





 













~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: RPC over HTTPS

[Andy Shook]

Dr. Tom,

How is IAG licensed, is it part of ISA 2006 natively or what? 

 

Thanks, 

 

Shook

http://www.linkedin.com/in/andyshook  



From: Thomas W Shinder [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 07, 2008 12:07 AM
To: NT System Admin Issues
Subject: RE: RPC over HTTPS

 

 

Of course you can control this.  

IAG.

 

From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 7:36 PM
To: NT System Admin Issues
Subject: RE: RPC over HTTPS

 

 

It is a valid concern, and no - I'm not aware of any way to prevent it
on a machine-by-machine basis.

 

Regards,

 

Michael B. Smith

MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 7:53 PM
To: NT System Admin Issues
Subject: RPC over HTTPS

 



We are getting ready to roll out RPC over HTTPS for email. For quite
awhile we have had most of our users internal to the company and have
just used the Outlook client to access Exchange natively. As we have
brought remote offices online the VPN tunnels enabled similar access.
Then we had a few roaming users that we gave VPN access to for their
email. And of course everyone has OWA for access from home, and
ActiveSync for access from their mobile devices. 

There is one overwhelming concern we have with enabling RPC over HTTPS
though, and I am wondering if anyone has any commentary on this, or
suggestions. By allowing RPC over HTTPS we are enabling our staff to
download all of their company email on a machine which may or may not be
within our control. Sure, with OWA they can access their email from home
and selectively grab a message here and there, but with RPC over HTTPS
they can grab an entire mailbox and do whatever they want with it. This
is definitely one of those areas that could come back to haunt us later.


For the short term we would only set it up on company laptops of course,
however there is nothing stopping someone from copying those settings to
their own personal machine. Or is there? Is there any solution that can
be implemented so we control which computers can access our Exchange
over RPC? 

Thanks, 
Jeff 











 










 
 
 


 

 










 
 


 

 





 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: RPC over HTTPS

[Ken Schaefer]

Alternatively, implement RMS or similar to protect the actual messages, rather 
trying to arbitrate the machines that connect.

Cheers
Ken

From: Thomas W Shinder [mailto:[EMAIL PROTECTED]
Sent: Thursday, 7 February 2008 4:07 PM
To: NT System Admin Issues
Subject: RE: RPC over HTTPS


Of course you can control this.
IAG.

From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 06, 2008 7:36 PM
To: NT System Admin Issues
Subject: RE: RPC over HTTPS


It is a valid concern, and no - I'm not aware of any way to prevent it on a 
machine-by-machine basis.

Regards,

Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 06, 2008 7:53 PM
To: NT System Admin Issues
Subject: RPC over HTTPS



We are getting ready to roll out RPC over HTTPS for email. For quite awhile we 
have had most of our users internal to the company and have just used the 
Outlook client to access Exchange natively. As we have brought remote offices 
online the VPN tunnels enabled similar access. Then we had a few roaming users 
that we gave VPN access to for their email. And of course everyone has OWA for 
access from home, and ActiveSync for access from their mobile devices.

There is one overwhelming concern we have with enabling RPC over HTTPS though, 
and I am wondering if anyone has any commentary on this, or suggestions. By 
allowing RPC over HTTPS we are enabling our staff to download all of their 
company email on a machine which may or may not be within our control. Sure, 
with OWA they can access their email from home and selectively grab a message 
here and there, but with RPC over HTTPS they can grab an entire mailbox and do 
whatever they want with it. This is definitely one of those areas that could 
come back to haunt us later.

For the short term we would only set it up on company laptops of course, 
however there is nothing stopping someone from copying those settings to their 
own personal machine. Or is there? Is there any solution that can be 
implemented so we control which computers can access our Exchange over RPC?

Thanks,
Jeff






























































~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: RPC over HTTPS

[Matt Bullock]

This might not prevent access completely for smart users, but if you use
a self-signed certificate, the only people that can use RPC/HTTPS are
clients that you issue the root certificate to.  

 

-matt

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 4:53 PM
To: NT System Admin Issues
Subject: RPC over HTTPS

 



We are getting ready to roll out RPC over HTTPS for email. For quite
awhile we have had most of our users internal to the company and have
just used the Outlook client to access Exchange natively. As we have
brought remote offices online the VPN tunnels enabled similar access.
Then we had a few roaming users that we gave VPN access to for their
email. And of course everyone has OWA for access from home, and
ActiveSync for access from their mobile devices. 

There is one overwhelming concern we have with enabling RPC over HTTPS
though, and I am wondering if anyone has any commentary on this, or
suggestions. By allowing RPC over HTTPS we are enabling our staff to
download all of their company email on a machine which may or may not be
within our control. Sure, with OWA they can access their email from home
and selectively grab a message here and there, but with RPC over HTTPS
they can grab an entire mailbox and do whatever they want with it. This
is definitely one of those areas that could come back to haunt us later.


For the short term we would only set it up on company laptops of course,
however there is nothing stopping someone from copying those settings to
their own personal machine. Or is there? Is there any solution that can
be implemented so we control which computers can access our Exchange
over RPC? 

Thanks, 
Jeff 






 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: RPC over HTTPS

[Thomas W Shinder]

Of course you can control this.  

IAG.

 

From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 7:36 PM
To: NT System Admin Issues
Subject: RE: RPC over HTTPS

 

 

It is a valid concern, and no - I'm not aware of any way to prevent it
on a machine-by-machine basis.

 

Regards,

 

Michael B. Smith

MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 7:53 PM
To: NT System Admin Issues
Subject: RPC over HTTPS

 



We are getting ready to roll out RPC over HTTPS for email. For quite
awhile we have had most of our users internal to the company and have
just used the Outlook client to access Exchange natively. As we have
brought remote offices online the VPN tunnels enabled similar access.
Then we had a few roaming users that we gave VPN access to for their
email. And of course everyone has OWA for access from home, and
ActiveSync for access from their mobile devices. 

There is one overwhelming concern we have with enabling RPC over HTTPS
though, and I am wondering if anyone has any commentary on this, or
suggestions. By allowing RPC over HTTPS we are enabling our staff to
download all of their company email on a machine which may or may not be
within our control. Sure, with OWA they can access their email from home
and selectively grab a message here and there, but with RPC over HTTPS
they can grab an entire mailbox and do whatever they want with it. This
is definitely one of those areas that could come back to haunt us later.


For the short term we would only set it up on company laptops of course,
however there is nothing stopping someone from copying those settings to
their own personal machine. Or is there? Is there any solution that can
be implemented so we control which computers can access our Exchange
over RPC? 

Thanks, 
Jeff 











 
 


 

 





 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Re: RPC over HTTPS

[jeff . wilhelm]

> However, what other access do remote clients have - is there a VPN in
> place for remote/mobile individuals? If so, the same hole effectively
> exists anyway. They can install (or configure natively) the VPN
> client, and then use Outlook remotely anyway.
Most of the users that have VPN really only use it to connect in and then 
open up Outlook, so in those instances once RPC over HTTPS is rolled out 
the vast majority of them will not be provided VPN access.
We have played with SSL Explorer and other SSL VPN solutions (Watchguard, 
etc...) and will weigh them as well. Thanks!





"Kurt Buff" <[EMAIL PROTECTED]> 
02/06/2008 08:38 PM
Please respond to
"NT System Admin Issues" 


To
"NT System Admin Issues" 
cc

Subject
Re: RPC over HTTPS






No way I know of to stop this.

However, what other access do remote clients have - is there a VPN in
place for remote/mobile individuals? If so, the same hole effectively
exists anyway. They can install (or configure natively) the VPN
client, and then use Outlook remotely anyway.

If you're truly concerned about this, I can suggest an alternative:
ssl-explorer. Google for it- I don't have the link in front of me.

It's an SSL VPN that uses a web interface - they browse to your
external host port, and are presented with a web page that gives them
a set of pre-defined applications, such as relevant TS sessions to a
TS server or their desktop, or an internal web app that you publish
through SSL, or a file share presented in a web page.

Kinda hard to slurp an entire mailbox over a TS session.

Kurt

On Feb 6, 2008 4:52 PM,  <[EMAIL PROTECTED]> wrote:
>
>
> We are getting ready to roll out RPC over HTTPS for email. For quite 
awhile
> we have had most of our users internal to the company and have just used 
the
> Outlook client to access Exchange natively. As we have brought remote
> offices online the VPN tunnels enabled similar access. Then we had a few
> roaming users that we gave VPN access to for their email. And of course
> everyone has OWA for access from home, and ActiveSync for access from 
their
> mobile devices.
>
> There is one overwhelming concern we have with enabling RPC over HTTPS
> though, and I am wondering if anyone has any commentary on this, or
> suggestions. By allowing RPC over HTTPS we are enabling our staff to
> download all of their company email on a machine which may or may not be
> within our control. Sure, with OWA they can access their email from home 
and
> selectively grab a message here and there, but with RPC over HTTPS they 
can
> grab an entire mailbox and do whatever they want with it. This is 
definitely
> one of those areas that could come back to haunt us later.
>
> For the short term we would only set it up on company laptops of course,
> however there is nothing stopping someone from copying those settings to
> their own personal machine. Or is there? Is there any solution that can 
be
> implemented so we control which computers can access our Exchange over 
RPC?
>
> Thanks,
> Jeff
>
>
>
>
>
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Re: RPC over HTTPS

[Kurt Buff]

Oh, ye gods...

I forgot about that...

So, really no solution at all - well, maybe.

SSL-Explorer has two kinds of TS client available. One is written in
Java, and I don't know if it's a full implementation.

I'll have to try that out, when I get back from the UK.

On Feb 6, 2008 5:43 PM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:
> Why would you say that?
>
> File -> Export to PST
>
> Then, SMB copy it to the local machine.
>
> Regards,
>
> Michael B. Smith
> MCSE/Exchange MVP
> http://TheEssentialExchange.com
>
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 06, 2008 8:39 PM
> To: NT System Admin Issues
>
> Subject: Re: RPC over HTTPS
>
> No way I know of to stop this.
>
> However, what other access do remote clients have - is there a VPN in
> place for remote/mobile individuals? If so, the same hole effectively
> exists anyway. They can install (or configure natively) the VPN
> client, and then use Outlook remotely anyway.
>
> If you're truly concerned about this, I can suggest an alternative:
> ssl-explorer. Google for it- I don't have the link in front of me.
>
> It's an SSL VPN that uses a web interface - they browse to your
> external host port, and are presented with a web page that gives them
> a set of pre-defined applications, such as relevant TS sessions to a
> TS server or their desktop, or an internal web app that you publish
> through SSL, or a file share presented in a web page.
>
> Kinda hard to slurp an entire mailbox over a TS session.
>
> Kurt
>
> On Feb 6, 2008 4:52 PM,  <[EMAIL PROTECTED]> wrote:
> >
> >
> > We are getting ready to roll out RPC over HTTPS for email. For quite
> awhile
> > we have had most of our users internal to the company and have just used
> the
> > Outlook client to access Exchange natively. As we have brought remote
> > offices online the VPN tunnels enabled similar access. Then we had a few
> > roaming users that we gave VPN access to for their email. And of course
> > everyone has OWA for access from home, and ActiveSync for access from
> their
> > mobile devices.
> >
> > There is one overwhelming concern we have with enabling RPC over HTTPS
> > though, and I am wondering if anyone has any commentary on this, or
> > suggestions. By allowing RPC over HTTPS we are enabling our staff to
> > download all of their company email on a machine which may or may not be
> > within our control. Sure, with OWA they can access their email from home
> and
> > selectively grab a message here and there, but with RPC over HTTPS they
> can
> > grab an entire mailbox and do whatever they want with it. This is
> definitely
> > one of those areas that could come back to haunt us later.
> >
> > For the short term we would only set it up on company laptops of course,
> > however there is nothing stopping someone from copying those settings to
> > their own personal machine. Or is there? Is there any solution that can be
> > implemented so we control which computers can access our Exchange over
> RPC?
> >
> > Thanks,
> > Jeff
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: RPC over HTTPS

[Michael B. Smith]

Why would you say that?

File -> Export to PST

Then, SMB copy it to the local machine.

Regards,

Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 8:39 PM
To: NT System Admin Issues
Subject: Re: RPC over HTTPS

No way I know of to stop this.

However, what other access do remote clients have - is there a VPN in
place for remote/mobile individuals? If so, the same hole effectively
exists anyway. They can install (or configure natively) the VPN
client, and then use Outlook remotely anyway.

If you're truly concerned about this, I can suggest an alternative:
ssl-explorer. Google for it- I don't have the link in front of me.

It's an SSL VPN that uses a web interface - they browse to your
external host port, and are presented with a web page that gives them
a set of pre-defined applications, such as relevant TS sessions to a
TS server or their desktop, or an internal web app that you publish
through SSL, or a file share presented in a web page.

Kinda hard to slurp an entire mailbox over a TS session.

Kurt

On Feb 6, 2008 4:52 PM,  <[EMAIL PROTECTED]> wrote:
>
>
> We are getting ready to roll out RPC over HTTPS for email. For quite
awhile
> we have had most of our users internal to the company and have just used
the
> Outlook client to access Exchange natively. As we have brought remote
> offices online the VPN tunnels enabled similar access. Then we had a few
> roaming users that we gave VPN access to for their email. And of course
> everyone has OWA for access from home, and ActiveSync for access from
their
> mobile devices.
>
> There is one overwhelming concern we have with enabling RPC over HTTPS
> though, and I am wondering if anyone has any commentary on this, or
> suggestions. By allowing RPC over HTTPS we are enabling our staff to
> download all of their company email on a machine which may or may not be
> within our control. Sure, with OWA they can access their email from home
and
> selectively grab a message here and there, but with RPC over HTTPS they
can
> grab an entire mailbox and do whatever they want with it. This is
definitely
> one of those areas that could come back to haunt us later.
>
> For the short term we would only set it up on company laptops of course,
> however there is nothing stopping someone from copying those settings to
> their own personal machine. Or is there? Is there any solution that can be
> implemented so we control which computers can access our Exchange over
RPC?
>
> Thanks,
> Jeff
>
>
>
>
>
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Re: RPC over HTTPS

[Kurt Buff]

No way I know of to stop this.

However, what other access do remote clients have - is there a VPN in
place for remote/mobile individuals? If so, the same hole effectively
exists anyway. They can install (or configure natively) the VPN
client, and then use Outlook remotely anyway.

If you're truly concerned about this, I can suggest an alternative:
ssl-explorer. Google for it- I don't have the link in front of me.

It's an SSL VPN that uses a web interface - they browse to your
external host port, and are presented with a web page that gives them
a set of pre-defined applications, such as relevant TS sessions to a
TS server or their desktop, or an internal web app that you publish
through SSL, or a file share presented in a web page.

Kinda hard to slurp an entire mailbox over a TS session.

Kurt

On Feb 6, 2008 4:52 PM,  <[EMAIL PROTECTED]> wrote:
>
>
> We are getting ready to roll out RPC over HTTPS for email. For quite awhile
> we have had most of our users internal to the company and have just used the
> Outlook client to access Exchange natively. As we have brought remote
> offices online the VPN tunnels enabled similar access. Then we had a few
> roaming users that we gave VPN access to for their email. And of course
> everyone has OWA for access from home, and ActiveSync for access from their
> mobile devices.
>
> There is one overwhelming concern we have with enabling RPC over HTTPS
> though, and I am wondering if anyone has any commentary on this, or
> suggestions. By allowing RPC over HTTPS we are enabling our staff to
> download all of their company email on a machine which may or may not be
> within our control. Sure, with OWA they can access their email from home and
> selectively grab a message here and there, but with RPC over HTTPS they can
> grab an entire mailbox and do whatever they want with it. This is definitely
> one of those areas that could come back to haunt us later.
>
> For the short term we would only set it up on company laptops of course,
> however there is nothing stopping someone from copying those settings to
> their own personal machine. Or is there? Is there any solution that can be
> implemented so we control which computers can access our Exchange over RPC?
>
> Thanks,
> Jeff
>
>
>
>
>
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: RPC over HTTPS

[Michael B. Smith]

It is a valid concern, and no - I'm not aware of any way to prevent it on a
machine-by-machine basis.

 

Regards,

 

Michael B. Smith

MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 06, 2008 7:53 PM
To: NT System Admin Issues
Subject: RPC over HTTPS

 



We are getting ready to roll out RPC over HTTPS for email. For quite awhile
we have had most of our users internal to the company and have just used the
Outlook client to access Exchange natively. As we have brought remote
offices online the VPN tunnels enabled similar access. Then we had a few
roaming users that we gave VPN access to for their email. And of course
everyone has OWA for access from home, and ActiveSync for access from their
mobile devices. 

There is one overwhelming concern we have with enabling RPC over HTTPS
though, and I am wondering if anyone has any commentary on this, or
suggestions. By allowing RPC over HTTPS we are enabling our staff to
download all of their company email on a machine which may or may not be
within our control. Sure, with OWA they can access their email from home and
selectively grab a message here and there, but with RPC over HTTPS they can
grab an entire mailbox and do whatever they want with it. This is definitely
one of those areas that could come back to haunt us later. 

For the short term we would only set it up on company laptops of course,
however there is nothing stopping someone from copying those settings to
their own personal machine. Or is there? Is there any solution that can be
implemented so we control which computers can access our Exchange over RPC? 

Thanks, 
Jeff 








 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~