So I was asked to set up an Exchange Activesync mobile gateway. That's done. It's a separat eExchange 2003 front-end server configured for SSL, and I've put an off-domain ISA server in front of it. Now I'm being asked to limit which users can connect to it.
By default an Exchange front-end server allows any user who has a mail account to connect to the front -end server. So I'm looking at the permissions on the various IIS sites/apps on the server, but I know that it's easy to break Exchange Front-end server perms.
So I've got the following in IIS:
Exadmin
Exchange
EchWeb
Microsoft-SErver-ActiveSync
MobileAdmin
OMA
And a couple of others that I dont think are relevant.
Can I change the permissions on one of these to restrict who can connect to Activesync?
As a bonus: Can I do it in a way that does not affect ordinary browser based Exchange Access?
Thanks in Advance!!
Best Answer
It wouldn't be recommended to alter the permissions in IIS. You can control Activesync on a user by user basis in the properties of the user account in ADUC. Select the Exchange Features tab and disable the User Intitiated Synchronization feature.