Limit Offsite Users Access

[NicBurns]

I have a client that needs to have a mailbox on my exchange 5.5 server Via a Cisco VPN client but I only want her to be able to access the mailbox with no other domain access, any ideas how to do this are greatly appreciated

 

[Spirit]

You could either set up OWA.

 

[ShackDaddy]

The best solution would be to limit the ports that the VPN allows to those required for mail. I don't know whether she's accessing POP or MAPI, so depending on which, you'd have to filter for different ports.

Another option is to create a new group in the domain called "Limited" or something and add it to the share permissions list on each share in your network, with "Deny" as the set permission. Then add this user's account into that group. In the future, if other's need the same sort of access, you can add them to that "Limited" group.

OWA is a good solution if you can get rid of VPN access altogether for this user and have an extra server to set up as a public web server. But then you have introduced a whole new environment for security compromises, so you need to weigh that against the options I detailed above.

I'm sure other people will offer some additional good options.

ShackDaddy