{"id":463,"date":"2015-08-30T15:37:39","date_gmt":"2015-08-30T20:37:39","guid":{"rendered":"http:\/\/laurinkeithdavis.com\/wordpress\/?p=463"},"modified":"2020-01-03T07:25:13","modified_gmt":"2020-01-03T12:25:13","slug":"microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group","status":"publish","type":"post","link":"https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/","title":{"rendered":"Microsoft Exchange Outlook Web App – Restricting Users By Location (IP Subnet) & Group"},"content":{"rendered":"

The powers that be decided that we need to be more secure and most of our users should not be working remotely without permission, and that includes just checking email. So I had to devise a way to make this happen. I found a script somewhere online that seemed to provide such a restriction. The file to be changed is<\/p>\n

C:\\Program Files\\Microsoft\\Exchange Server\\V14\\ClientAccess\\Owa\\forms\\startpage.aspx<\/div>\n
 <\/div>\n
Of course, this is for Exchange 2010. I assume this would be similar in later versions of Exchange, but I cannot confirm.<\/div>\n
 <\/div>\n
This is my first iteration:<\/div>\n
 <\/div>\n
\n
\n&lt;%\n\tstring strIP = Request.ServerVariables["REMOTE_ADDR"];\n\n\tif(strIP.Substring(0, 8) != "192.168.")\n\t{\n\t\tSystem.Security.Principal.WindowsIdentity oUser = Request.LogonUserIdentity;\n\t\tSystem.Security.Principal.WindowsPrincipal oPrincipal = new System.Security.Principal.WindowsPrincipal(oUser);\n\n\t\tif(!oPrincipal.IsInRole("Domain Users"))\n\t\t{\n\t\t\tResponse.Write("Sorry, you are not allowed to access OWA from this location:" + strIP);\n\t\t}\n\t}\n%&gt;\n<\/pre>\n<\/div>\n
However, this did not work when I tried to restrict the user to group “pridedallas.com\\\\Outlook Web Access – Remote” – no user had access.<\/p>\n
After much effort, I discovered that LogonUserIdentity is the Exchange service name, not the actual user name. So I modified it to this, which works great!<\/p>\n
\n&lt;%\n\tstring strIP = Request.ServerVariables["REMOTE_ADDR"];\n\n\tif(strIP.Substring(0, 8) != "192.168.")\n\t{\n\t\tstring strUser = Request.ServerVariables["REMOTE_USER"].ToUpper();\n\t\tint p = strUser.IndexOf("\\\\");\n\n    \tif(p != -1)\n      \t\tstrUser = strUser.Substring(p + 1);\n\n\t\tResponse.Write(strUser);\n\t\tSystem.Security.Principal.WindowsIdentity oUser = new System.Security.Principal.WindowsIdentity(strUser + "@pridedallas.com");\n\t\tSystem.Security.Principal.WindowsPrincipal oPrincipal = new System.Security.Principal.WindowsPrincipal(oUser);\n\n\t\tif(oPrincipal.IsInRole("pridedallas.com\\\\Outlook Web Access - Remote"))\n\t\t{\n\t\t\tResponse.Write("Sorry, you are not allowed to access PRIDE email remotely (" + strIP + ").");\n\t\t}\n\t}\n\n%&gt;\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
The powers that be decided that we need to be more secure and most of our users should not be working remotely without permission, and that includes just checking email. So I had to devise a way to make this happen. I found a script somewhere online that seemed to provide such a restriction. The …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3],"tags":[],"class_list":["post-463","post","type-post","status-publish","format-standard","hentry","category-blog"],"yoast_head":"\nMicrosoft Exchange Outlook Web App - Restricting Users By Location (IP Subnet) & Group<\/title>\n<meta name=\"description\" content=\"How to restrict Exchange Outlook Web App to a specific IP subnet and \/ or an Active Directory Security Group.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"laurin1\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\\\/\"},\"author\":{\"name\":\"laurin1\",\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/1861bcbaef0e308b3d8425e1c31d5a2b\"},\"headline\":\"Microsoft Exchange Outlook Web App – Restricting Users By Location (IP Subnet) & Group\",\"datePublished\":\"2015-08-30T20:37:39+00:00\",\"dateModified\":\"2020-01-03T12:25:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\\\/\"},\"wordCount\":325,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/fbc4e40a1986326ceb08f5f29f53ff79\"},\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\\\/\",\"url\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\\\/\",\"name\":\"Microsoft Exchange Outlook Web App - Restricting Users By Location (IP Subnet) & Group\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/#website\"},\"datePublished\":\"2015-08-30T20:37:39+00:00\",\"dateModified\":\"2020-01-03T12:25:13+00:00\",\"description\":\"How to restrict Exchange Outlook Web App to a specific IP subnet and \\\/ or an Active Directory Security Group.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/\",\"name\":\"Laurin Keith Davis\",\"description\":\"What we have here, is a failure to communicate...\",\"publisher\":{\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/fbc4e40a1986326ceb08f5f29f53ff79\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/fbc4e40a1986326ceb08f5f29f53ff79\",\"name\":\"Keith\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/2012-04-04-001.jpg\",\"url\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/2012-04-04-001.jpg\",\"contentUrl\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/2012-04-04-001.jpg\",\"width\":640,\"height\":640,\"caption\":\"Keith\"},\"logo\":{\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/2012-04-04-001.jpg\"},\"sameAs\":[\"http:\\\/\\\/www.facebook.com\\\/laurin1\",\"https:\\\/\\\/www.facebook.com\\\/laurin1\",\"https:\\\/\\\/www.instagram.com\\\/laurinkeithdavis\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/laurin1\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/laurindavis\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/1861bcbaef0e308b3d8425e1c31d5a2b\",\"name\":\"laurin1\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f22d2ca8275d0ed003a18f070dd397b82ba1ad35ed38742c6410652a9a521c69?s=96&d=mm&r=pg\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f22d2ca8275d0ed003a18f070dd397b82ba1ad35ed38742c6410652a9a521c69?s=96&d=mm&r=pg\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f22d2ca8275d0ed003a18f070dd397b82ba1ad35ed38742c6410652a9a521c69?s=96&d=mm&r=pg\",\"caption\":\"laurin1\"},\"url\":\"https:\\\/\\\/laurinkeithdavis.com\\\/wordpress\\\/author\\\/laurin1\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Exchange Outlook Web App - Restricting Users By Location (IP Subnet) & Group","description":"How to restrict Exchange Outlook Web App to a specific IP subnet and \/ or an Active Directory Security Group.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/","twitter_misc":{"Written by":"laurin1","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/#article","isPartOf":{"@id":"https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/"},"author":{"name":"laurin1","@id":"https:\/\/laurinkeithdavis.com\/wordpress\/#\/schema\/person\/1861bcbaef0e308b3d8425e1c31d5a2b"},"headline":"Microsoft Exchange Outlook Web App – Restricting Users By Location (IP Subnet) & Group","datePublished":"2015-08-30T20:37:39+00:00","dateModified":"2020-01-03T12:25:13+00:00","mainEntityOfPage":{"@id":"https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/"},"wordCount":325,"commentCount":0,"publisher":{"@id":"https:\/\/laurinkeithdavis.com\/wordpress\/#\/schema\/person\/fbc4e40a1986326ceb08f5f29f53ff79"},"articleSection":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/","url":"https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/","name":"Microsoft Exchange Outlook Web App - Restricting Users By Location (IP Subnet) & Group","isPartOf":{"@id":"https:\/\/laurinkeithdavis.com\/wordpress\/#website"},"datePublished":"2015-08-30T20:37:39+00:00","dateModified":"2020-01-03T12:25:13+00:00","description":"How to restrict Exchange Outlook Web App to a specific IP subnet and \/ or an Active Directory Security Group.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/laurinkeithdavis.com\/wordpress\/microsoft-exchange-outlook-web-app-restricting-users-by-location-ip-subnet-group\/"]}]},{"@type":"WebSite","@id":"https:\/\/laurinkeithdavis.com\/wordpress\/#website","url":"https:\/\/laurinkeithdavis.com\/wordpress\/","name":"Laurin Keith Davis","description":"What we have here, is a failure to communicate...","publisher":{"@id":"https:\/\/laurinkeithdavis.com\/wordpress\/#\/schema\/person\/fbc4e40a1986326ceb08f5f29f53ff79"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/laurinkeithdavis.com\/wordpress\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/laurinkeithdavis.com\/wordpress\/#\/schema\/person\/fbc4e40a1986326ceb08f5f29f53ff79","name":"Keith","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-content\/uploads\/2012\/05\/2012-04-04-001.jpg","url":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-content\/uploads\/2012\/05\/2012-04-04-001.jpg","contentUrl":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-content\/uploads\/2012\/05\/2012-04-04-001.jpg","width":640,"height":640,"caption":"Keith"},"logo":{"@id":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-content\/uploads\/2012\/05\/2012-04-04-001.jpg"},"sameAs":["http:\/\/www.facebook.com\/laurin1","https:\/\/www.facebook.com\/laurin1","https:\/\/www.instagram.com\/laurinkeithdavis","https:\/\/www.linkedin.com\/in\/laurin1","https:\/\/x.com\/https:\/\/twitter.com\/laurindavis"]},{"@type":"Person","@id":"https:\/\/laurinkeithdavis.com\/wordpress\/#\/schema\/person\/1861bcbaef0e308b3d8425e1c31d5a2b","name":"laurin1","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f22d2ca8275d0ed003a18f070dd397b82ba1ad35ed38742c6410652a9a521c69?s=96&d=mm&r=pg","url":"https:\/\/secure.gravatar.com\/avatar\/f22d2ca8275d0ed003a18f070dd397b82ba1ad35ed38742c6410652a9a521c69?s=96&d=mm&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f22d2ca8275d0ed003a18f070dd397b82ba1ad35ed38742c6410652a9a521c69?s=96&d=mm&r=pg","caption":"laurin1"},"url":"https:\/\/laurinkeithdavis.com\/wordpress\/author\/laurin1\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p16SmA-7t","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/posts\/463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/comments?post=463"}],"version-history":[{"count":11,"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/posts\/463\/revisions"}],"predecessor-version":[{"id":589,"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/posts\/463\/revisions\/589"}],"wp:attachment":[{"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/media?parent=463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/categories?post=463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/laurinkeithdavis.com\/wordpress\/wp-json\/wp\/v2\/tags?post=463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}