XWEB: Permissions Required for Outlook Web Access (175892)

MORE INFORMATION

Outlook Web Access uses the Microsoft Internet Information Server with Active Server Pages to grant users access to their mailbox and calendar through a Web browser. There are three areas of permissions to be set up to make this work correctly:

• Everyone in the Windows NT domain. Everyone must be granted "Access this computer from the network" and "Log on locally" permissions through User Manager for Domains. Everyone also requires Search permission at the Exchange Site Container.
  
  NOTE: You must set the Exchange search permissions for everyone and the anonymous account only if search permissions are used in your organization at or below the site container level. If search permissions are not being used, do not set this property because it may have adverse effects on Directory Access.
  
  Please see the Microsoft Knowledge Base or your Microsoft Exchange Server Administrator's Guide for additional information about the Exchange Search permissions.
• Directory Anonymous Account. The Anonymous account is specified at the Directory Site Configuration object on the General page. This account must have Search permissions at the Exchange Configuration container. However, DO NOT add search permissions for this account at the Directory Site Configuration or at the Site Container. These permissions are granted by default. Adding Search permissions will cause problems on directory access for other recipients.
• The account used by the Internet Information Service (IIS). This account must have "Log on locally" and "Access this computer from the network" rights specified. IIS must be configured to allow Anonymous logon, and Basic (Clear Text) should be set as the authentication method.
• Verify permissions to the Exchsrvr folder. All OWA users must have Read permissions to this folder, to all its subfolders, and to all its objects.