Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - Logging On to OWA 2007

Understanding User Modes

If your Exchange server has been set up to use FBA on the OWA site, the OWA logon will look like the screen shown in Figure 1.

Figure 1. The forms-based logon.

Unlike the previous version of Exchange, the choice between the Premium and the Light modes is picked in a different way. The default setting is to run the full OWA client and the user must check the Use OWA Light check box to use the more basic client.

Using the OWA Standard Authentication Mode

The standard authentication mode of OWA provides the end user with an experience that is nearly identical to Outlook 2007 for almost all functions. The only potential drawback to using the full OWA client is that the bandwidth requirements are higher than those for users using the Light OWA client. If users have reasonable network connectivity, for example, 64Kbps or higher, they should be encouraged to use the standard authentication mode. Although the full OWA client has a higher bandwidth requirement, this can be offset by enabling GZIP compression at the Exchange server. Administrators should be aware that this increases the processor load on the client access server and should be taken into account when the server is designed. The reduction in bandwidth used can be as much as 50%, so it is worthwhile to test the system with compression enabled to see if it is supportable.

To enable GZIP compression on the OWA site, an administrator must perform the following steps on the client access server:

Using the Light Client

As in the past, the Light client, which replaces the former Basic client, doesn’t utilize ActiveX controls and, therefore, is the only choice for web browsers that do not support ActiveX. The official statement of supported browsers is that the user must run Internet Explorer 6.01 or higher to use the FBA client.

With significantly fewer options and features available to the users accessing OWA, the Light client mode can still be used to access mail and calendaring information through the OWA forms-based interface. There are some advantages to using the Light client such as the reduction in bandwidth needed. The Light client is also a good choice if the user needs to access OWA through a restricted browser as is often found in public locations. A sample of the Light client is shown in Figure 2.

Figure 2. The Light client.

Understanding Security Settings

When the user logs on to OWA via FBA, they are presented with two options as to how they are connecting. These options are Public Computer and Private Computer. Users should be taught to select the mode that is most appropriate for their situation because email is considered intellectual property and should be protected accordingly.

Public Mode

When a user sets the Public or Shared Computer option, they are telling the Exchange server that they are on a computer with a low level of trust. This means that Exchange will take a more restrictive stance in some areas of security. Most notably, the user’s session will time out after several minutes of inactivity. This is to reduce the chances of the user forgetting to log off and an unauthorized party having access to the mailbox. The timeout for disconnect is only enforceable on sessions using FBA.

Private Mode

If a user selects Private Computer when logging on to OWA via FBA, they will have fewer restrictions placed on them than they would in Public mode. Most notably, they will be able to be inactive for hours without having to authenticate again to OWA. This is allowed because the computer is assumed to have a higher level of assurance.