This might not prevent access completely for smart users, but if you use a self-signed certificate, the only people that can use RPC/HTTPS are clients that you issue the root certificate to.
-matt From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 06, 2008 4:53 PM To: NT System Admin Issues Subject: RPC over HTTPS We are getting ready to roll out RPC over HTTPS for email. For quite awhile we have had most of our users internal to the company and have just used the Outlook client to access Exchange natively. As we have brought remote offices online the VPN tunnels enabled similar access. Then we had a few roaming users that we gave VPN access to for their email. And of course everyone has OWA for access from home, and ActiveSync for access from their mobile devices. There is one overwhelming concern we have with enabling RPC over HTTPS though, and I am wondering if anyone has any commentary on this, or suggestions. By allowing RPC over HTTPS we are enabling our staff to download all of their company email on a machine which may or may not be within our control. Sure, with OWA they can access their email from home and selectively grab a message here and there, but with RPC over HTTPS they can grab an entire mailbox and do whatever they want with it. This is definitely one of those areas that could come back to haunt us later. For the short term we would only set it up on company laptops of course, however there is nothing stopping someone from copying those settings to their own personal machine. Or is there? Is there any solution that can be implemented so we control which computers can access our Exchange over RPC? Thanks, Jeff ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
