Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

This topic explains how to configure the cookie time-out values for public computers by using forms-based authentication on an Outlook Web App virtual directory on a Microsoft Exchange Server 2010 Client Access server.

Caution:
Although automatic time-out reduces the risk of unauthorized access, it doesn't completely eliminate the possibility that an unauthorized user might access an Exchange mailbox if a session is left running on a public computer. Therefore, make sure to warn users to take precautions to avoid risks.

Looking for other management tasks related to forms-based authentication? Check out Setting Up Forms-Based Authentication for Outlook Web App.

Prerequisites

Note:
The Outlook Web App virtual directory must be configured to use forms-based authentication.
Caution:
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

Use Registry Editor to set the cookie time-out values for public computers using forms-based authentication

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Registry Editor" entry in the Client Access Permissions topic.

  1. On the Client Access server, sign in by using the Exchange administrator account, and then start Registry Editor (regedit).

  2. In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA

  3. On the Edit menu, point to New, and then click DWORD Value. In the details pane, name the new value PublicTimeout.

  4. Right-click the PublicTimeout DWORD value, and then click Modify.

  5. In Edit DWORD Value, under Base, click Decimal.

  6. In the Value Data box, type a value in minutes between 1 and 43,200 for a maximum of 30 days. Click OK.

Note:
You must restart the Forms-Based Authentication service for the changes to take effect. On the Client Access server, go to Start > Administrative Tools > Services. In Services, right-click Microsoft Exchange Forms-Based Authentication service, and then click Restart.

Use the Shell to set the cookie time-out values for public computers using forms-based authentication

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App mailbox policies" entry in the Client Access Permissions topic.

This example sets the public computer cookie time-out value.

Copy Code
set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout -value <amount of time> -type dword
Note:
You must restart the Forms-Based Authentication service for the changes to take effect. On the Client Access server, go to Start > Administrative Tools > Services. In Services, right-click Microsoft Exchange Forms-Based Authentication service, and then click Restart.

This example lets you view the public computer cookie time-out value.

Copy Code
get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout

Other Tasks

After you set the cookie time-out values for public computers using forms-based authentication, you may also want to: