Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

You can set the cookie time-out values for private computers by using forms-based authentication on an Outlook Web App virtual directory in Microsoft Exchange Server 2010. Private computers are also known as trusted computers.

Caution:
It's important that you warn users of the risks associated with selecting the This is a private computer option. A user should select This is a private computer only if the user is the sole operator of the computer and the computer complies with your organization's security policies.

Looking for other management tasks related to forms-based authentication? Check out Setting Up Forms-Based Authentication for Outlook Web App.

Prerequisites

The Outlook Web App virtual directory is configured to use forms-based authentication.

Caution:
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

Use Registry Editor to set the cookie time-out values for private computers using forms-based authentication

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Registry Editor" entry in the Client Access Permissions topic.

  1. On the Exchange Client Access server, sign in by using your Exchange administrator account, and then start Registry Editor (regedit).

  2. In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA

  3. On the Edit menu, point to New, and then click DWORD Value. In the details pane, name the new value PrivateTimeout.

  4. Right-click the PrivateTimeout DWORD value, and then click Modify.

  5. In Edit DWORD Value, under Base, click Decimal.

  6. In the Value Data box, type a value in minutes between 1 and 43,200 for a maximum of 30 days. Click OK.

    Note:
    You must restart the Forms-Based Authentication service for the changes to take effect. On the Client Access server, go to Start > Administrative Tools > Services. In Services, right-click Microsoft Exchange Forms-Based Authentication service and click Restart.

Use the Shell to set the cookie time-out values for private computers using forms-based authentication

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.

This example sets the private computer cookie time-out value.

Copy Code
set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PrivateTimeout -value <amount of time> -type dword
Note:
You must restart the Forms-Based Authentication service for the changes to take effect. On the Client Access server, go to Start > Administrative Tools > Services. In Services, right-click Microsoft Exchange Forms-Based Authentication service and click Restart.

This example lets you view the private computer cookie time-out value.

Copy Code
get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PrivateTimeout

Other Tasks

After you set the cookie time-out values for private computers using forms-based authentication, you may also want to: