Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-08-16

This topic describes how to configure Integrated Windows authentication for Microsoft Office Outlook Web Access in Microsoft Exchange Server 2007. Integrated Windows authentication enables the server to authenticate users who are logged on to the network without prompting them for their user name and password and without transmitting information that is not encrypted over the network.

Note:
Integrated Windows authentication can be set only on Exchange 2007 virtual directories on an Exchange 2007 server that has only the Client Access server role installed. Integrated Windows authentication can be set on any Outlook Web Access virtual directory on an Exchange 2007 server that has both the Client Access and Mailbox server roles installed.

Before You Begin

To perform this procedure, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

The exact steps that you perform when you complete this procedure by using the Exchange Management Console depend on the following:

  • Whether you are running the original release (RTM) version of Exchange 2007 or Exchange 2007 SP1.

  • Whether you are running the Mailbox server role on the computer that is running the Client Access server role.

For detailed information about these differences, see Managing Outlook Web Access Virtual Directories in Exchange 2007.

Procedure

Exchange 2007 SP1

To use the Exchange Management Console to configure Integrated Windows authentication for Outlook Web Access

  1. In the Exchange Management Console, locate the virtual directory that you want to configure to use Integrated Windows authentication by using the information in step 2 or step 3.

  2. If you are running the Mailbox server role on the computer that is running the Client Access server role, do one of the following:

    • To modify an Exchange 2007 virtual directory, select Server Configuration, select Client Access, and then click the Outlook Web Access tab. The default Exchange 2007 virtual directory is /owa.

    • To modify a legacy virtual directory, select Server Configuration, select Mailbox, and then click the WebDAV tab. The default legacy virtual directories are as follows: /Public, /Exchweb, /Exchange, and /Exadmin.

  3. If you are not running the Mailbox server role on the computer that is running the Client Access server role, select Server Configuration, select Client Access, and then click the Outlook Web Access tab.

  4. In the work pane, select the virtual directory that you want to configure to use Integrated Windows authentication, and then click Properties.

  5. Click the Authentication tab.

  6. Select Use one or more standard authentication methods.

  7. Select Integrated Windows authentication.

  8. Click OK.

To use the Exchange Management Shell to configure Integrated Windows authentication for Outlook Web Access

  • To configure Integrated Windows authentication on the default Outlook Web Access virtual directory in the default Internet Information Services (IIS) Web site on the local Exchange server, open the Exchange Management Shell and run the following command:

    Copy Code 
    Set-OwaVirtualDirectory -Identity "owa (Default Web Site)" -WindowsAuthentication <$true|$false>

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

Exchange 2007 RTM

To use the Exchange Management Console to configure Integrated Windows authentication for Outlook Web Access

  1. Open the Exchange Management Console.

  2. Locate Server Configuration\Client Access.

  3. On the Outlook Web Access tab, open the properties of the virtual directory that you want to configure to use Integrated Windows authentication.

  4. Click the Authentication tab.

  5. Select Use one or more standard authentication methods.

  6. Select Integrated Windows authentication.

  7. Click OK.

To use the Exchange Management Shell to configure Integrated Windows authentication for Outlook Web Access

  • To configure Integrated Windows authentication on the default Outlook Web Access virtual directory in the default Internet Information Services (IIS) Web site on the local Exchange server, open the Exchange Management Shell and run the following command:

    Copy Code 
    Set-OwaVirtualDirectory -Identity "owa (Default Web Site)" -WindowsAuthentication <$true|$false>

For more information about syntax and parameters, see Set-OwaVirtualDirectory (RTM).

For More Information

For information about the authentication methods that you can use for Outlook Web Access, see the following topics:

For more information about how to help make communication between client computers and the Client Access server more secure, see Managing Client Access Security.