Form-based authentication was first introduced in the Exchange Server 2003. Instead of prompting a typical authentication window, form-based authentication
allows a logon page to be displayed. This logon page increase security
in the sense that instead of storing user's credential in the browser,
user's logon name and password are stored as a cookie. There are two
benefits of storing user's credential in the cookie. First, cookie get
cleared after users session is ended and second, the cookie is also
cleared during idle time, say when the user walk away from the computer.
This idle/inactivity time can be configured for private and public computers and most of the companies prefer this time to be a lower value to increase security level.
Â
If we select public
or shared computer option during welcome screen, the default inactivity
value is set to 15 minutes before the session is timed out. This value
can be changed from the registry as below:-
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeOWA
Name: PublicTimeout
Type: DWORD
Value: {number of minutes}
Remember to restart the IIS services.
 If
we select the private computer option, the default period of inactivity
is 8 hours before the session is timed out. The value can be changed by
editing the below parameter:-
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeOWA
Name: PrivateTimeout
Type: DWORD
Value: {number of minutes}
We can also change the logon behavior of logon screen where users are prompted for entering his/her credentials.
1. Open the Exchange Management Console.
2. Open the Properties of OWA (Default web site).
3. Click on the Authentication tab.
No comments:
Post a Comment