Export (0) Print
Expand All

How to Set the Forms-Based Authentication Public Computer Cookie Time-Out Value

 

Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007

Topic Last Modified: 2007-03-20

This topic explains how to configure the cookie time-out values for public computers by using forms-based authentication on a Microsoft Outlook Web Access virtual directory that is on a Microsoft Exchange 2007 server that has the Client Access server role installed.

CautionCaution:
Although automatic time-out reduces the risk of unauthorized access, it does not completely eliminate the possibility that an unauthorized user might access an Outlook Web Access account if a session is left running on a public computer. Therefore, make sure that you warn users to take precautions to avoid risks.

To perform the following procedures, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

noteNote:
The Outlook Web Access virtual directory must be configured to use forms-based authentication.
CautionCaution:
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

  1. On the Client Access server, log on by using the Exchange administrator account, and then start Registry Editor (regedit).

  2. In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA

  3. On the Edit menu, point to New, and then click DWORD Value. In the details pane, name the new value PublicTimeout.

  4. Right-click the PublicTimeout DWORD value, and then click Modify.

  5. In Edit DWORD Value, under Base, click Decimal.

  6. In the Value Data box, type a value in minutes between 1 and 43,200 for a maximum of 30 days. Click OK.

    noteNote:
    You must restart Internet Information Services (IIS) by using the command iisreset/noforce for these changes to take effect.

  1. Open the Microsoft Command Shell and run the following command to set the public computer cookie time-out value:

    set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout -value <amount of time> -type dword
    
    noteNote:
    You must restart IIS by using the command iisreset/noforce for these changes to take effect.
  2. Run the following command to view the public computer cookie time-out value:

    get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout
    

To ensure that you are reading the most up-to-date information and to find additional Exchange Server 2007 documentation, visit the Exchange Server TechCenter.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft