MSExchange Server 2013in OWA Many changes have been made to it. One of them is now Private and Public Computers There is no option. By default, all users private It assumes that you are using a computer and uses a default timeout of 8 hours.
This 8 hour timeout is how long the user can remain active before requiring them to log in again.
If we want to use these options again in our environment, LogonPagePublicPrivateSelectionEnabled parameter $ true We can do this parameter Set-OWAVirtualDirectory We need to use it with the cmdlet.
But before that OWA It would be beneficial to talk a little about security.
Excange Server Form-Based Authentication and Cookies Information
If you are using FBA authentication in your environment, many of the security controls you have configured may depend on your users selecting either “This is a public or shared computer” or “This is a private computer” when they log on. This changed with Exchange 2013, where this option became hidden by default, and every user who connects from OWA is now logged on as a “private computer.”
When using FBA authentication, a cookie is stored in the browser cache along with the user's encrypted session information. This cookie is used to determine the amount of idle time allowed for the OWA session before the session is automatically terminated. For public computers, the default timeout value set is between 15 and 22 minutes; for private computers, the default session timeout value is between 8 and 12 hours. This timeout is used to ensure that sessions of users who fail to close their active OWA sessions eventually expire. The caveat is that the user's OWA sessions remain authenticated and accessible until the cookie timeout expires.
In addition to session timeout limits, the public and private options that users select determine the type of file and data access they are granted. Options such as access to Windows file shares, SharePoint documents, WebReady document viewing, or direct file access all depend on which option your users select when they sign in.
According to Microsoft TechNet, “although automatic timeout greatly reduces the risk of unauthorized access, it does not completely eliminate the possibility of an unauthorized user accessing an Exchange mailbox if a session is left running on a public computer,” and “be sure to warn users to take precautions to avoid the risk, such as telling them to log out of Outlook Web App and to close the Web browser when they are finished using it.”
If you train your users with the hope that they will understand and act accordingly, that assumption can be very problematic. If you were working on a long email for a client and found that your session kept expiring and you were forced to log in again every 15 minutes unless you signed in using the “private computer” option, would you choose the public option again? In email accounts rich in sensitive information, the effects of a compromised session range from the loss of competitive data to violations of compliance and privacy laws.
Exchange Server OWA LogonPagePublicPrivateSelectionEnabled Parameter
To use public and private computer options in OWA, we need to use the LogonPagePublicPrivateSelectionEnabled parameter.
The command set that should be used to activate it is as follows;
Set-OwaVirtualDirectory "exc01\owa*" -LogonPagePublicPrivateSelectionEnabled $True
IISRESET /noforce
The default cookie timeout value in OWA for Private Computers is 8 hours of user activity. The default timeout value for Public Computers is 15 minutes of user activity. If you want to change these values, you can use the following commands;
Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -Name PrivateTimeout -Value -Type DWORD
Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -Name PublicTimeout -Value <time> -Type DWORD