By default, you must grant "Log on locally" permission on the server where OWA is installed to users who use OWA. You can limit which users can gain access to OWA with the "Log on locally" permission.
The procedure that you use to grant "Log on locally" permission depends on the version of Microsoft Windows and the role of the server where OWA is installed. Use the appropriate procedure for your server configuration.
Windows NT 4.0 Member Server
- Click Start, point to Programs, point to Administrative Tools, and then click User Manager.
- Click the Policies tab, and then click User Rights.
- Select Log on locally from the Right list, and then click Add. The Add Users and Groups dialog box is displayed.
- Remove the Everyone group, and then add the group or users who will have access to OWA.
- Click OK.
Windows 2000 Member Server
- Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
- Click Security Settings, click Local Policies, and then click User Rights Assignment.
- In the Details pane, double-click Log on locally, remove the Everyone group, and then add the group or users who will have access to OWA.
- Close the Local Security Policy window.
- Click Start, click Run, type secedit /refreshpolicy machine_policy, and then click OK.
Windows 2000 Domain Controller
- Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy.
- Click Security Settings, click Local Policies, and then click User Rights Assignment.
- In the Details pane, double-click Log on locally, remove the Everyone group, and then add the group or users who will have access to OWA.
- Close the Domain Controller Security Policy window.
- Click Start, click Run, type secedit /refreshpolicy machine policy, and then click OK.
Users or groups that have "Log on locally" permissions can log on to OWA. Users or groups that do not have "Log on locally" permissions are prompted for credentials after they enter their alias at the Logon screen. They will be prompted three times, and then get the "401.1 Unauthorized" error message. This behavior is by design.
The user has three opportunities to type the correct password information.