Tip

Tweaking Outlook Web Access timeout options

Outlook Web Access (OWA) maintains internal settings for how long a given OWA session will remain open without the user needing to log back in. When this time limit expires, the user will be prompted for a new login for the sake of security.

OWA also maintains two separate values for timeouts -- one for logins from trusted clients (such as an

    Requires Free Membership to View

intranet or a VPN), and another for logins from public clients (such as a shared computer). Both values are set in the registry on the Exchange server that hosts OWA, and can be edited depending on your needs.

The trusted-client timeout is stored as a DWORD, calibrated in minutes, at:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchange
WEB\OWA\TrustedClientTimeout

For public clients, it's a different value in the same branch:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchange
WEB\OWA\PublicClientTimeout
(also a DWORD calibrated in minutes)

The default timeout for trusted clients is 24 hours; the default timeout for public clients is 15 minutes. The PublicClientTimeout value can never be larger than the TrustedClientTimeout value.

If your company policy is exceptionally strict, you can set the public client timeout to a mere five minutes. If you're confident that only properly authenticated users will be accessing your intranet desktops, you can set the value for trusted clients as high as 43200, or 30 days.

In theory, both values can be set to 43200, but it's a bad idea to do this for public clients, since you can't always count on users to properly log out when using a public terminal.

Remember that if you make any of these changes, you'll need to restart Internet Information Services (IIS).

"Activity" is a key factor in all this, since an inactive connection is what triggers a timeout. Microsoft defines client "activity" as any interaction between the client and server, such as opening, sending, saving, switching folders, or refreshing the browser.

Typing in appointments, meeting requests, posts, contacts, or tasks is not considered activity. However, an MS Exchange Blog post about forms-based authentication -- the OWA logon security feature introduced in Exchange Server 2003 -- indicates that composing a new message or editing an existing one doesn't count towards the OWA timeout value.

About the author: Serdar Yegulalp is editor of  Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com:

 

This was first published in December 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.