Set the Forms-Based Authentication Public Computer Cookie Time-Out Value
Applies to: Exchange Server 2010
This topic explains how to configure the cookie time-out values for public computers by using forms-based authentication on an Outlook Web App virtual directory on a Microsoft Exchange Server 2010 Client Access server.
Warning
Although automatic time-out reduces the risk of unauthorized access, it doesn't completely eliminate the possibility that an unauthorized user might access an Exchange mailbox if a session is left running on a public computer. Therefore, make sure to warn users to take precautions to avoid risks.
Looking for other management tasks related to forms-based authentication? Check out Configuring Forms-Based Authentication for Outlook Web App.
Prerequisites
Note
The Outlook Web App virtual directory must be configured to use forms-based authentication.
Warning
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
Use Registry Editor to set the cookie time-out values for public computers using forms-based authentication
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Registry Editor" entry in the Client Access Permissions topic.
- On the Client Access server, sign in by using the Exchange administrator account, and then start Registry Editor (regedit).
- In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA
- On the Edit menu, point to New, and then click DWORD Value. In the details pane, name the new value PublicTimeout.
- Right-click the PublicTimeout DWORD value, and then click Modify.
- In Edit DWORD Value, under Base, click Decimal.
- In the Value Data box, type a value in minutes between 1 and 43,200 for a maximum of 30 days. Click OK.
Note
You must restart the Forms-Based Authentication service for the changes to take effect. On the Client Access server, go to Start > Administrative Tools > Services. In Services, right-click Microsoft Exchange Forms-Based Authentication service, and then click Restart.
Use the Shell to set the cookie time-out values for public computers using forms-based authentication
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App mailbox policies" entry in the Client Access Permissions topic.
This example sets the public computer cookie time-out value.
set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout -value <amount of time> -type dword
Note
You must restart the Forms-Based Authentication service for the changes to take effect. On the Client Access server, go to Start > Administrative Tools > Services. In Services, right-click Microsoft Exchange Forms-Based Authentication service, and then click Restart.
This example lets you view the public computer cookie time-out value.
get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout
Other Tasks
After you set the cookie time-out values for public computers using forms-based authentication, you may also want to: