Share via


Set the Forms-Based Authentication Public Computer Cookie Time-Out Value

Applies to: Exchange Server 2010

This topic explains how to configure the cookie time-out values for public computers by using forms-based authentication on an Outlook Web App virtual directory on a Microsoft Exchange Server 2010 Client Access server.

Warning

Although automatic time-out reduces the risk of unauthorized access, it doesn't completely eliminate the possibility that an unauthorized user might access an Exchange mailbox if a session is left running on a public computer. Therefore, make sure to warn users to take precautions to avoid risks.

Looking for other management tasks related to forms-based authentication? Check out Configuring Forms-Based Authentication for Outlook Web App.

Prerequisites

Note

The Outlook Web App virtual directory must be configured to use forms-based authentication.

Warning

Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Registry Editor" entry in the Client Access Permissions topic.

  1. On the Client Access server, sign in by using the Exchange administrator account, and then start Registry Editor (regedit).
  2. In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA
  3. On the Edit menu, point to New, and then click DWORD Value. In the details pane, name the new value PublicTimeout.
  4. Right-click the PublicTimeout DWORD value, and then click Modify.
  5. In Edit DWORD Value, under Base, click Decimal.
  6. In the Value Data box, type a value in minutes between 1 and 43,200 for a maximum of 30 days. Click OK.

Note

You must restart the Forms-Based Authentication service for the changes to take effect. On the Client Access server, go to Start > Administrative Tools > Services. In Services, right-click Microsoft Exchange Forms-Based Authentication service, and then click Restart.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App mailbox policies" entry in the Client Access Permissions topic.

This example sets the public computer cookie time-out value.

set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout -value <amount of time> -type dword

Note

You must restart the Forms-Based Authentication service for the changes to take effect. On the Client Access server, go to Start > Administrative Tools > Services. In Services, right-click Microsoft Exchange Forms-Based Authentication service, and then click Restart.

This example lets you view the public computer cookie time-out value.

get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout

Other Tasks

After you set the cookie time-out values for public computers using forms-based authentication, you may also want to: