Wednesday, January 23, 2013 1:04 PM
I need to remove the public option on the OWA login page so users are only left with the option of "this is a private computer".
The following thread asks this question: http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/06efc14c-1146-45a8-b364-98339500a1ce
Derb's blog has a suggested solution http://blog.leederbyshire.com/2012/11/01/how-to-remove-the-public-or-private-radio-button-in-microsoft-outlook-web-app-2010/
Derb's blog didn't work for me (made changes, restarted IIS and no luck). I also tried "style=display:none" rather than "input type=hidden".
I suspect that when publishing OWA using TMG 2010, the logon.aspx isn't being used on the Exchange Server. However I couldn't find an equivalent login page on TMG. Has anyone managed to get Lee's suggestion to work with TMG?
Wednesday, January 23, 2013 2:18 PM
That will help you with how to modify the forms. Reading the first link (unsupported scenarios) this may be close to unsupported but as long as you do not add functionality...
Hth, Anders Janson Enfo Zipper
EDIT: your form is presented by the TMG Server publishing Exchange and any changes needs to be done there. The other option would be to skip pre-auth on TMG and let the published server do the authentication (nothing I recommend, but can be done).
- Edited by Anders Janson Wednesday, January 23, 2013 2:35 PM
Wednesday, January 23, 2013 2:23 PM
Just a bit more info my Exchange TMG setup is as follows:
Exchange Client Access ------ TMG1 Server with OWA Publishing rule--------------------------TMG2 serving client requests
OWA uses Listener uses HTML Forms Authentication Website publishing rule for TMG1
Integrated Windows Auth Authentication Validation Method - Windows Listener has no authentication method set (all HTTP requests are
With Basic Authentication redirected to HTTPS)
Wednesday, January 23, 2013 3:45 PM
I couldn't find anything that specifically addresses the public\private question. You could be right about the unsupported scenarios, but that article is dated 2009 - I think some of those scenarios have changed (i.e. Edge Transport with TMG is supported).
I'd be surprised if proxying an SSL OWA connection isn't supported - it seems like a straightforward and reasonable thing to do.
Wednesday, January 23, 2013 3:57 PM
That is absolutely true, but I did say guidance. :)
You'll have to dig into the code and test, the second link provided tells you how to create a custom forms set, the one you want to copy is the \%Forefront TMG Installation Directory%\Templates\CookieAuthTemplates\Exchange directory.
Start by looking at the usr_pwd.htm file and search for the string L_ShowPublicUI_Text and L_ShowTrustedUI_Text (these constants are replaced with text from strings.txt) and work yourself from there. That will start you in the right place.
You will not find a complete guide for this, I haven't tried this particular configuration for myself but you are dealing with regular htm pages so it isn't that difficult.
Hth, Anders Janson Enfo Zipper
Thursday, January 24, 2013 4:45 PM
For anyone else who wants to do this:
There are 4 html files in the TMG installation folder under Templates\CookieAuthTemplates\Exchange\HTML:
usr_pwd.htm, usr_pwd_pcode.htm, pwd_pcode.htm & pwd_pcode_nxt.htm.
Edit these files by finding "rdoPrvt" element and set the input type to hidden.
Then open up the appropriate strings.txt in the nls folder for your language. Comment out\alter as needed the following:
L_ShowTrustedUI_Text - This is a private computer
L_ShowDetail_Text - (show explanation)
L_ShowTrustTitle - displays security
If someone figures out how to remove the brackets in "Security (show explanation)" that would be helpful - couldn't find it in the HTML or strings.txt.
- Marked As Answer by Aetius2012 Thursday, January 24, 2013 4:45 PM