How to Limit SecurID Authentication to the Microsoft-Exchange-ActiveSync Virtual Directory
By default, the ACE/Agent is configured to protect the entire Web server. When deploying RSA SecurID in your organization, you can configure the front-end server so that RSA SecurID authentication is limited to Exchange ActiveSync.
Before You Begin
This procedure is only one of a series of steps that you can perform when deploying RSA SecurID two-factor authentication. Before performing the steps in this procedure, see "How to Use RSA SecurID with Exchange ActiveSync" in the Exchange Server 2003 Client Access Guide.
Procedure
To limit SecurID authentication to the Microsoft-Exchange-ActiveSync virtual directory
To disable server-wide protection, in the Internet Information Services (IIS) snap-in, right-click the default Web server, and then click Properties.
Click the RSA SecurID tab, and then clear the Protect This Resource check box. (This step ensures that RSA SecurID is not enabled for the entire server, but rather only for the virtual roots that you specify.)
To enable protection for the virtual directories, in the IIS snap-in, right-click the Microsoft-Server-ActiveSync virtual directory, and then click Properties.
Select the RSA SecurID tab, and then select the Protect This Resource check box.
Note
If the check box is selected and shaded, this means that the virtual directory is inheriting its setting from the parent directory. Inspect the properties for the parent directory, and clear the Protect This Resource check box if you do not want the parent directory to be protected. Then, return to the child directory and make sure the check box is selected.
For More Information
For an overview of RSA SecureID, see "Configuring Exchange ActiveSync to Use RSA SecureID" in "Configuring Mobile Device Support" in the Exchange Server 2003 Client Access Guide.