Need help with UAG use case: Blocking file attachment downloads from OWA

Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
Hey guys,

I'm new to UAG (literally handed access to UAG on Friday at noon) and I'm trying to develop a simple use case such that all attachment downloading is blocked. Eventually I'd like to develop this to only block attachments from non-IE browsers then down to domain-joined machines. For now though, I just want to block attachments period. I can block uploads all day long, that's working fine. I don't care about blocking uploads though.

Here's what I tried so far:

1. Per Ben Ari's IAG blog I configured the OWA application's Endpoint Policy Settings tab to have "Microsoft OWA 2010 upload" for the download policy. Per his blog this should also block downloads if selected here. This does not block downloads.

2. I created a custom download policy called TESTPOLICY and double clicked it to edit it. I then selected "never" from the dropdown for each OS platform. This to me should mean that no platform should ever be allowed to perform the download action. This still does not work.

3. I went to the download/upload tab on the OWA application from within the trunk and made sure "download" and "upload" are set to "identify by URL." I'm lead to believe this should be working since I can't upload attachments in my test.

Basically it looks like I have something misconfigured but given that I've been in UAG for about a day and a half I have no idea what I'm missing. According to all of the KB articles I'm reading this should work fine as configured. I need to get this simple use-case configured ASAP so any help at all is much appreciated.
CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/

Comments

  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Got this working by the way. There was a misconfiguration in the application trunk prior to me being given the system. Once I fixed that problem my stuff worked :)

    Next on the docket: Using custom registry keys to validate the machine.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    UAG?? Godspeed to you, sir. I hope MS has updated their documentation since the last time I looked at it.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
Sign In or Register to comment.