PowerShell Script to prevent external non-domain users to access internal DMZ OOS

%3CLINGO-SUB%20id%3D%22lingo-sub-1361981%22%20slang%3D%22en-US%22%3EPowerShell%20Script%20to%20prevent%20external%20non-domain%20users%20to%20access%20internal%20DMZ%20OOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1361981%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20configured%20OOS%20on%20SharePoint%202016.%20Are%20there%20any%20powershell%20scripts%20to%20prevent%20external%20non-domain%20users%20from%20accessing%20internal%20DMZ%20Office%20Online%20Server%20(OOS)%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20In%20Advance%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1361981%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOOS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%202016%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1380067%22%20slang%3D%22en-US%22%3ERe%3A%20PowerShell%20Script%20to%20prevent%20external%20non-domain%20users%20to%20access%20internal%20DMZ%20OOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1380067%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F647936%22%20target%3D%22_blank%22%3E%40sneranacdw%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20sure%20that%20a%20PowerShell%20script%20would%20be%20what%20we're%20looking%20for%20with%20this.%3C%2FP%3E%3CP%3ELet%20me%20make%20sure%20I%20understand%20correctly..%3C%2FP%3E%3CP%3Eexternal%20non-domain%20users%20%3D%20users%20accessing%20the%20SP%20environment%20from%20OUTSIDE%20the%20company%20network%20and%20not%20on%20domain%20joined%20machine%3F%3C%2FP%3E%3CP%3ECan%20you%20detail%20more%20what%20is%20meant%20by%20%22internal%20DMZ%20OOS%22%3F%3C%2FP%3E%3CP%3EHow%20are%20you%20providing%20external%20access%20to%20SP%3F%26nbsp%3B%20How%20are%20you%20providing%20external%20access%20to%20OOS%3F%26nbsp%3B%20Web%20Application%20Proxy%3F%26nbsp%3B%20Is%20ADFS%20involved%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDepending%20on%20the%20infrastructure%2C%20there%20may%20be%20multiple%20options%20for%20preventing%20non-domain%20machines%20from%20accessing%20office%20online%20server%2C%20but%20I'm%20also%20curious%20why%20it%20would%20be%20limited%20to%20OOS%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20ADFS%20with%20WAP%20is%20involved%2C%20I%20would%20think%20you%20could%20limit%20access%20based%20on%20a%20rule%20on%20ADFS%20that's%20propagated%20by%20the%20WAP.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Senior Member

We have configured OOS on SharePoint 2016. Are there any powershell scripts to prevent external non-domain users from accessing internal DMZ Office Online Server (OOS)? 

 

Thanks In Advance

1 Reply

@sneranacdw 

I'm not sure that a PowerShell script would be what we're looking for with this.

Let me make sure I understand correctly..

external non-domain users = users accessing the SP environment from OUTSIDE the company network and not on domain joined machine?

Can you detail more what is meant by "internal DMZ OOS"?

How are you providing external access to SP?  How are you providing external access to OOS?  Web Application Proxy?  Is ADFS involved?

 

Depending on the infrastructure, there may be multiple options for preventing non-domain machines from accessing office online server, but I'm also curious why it would be limited to OOS?

 

If ADFS with WAP is involved, I would think you could limit access based on a rule on ADFS that's propagated by the WAP.