What should you do on each server to ensure that the security settings for Exchange Server 2007 can be configured by using the SCW?

You are the messaging engineer for your company. You have deployed five Exchange Server 2007 Mailbox servers. The companys network administrators use the Security Configuration Wizard (SCW) to configure the security for computers running Windows Server 2003.

You need to ensure that the security settings for Exchange Server 2007 can be configured by using the SCW. What should you do on each server?

You are the messaging engineer for your company. You have deployed five Exchange Server 2007 Mailbox servers. The companys network administrators use the Security Configuration Wizard (SCW) to configure the security for computers running Windows Server 2003.

You need to ensure that the security settings for Exchange Server 2007 can be configured by using the SCW. What should you do on each server?

A.
Run the configure-SMBIPSec.ps1 script.

B.
Transform a SCW policy into a Group Policy Object.

C.
Register the Exchange Server Role Security Configuration Wizard Extensions.

D.
Run Microsoft Baseline Security Analyzer (MBSA) and ensure the Exchange Server 2007 server has the latest updates.

Explanation:
SCW is a tool introduced with Server 2003 SP1 to minimize the attack surface for an Exchange server by automating security best practices and disabling features its role doesnt require. A SCW template is provided for various roles to lock down unnecessary ports and services.

Run SCW to create a custom security policy. Use this to apply identical settings to every server hosting a similar role:

1. Install Exchange role.

2. Install SCW.

3. Register SCW extension for the particular role.

4. Create custom SCW policy for the role.

5. Copy XML file to the server where this policy will be applied.

6. Security Configuration Wizard > Apply existing policy.

http://technet.microsoft.com/en-us/library/aa998838.aspx

http://technet.microsoft.com/en-us/library/aa998208.aspx

Role extensions enable you to use SCW to create a security policy specific to server functionality. Exchange provides two different extension files (located in %Exchange%Scripts) which must first be registered on each machine you wish to configure.

For the Edge role, register Exchange2007Edge.xml:

scwcmd register /kbname:Ex2007EdgeKB /kbfile:"%programfiles%MicrosoftExchange ServerscriptsExchange2007Edge.xml"

For other roles, register Exchange2007.xml:

scwcmd register /kbname:Ex2007KB /kbfile:"%programfiles%MicrosoftExchange ServerscriptsExchange2007.xml"

http://technet.microsoft.com/en-us/library/bb124977.aspx

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *