Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 2) - Hardening Windows Server 2003 - Using the Microsoft Baseline Security Analyzer

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
Keeping Services to a Minimum

Depending on the role that an Exchange Server 2007 server will fulfill, not all services that are installed by default are necessary for the server to function. It is considered a best practice to limit the number of entry points (services) into a server to only those required. Any services that are not necessary for the system to operate properly should be disabled. Although this can be done manually on a server-by-server basis, it can also be performed using a customized security template to ensure all servers in your environment are configured properly.

Locking Down the File System

Files stored on a Windows Server 2003, including mail databases, are only as secure as the permissions that are assigned to protect them. As such, it is good to know that Windows Server 2003 (for the first time in a Microsoft operating system) does not grant the Everyone group full control over share-level and NTFS-level permissions by default. In addition, critical operating system files and directories are secured to disallow their unauthorized use.

Despite the overall improvements made, a complete understanding of file-level security is recommended to ensure that your files are properly protected.


For increased file-level security, the Exchange Server 2007 installation process requires that partitions on the underlying operating system are formatted as NTFS.

Using the Microsoft Baseline Security Analyzer

The Microsoft Baseline Security Analyzer (MBSA) is a tool that identifies common security misconfigurations and missing hotfixes. This information is gathered via local or remote scans of Windows systems. MBSA allows administrators to have the ability to scan a single Windows system and obtain a security assessment, as well as a list of recommended corrective actions. In addition, administrators can use the MBSA tool to scan multiple functional roles of a Windows-based server on the network for vulnerabilities. This allows administrators to ensure systems are up to date with the latest security-related patches.

Figure 2 shows a sample output from the MBSA.

Figure 2. MBSA sample output.

The MBSA can be downloaded from the Microsoft website at

Implementing Industry Standards and Guidelines

As discussed previously, Microsoft has gone to great lengths to provide secure and reliable products. Moreover, it has worked closely with companies, government agencies, security consultants, and others to address security issues in the computer industry.

In addition to Microsoft security standards and guidelines, it is advisable that organizations use recommended best practices compiled by the National Institute of Standards and Technologies (NIST) and the National Security Agency (NSA). Both NIST and NSA provide security lockdown configuration standards and guidelines that can be downloaded from their websites ( and, respectively).

Using the Security Configuration Wizard

The Security Configuration Wizard (SCW) is an attack-surface reduction tool for the Windows Server 2003 with Service Pack 1 or later. The SCW guides administrators in creating security policies based on the minimum functionality required for a server’s role or roles.

SCW reviews the computer configuration, including but not limited to, the following:

  • Services— SCW limits the number of services in use.

  • Packet filtering— SCW can configure certain ports and protocols.

  • Auditing— Auditing can be configured based on the computer’s role and the organization’s security requirements.

  • Internet Information Services (IIS)— SCW can secure IIS, including web extensions and legacy virtual directories.

  • Server roles and tasks— The role (file, database, messaging, web server, and so on), specific tasks (backup, content indexing, and so on), and placement in an environment of a computer is a critical component in any lockdown process or procedure. Application services are also evaluated from products such as Exchange Server, SQL Server, ISA Server, SharePoint Portal Server, and Operations Manager.


The SCW is a very flexible and powerful security analysis and configuration tool. As a result, it is important to keep control over when and how the tool is used because system performance can be greatly degraded while the wizard is running. Equally important is testing possible configurations in a segmented lab environment prior to implementation. Without proper testing, environment functionality can be stricken or completely locked.

The SCW is used to assist in building specific security-related policies and to analyze computers against those policies to ensure compliance. SCW actually combines many of the security-related tasks performed by several other Microsoft security tools. For instance, SCW can take existing security templates created from the Security Configuration and Analysis tool and expand upon the restrictions to meet an organization’s security policy requirements. In addition, SCW can analyze computers for any security updates that are needed, integrate with Group Policy, and provide a knowledge base repository

  •  Microsoft Exchange Server 2007 : Server and Transport-Level Security - Considering the Importance of Security in an Exchange Server 2007 Environment
  •  Security and Windows 8: Keeping Your PC Safe (part 2) - Windows SmartScreen, Using Windows SmartScreen, Action Center Improvements
  •  Security and Windows 8: Keeping Your PC Safe (part 1) - Windows Defender, Boot-Time Security
  •  Netgear EX6200 AC1200 Wi-fi Range Extender
  •  Windows 8 : Managing BitLocker and other policy-based mobility tools (part 5) - Configuring offline file synchronization, Configuring policy settings for device power
  •  Windows 8 : Managing BitLocker and other policy-based mobility tools (part 4) - Configuring policy settings for offline files
  •  Windows 8 : Managing BitLocker and other policy-based mobility tools (part 3) - Managing BitLocker at the command line
  •  Windows 8 : Managing BitLocker and other policy-based mobility tools (part 2) - Managing BitLocker at the command line
  •  Windows 8 : Managing BitLocker and other policy-based mobility tools (part 1) - Configuring BitLocker policies
  •  Connecting Us TP-LINK TL-PA6010 Test
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us