Because Exchange runs as a set of services on a Windows 2000
server, you can use Windows 2000 security options to protect your
Exchange system. Windows 2000 security features include:
User accounts. Before users or processes can
access Exchange, they must log on to Windows 2000 server by
supplying a unique user name and password, and the system must
authenticate this logon information.
Groups. User accounts can be organized into
groups and customized permissions can be applied to the entire
group. When you add a user to a group, the user automatically has
the access permissions of the group.
Group Policies. This is a set of policies
that define allowed actions and settings for users and computers in
Active Directory. Unlike local policies, you can use a group policy
to apply a security policy across a domain or organizational unit
in Active Directory. Group policies can be used to apply security
policies to everyone who logs on to a computer or everyone in a
domain. It can also be used to control software installation and
user profiles. Group policies are configured through the Group
Policy MMC snap-in. For more information, see the Windows 2000
documentation.
Logging. The security log, which can be
accessed through Windows 2000 Event Viewer, contains valid and
invalid logon attempts and events related to resource use, such as
creating, accessing, or deleting files or other Windows 2000
objects. To start security logging and set up auditing files, use
the Group Policy MMC snap-in. By editing the Audit Policy through
the snap-in, you can select the events and actions you want to
audit. For more information, see the Windows 2000
documentation.
Security and authentication protocols.
Windows 2000 provides Internet Protocol security, an
encryption and signature protocol to safeguard applications across
your network. Windows 2000 provides Kerberos authentication, a dual
verification protocol that verifies that both user and network
services are safe by issuing identification data. Kerberos
authentication is automatically enabled when you install Windows
2000 and requires that both the client and the server are running
Windows 2000. If the client is not running Windows 2000, Windows
2000 uses the NTLM protocol for authentication.
To simplify use of these security features, Windows 2000
provides an extensive set of security tools. The Windows 2000 security tools help
administrators configure and manage security, including group
policies, local policies, file and folder access, system registry
access, and auditing.