Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-07-06
This topic explains how to apply an existing Security Configuration Wizard (SCW) policy to a computer that has a Microsoft Exchange Server 2007 server role installed. The SCW is a tool that was introduced with Windows Server 2003 Service Pack 1. The SCW automates security best practices to reduce the attack surface for a server. After you create a custom SCW policy, you can use that policy to apply the configured security settings to each Exchange server that runs the same server role or roles in your organization.
Before You Begin
Before you begin, you must follow these steps:
- Install the Exchange 2007 server role. For more information,
see Deploying
Server Roles.
- Install the Security Configuration Wizard. For more
information, see How to Install the
Security Configuration Wizard.
- Register the SCW extension for the Exchange server role. For
more information, see How to Register Exchange
Server Role SCW Extensions.
- Create a custom SCW policy for the Exchange server role to meet
the unique needs of your environment. Copy the XML file that is
associated with the policy to the server on which you want to apply
the policy. For more information, see How to Create a New
Exchange Server Role SCW Policy.
To perform the following procedures, the account you use must be delegated the following:
- Exchange Server Administrator role and local Administrators
group for the target server
To perform the following procedures on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.
Procedure
To use the Security
Configuration Wizard to apply an existing policy
-
Click Start, point to All Programs, point to Administrative Tools, and then click Security Configuration Wizard to start the tool. Click Next on the welcome screen.
-
On the Configuration Action page, select Apply an existing security policy. Click Browse, select the XML file for your policy, and then click Open. Click Next.
-
On the Select Server page, verify that the correct server name appears in the Server (use DNS name, NetBIOS name, or IP address): field. Click Next.
-
On the Apply Security Policy page, click View Security Policy if you want to view the policy details, and then click Next.
-
On the Applying Security Policy page, wait until the progress bar indicates Application complete, and then click Next.
-
On the Completing the Security Configuration Wizard page, click Finish.