Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-03-22
The Security Configuration Wizard (SCW) uses XML registration files to help you configure the Microsoft Windows operating system to operate with other applications. The registration files that the SCW uses define the security configuration that is required to operate a specific application. At a minimum, the security configuration defines the services and ports that are required for a specific application.
This topic describes the services and ports that are enabled for each Microsoft Exchange Server 2007 server role when you run the SCW with the default Exchange 2007 registration files.
Registration Files
Exchange 2007 includes two registration files for SCW. The general Exchange 2007 registration file is called Exchange2007.xml. It defines the security configuration for all Microsoft Exchange server roles, except the Edge Transport server role. The registration file for the Edge Transport server role is called Exchange2007Edge.xml. It defines the security configuration for Edge Transport servers.
The registration files are installed in the %Programfiles%\Microsoft\Exchange Server\Scripts directory when you install Exchange 2007.
Services that are enabled set the service startup value to either Automatic or Manual.
Ports that are enabled specify executable files (.exe) that are trusted by Windows Firewall to open ports for the specific application.
The Exchange 2007 registration files that are used by the SCW specify the port executables according to their default location. In most cases, the default location is at %Programfiles%\Microsoft\Exchange Server\bin. If you have installed Exchange into a different location, you must edit the <Path> value in the <Port> section of the Exchange 2007 registration files to indicate the correct installed location.
Mailbox Server Role
The following services are enabled by the Exchange 2007 registration file (Exchange2007.xml) for the Mailbox server role.
The Microsoft Search (Exchange Server) service and Microsoft Exchange Monitoring are set to start manually. All other services are set to start automatically.
Service short name | Service name |
---|---|
MSExchangeIS |
Microsoft Exchange Information Store |
MSExchangeADTopology |
Microsoft Exchange Active Directory Topology |
MSExchangeRepl |
Microsoft Exchange Replication Service |
MSExchangeMailboxAssistants |
Microsoft Exchange Mailbox Assistants |
MSExchangeSearch |
Microsoft Exchange Search Indexer |
MSExchangeServiceHost |
Microsoft Exchange Service Host |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
MSExchangeSA |
Microsoft Exchange System Attendant |
MSExchangeMailSubmission |
Microsoft Exchange Mail Submission Service |
msftesql-Exchange |
Microsoft Search (Exchange Server) |
The following ports are enabled.
Port name | Associated executable file |
---|---|
MSExchangeADTopologyPorts |
MSExchangeADTopologyService.exe |
MSExchangeISPorts |
Store.exe |
MSExchangeReplPorts |
Microsoft.Exchange.Cluster.ReplayService.exe |
MSExchangeMailboxAssistantsPorts |
MSExchangeMailboxAssistants.exe |
MSExchangeSearchPorts |
Microsoft.Exchange.Search.ExSearch.exe |
MSExchangeServiceHostPorts |
Microsoft.Exchange.ServiceHost.exe |
MSExchangeMonitoringPorts |
Microsoft.Exchange.Monitoring.exe |
MSExchangeSAPorts |
Mad.exe |
MSExchangeMailSubmissionPorts |
MSExchangeMailSubmission.exe |
msftesql-ExchangePorts |
Msftesql.exe |
MSExchangeTransportLogSearchPorts |
MSExchangeTransportLogSearch.exe |
Clustered Mailbox Server Role
The services and ports that are enabled on the Mailbox server role and described in the Mailbox Server Role section earlier in this topic are enabled on the clustered mailbox server role.
Additionally, the Microsoft Cluster Service is set to start automatically.
Service short name | Service name |
---|---|
ClusSvc |
Microsoft Cluster Service |
The following ports are also enabled.
Note: |
---|
The default path for cluster-specific executables is %windir%\Cluster. The default path for the Powershell.exe is %windir%\system32\windowspowershell\v1.0. |
Port name | Associated executable file |
---|---|
ExSetupPorts |
ExSetup.exe |
clussvcPorts |
Clussvc.exe |
CluAdminPorts |
CluAdmin.exe |
resrcmonPorts |
Resrcmon.exe |
msftefdPorts |
Msftefd.exe |
powershellPorts |
Powershell.exe |
Hub Transport Server Role
The following services are enabled by the Exchange 2007 registration file (Exchange2007.xml) for the Hub Transport server role.
Microsoft Exchange Monitoring is set to start manually. All other services are set to start automatically.
Service short name | Service name |
---|---|
MSExchangeADTopology |
Microsoft Exchange Active Directory Topology service |
MSExchangeTransport |
Microsoft Exchange Transport service |
MSExchangeAntispamUpdate |
Microsoft Exchange Anti-spam Update service |
MSExchangeEdgeSync |
Microsoft Exchange EdgeSync service |
MSExchangeTransportLogSearch |
Microsoft Exchange Transport Log Search service |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
The following ports are enabled.
Port name | Associated executable file |
---|---|
MSExchangeADTopologyPorts |
MSExchangeADTopologyService.exe |
MSExchangeTransportPorts |
MSExchangeTransport.exe |
EdgeTransportPorts |
EdgeTransport.exe |
MSExchangeAntispamUpdatePorts |
Microsoft.Exchange.AntispamUpdateSvc.exe |
MSExchangeEdgeSyncPorts |
Microsoft.Exchange.EdgeSyncSvc.exe |
MSExchangeTransportLogSearchPorts |
MSExchangeTransportLogSearch.exe |
MSExchangeMonitoringPorts |
Microsoft.Exchange.Monitoring.exe |
Edge Transport Server Role
The following services are enabled by the registration file for the Edge Transport server role (Exchange2007Edge.xml).
Microsoft Exchange Monitoring and the Microsoft Exchange Transport Log Search service are set to start manually. All other services are set to start automatically.
Service short name | Service name |
---|---|
MSExchangeTransport |
Microsoft Exchange Transport service |
MSExchangeAntispamUpdate |
Microsoft Exchange Anti-spam Update service |
ADAM_MSExchange |
Microsoft Exchange ADAM |
EdgeCredentialSvc |
Microsoft Exchange Credential Service |
MSExchangeTransportLogSearch |
Microsoft Exchange Transport Log Search service |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
The following ports are enabled.
Note: |
---|
The default path for Dsadmin.exe is %windir%\ADAM. |
Port name | Associated executable file |
---|---|
MSExchangeTransportPorts |
MSExchangeTransport.exe |
EdgeTransportPorts |
EdgeTransport.exe |
MSExchangeAntispamUpdatePorts |
Microsoft.Exchange.AntispamUpdateSvc.exe |
ADAM_MSExchangePorts |
Dsamain.exe |
EdgeCredentialSvcPorts |
EdgeCredentialSvc.exe |
MSExchangeTransportLogSearchPorts |
MSExchangeTransportLogSearch.exe |
MSExchangeMonitoringPorts |
Microsoft.Exchange.Monitoring.exe |
Client Access Server Role
The following services are enabled by the Exchange 2007 registration file (Exchange2007.xml) for the Client Access server role.
Microsoft Exchange Monitoring, the Microsoft Exchange POP3 service, and the Microsoft Exchange IMAP4 service are set to start manually. All other services are set to start automatically.
Service short name | Service name |
---|---|
MSExchangeADTopology |
Microsoft Exchange Active Directory Topology service |
MSExchangePOP3 |
Microsoft Exchange POP3 service |
MSExchangeIMAP4 |
Microsoft Exchange IMAP4 service |
MSExchangeFDS |
Microsoft Exchange File Distribution service |
MSExchangeServiceHost |
Microsoft Exchange Service Host |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
The following ports are enabled.
Note: |
---|
The default path for the Pop3Service.exe and the Imap4Service.exe files is %Programfiles%\Microsoft\Exchange Server\ClientAccess\PopImap. |
Port name | Associated executable file |
---|---|
MSExchangeADTopologyPorts |
MSExchangeADTopologyService.exe |
MSExchangePOP3Ports |
Microsoft.Exchange.Pop3Service.exe |
MSExchangeIMAP4Ports |
Microsoft.Exchange.Imap4Service.exe |
MSExchangeFDSPorts |
MSExchangeFDS.exe |
MSExchangeServiceHostPorts |
Microsoft.Exchange.ServiceHost.exe |
MSExchangeMonitoringPorts |
Microsoft.Exchange.Monitoring.exe |
Unified Messaging Server Role
The following services are enabled by the Exchange 2007 registration file (Exchange2007.xml) for the Unified Messaging server role.
Microsoft Exchange Monitoring is set to start manually. All other services are set to start automatically.
Service name | Friendly name |
---|---|
MSExchangeADTopology |
Microsoft Exchange Active Directory Topology service |
MSSpeechService |
Microsoft Exchange Speech Engine |
MSExchangeUM |
Microsoft Exchange Unified Messaging |
MSExchangeFDS |
Microsoft Exchange File Distribution Service |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
The following ports are enabled.
Note: |
---|
The default path for the SpeechService.exe file is %Programfiles%\Microsoft\Exchange Server\UnifiedMessaging. |
Port name | Associated executable file |
---|---|
MSExchangeADTopologyPorts |
MSExchangeADTopologyService.exe |
MSSPorts |
SpeechService.exe |
MSExchangeUMPorts |
umservice.exe |
UMWorkerProcessPorts |
UMWorkerProcess.exe |
MSExchangeFDSPorts |
MSExchangeFDS.exe |
MSExchangeMonitoringPorts |
Microsoft.Exchange.Monitoring.exe |
For More Information
For more information, see the following topics: