Topic Last Modified: 2006-04-20

The Microsoft® Exchange Server Analyzer Tool queries the CIM_Datafile Microsoft Windows® Management Instrumentation (WMI) class to determine whether the following file exists in the following location on the Exchange server:


The presence of Urlscan.dll indicates that the URLScan tool is installed on the Exchange server. If the Exchange Server Analyzer finds that the URLScan tool is installed on an Exchange server, a best practice recommendation is displayed.

URLScan is an Internet Server Application Programming Interface (ISAPI) filter that allows Web site administrators to restrict the kind of HTTP requests that the server processes. By blocking specific HTTP requests, the URLScan filter prevents potentially harmful requests from reaching the server and causing damage.

When you run URLScan on an Exchange server, you should ensure that Urlscan.ini is tuned for an Exchange server's role. To help enhance the security of the Exchange server, you must edit the Urlscan.ini configuration file to remove any extraneous functionality. To customize the Urlscan.ini file for your particular Exchange Server 2003 computer role, you must remove verbs in the [AllowVerbs] section of the Urlscan.ini file. However, make sure that the recommended verbs for your computer's role are included to obtain appropriate functionality. If multiple Web-based features are required on a single computer, you must merge the appropriate [AllowVerbs] section requirements.

You can modify the Urlscan.ini file based on the Exchange Server 2003 computer's role by using the information from the Exchange Server 2003 Urlscan template that is included in the Microsoft Knowledge Base article 823175, "Fine-tuning and known issues when you use the Urlscan utility in an Exchange 2003 environment" (

For more information about URLScan, see "UrlScan Security Tool" (

For more information about using URLScan in an Exchange Server environment, see the following Microsoft Knowledge Base articles: