Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-03-22

The Security Configuration Wizard (SCW) uses XML registration files to help you configure the Microsoft Windows operating system to operate with other applications. The registration files that the SCW uses define the security configuration that is required to operate a specific application. At a minimum, the security configuration defines the services and ports that are required for a specific application.

This topic describes the services and ports that are enabled for each Microsoft Exchange Server 2007 server role when you run the SCW with the default Exchange 2007 registration files.

Registration Files

Exchange 2007 includes two registration files for SCW. The general Exchange 2007 registration file is called Exchange2007.xml. It defines the security configuration for all Microsoft Exchange server roles, except the Edge Transport server role. The registration file for the Edge Transport server role is called Exchange2007Edge.xml. It defines the security configuration for Edge Transport servers.

The registration files are installed in the %Programfiles%\Microsoft\Exchange Server\Scripts directory when you install Exchange 2007.

Services that are enabled set the service startup value to either Automatic or Manual.

Ports that are enabled specify executable files (.exe) that are trusted by Windows Firewall to open ports for the specific application.

The Exchange 2007 registration files that are used by the SCW specify the port executables according to their default location. In most cases, the default location is at %Programfiles%\Microsoft\Exchange Server\bin. If you have installed Exchange into a different location, you must edit the <Path> value in the <Port> section of the Exchange 2007 registration files to indicate the correct installed location.

Mailbox Server Role

The following services are enabled by the Exchange 2007 registration file (Exchange2007.xml) for the Mailbox server role.

The Microsoft Search (Exchange Server) service and Microsoft Exchange Monitoring are set to start manually. All other services are set to start automatically.

Service short name Service name

MSExchangeIS

Microsoft Exchange Information Store

MSExchangeADTopology

Microsoft Exchange Active Directory Topology

MSExchangeRepl

Microsoft Exchange Replication Service

MSExchangeMailboxAssistants

Microsoft Exchange Mailbox Assistants

MSExchangeSearch

Microsoft Exchange Search Indexer

MSExchangeServiceHost

Microsoft Exchange Service Host

MSExchangeMonitoring

Microsoft Exchange Monitoring

MSExchangeSA

Microsoft Exchange System Attendant

MSExchangeMailSubmission

Microsoft Exchange Mail Submission Service

msftesql-Exchange

Microsoft Search (Exchange Server)

The following ports are enabled.

Port name Associated executable file

MSExchangeADTopologyPorts

MSExchangeADTopologyService.exe

MSExchangeISPorts

Store.exe

MSExchangeReplPorts

Microsoft.Exchange.Cluster.ReplayService.exe

MSExchangeMailboxAssistantsPorts

MSExchangeMailboxAssistants.exe

MSExchangeSearchPorts

Microsoft.Exchange.Search.ExSearch.exe

MSExchangeServiceHostPorts

Microsoft.Exchange.ServiceHost.exe

MSExchangeMonitoringPorts

Microsoft.Exchange.Monitoring.exe

MSExchangeSAPorts

Mad.exe

MSExchangeMailSubmissionPorts

MSExchangeMailSubmission.exe

msftesql-ExchangePorts

Msftesql.exe

MSExchangeTransportLogSearchPorts

MSExchangeTransportLogSearch.exe

Clustered Mailbox Server Role

The services and ports that are enabled on the Mailbox server role and described in the Mailbox Server Role section earlier in this topic are enabled on the clustered mailbox server role.

Additionally, the Microsoft Cluster Service is set to start automatically.

Service short name Service name

ClusSvc

Microsoft Cluster Service

The following ports are also enabled.

Note:
The default path for cluster-specific executables is %windir%\Cluster. The default path for the Powershell.exe is %windir%\system32\windowspowershell\v1.0.

Port name Associated executable file

ExSetupPorts

ExSetup.exe

clussvcPorts

Clussvc.exe

CluAdminPorts

CluAdmin.exe

resrcmonPorts

Resrcmon.exe

msftefdPorts

Msftefd.exe

powershellPorts

Powershell.exe

Hub Transport Server Role

The following services are enabled by the Exchange 2007 registration file (Exchange2007.xml) for the Hub Transport server role.

Microsoft Exchange Monitoring is set to start manually. All other services are set to start automatically.

Service short name Service name

MSExchangeADTopology

Microsoft Exchange Active Directory Topology service

MSExchangeTransport

Microsoft Exchange Transport service

MSExchangeAntispamUpdate

Microsoft Exchange Anti-spam Update service

MSExchangeEdgeSync

Microsoft Exchange EdgeSync service

MSExchangeTransportLogSearch

Microsoft Exchange Transport Log Search service

MSExchangeMonitoring

Microsoft Exchange Monitoring

The following ports are enabled.

Port name Associated executable file

MSExchangeADTopologyPorts

MSExchangeADTopologyService.exe

MSExchangeTransportPorts

MSExchangeTransport.exe

EdgeTransportPorts

EdgeTransport.exe

MSExchangeAntispamUpdatePorts

Microsoft.Exchange.AntispamUpdateSvc.exe

MSExchangeEdgeSyncPorts

Microsoft.Exchange.EdgeSyncSvc.exe

MSExchangeTransportLogSearchPorts

MSExchangeTransportLogSearch.exe

MSExchangeMonitoringPorts

Microsoft.Exchange.Monitoring.exe

Edge Transport Server Role

The following services are enabled by the registration file for the Edge Transport server role (Exchange2007Edge.xml).

Microsoft Exchange Monitoring and the Microsoft Exchange Transport Log Search service are set to start manually. All other services are set to start automatically.

Service short name Service name

MSExchangeTransport

Microsoft Exchange Transport service

MSExchangeAntispamUpdate

Microsoft Exchange Anti-spam Update service

ADAM_MSExchange

Microsoft Exchange ADAM

EdgeCredentialSvc

Microsoft Exchange Credential Service

MSExchangeTransportLogSearch

Microsoft Exchange Transport Log Search service

MSExchangeMonitoring

Microsoft Exchange Monitoring

The following ports are enabled.

Note:
The default path for Dsadmin.exe is %windir%\ADAM.

Port name Associated executable file

MSExchangeTransportPorts

MSExchangeTransport.exe

EdgeTransportPorts

EdgeTransport.exe

MSExchangeAntispamUpdatePorts

Microsoft.Exchange.AntispamUpdateSvc.exe

ADAM_MSExchangePorts

Dsamain.exe

EdgeCredentialSvcPorts

EdgeCredentialSvc.exe

MSExchangeTransportLogSearchPorts

MSExchangeTransportLogSearch.exe

MSExchangeMonitoringPorts

Microsoft.Exchange.Monitoring.exe

Client Access Server Role

The following services are enabled by the Exchange 2007 registration file (Exchange2007.xml) for the Client Access server role.

Microsoft Exchange Monitoring, the Microsoft Exchange POP3 service, and the Microsoft Exchange IMAP4 service are set to start manually. All other services are set to start automatically.

Service short name Service name

MSExchangeADTopology

Microsoft Exchange Active Directory Topology service

MSExchangePOP3

Microsoft Exchange POP3 service

MSExchangeIMAP4

Microsoft Exchange IMAP4 service

MSExchangeFDS

Microsoft Exchange File Distribution service

MSExchangeServiceHost

Microsoft Exchange Service Host

MSExchangeMonitoring

Microsoft Exchange Monitoring

The following ports are enabled.

Note:
The default path for the Pop3Service.exe and the Imap4Service.exe files is %Programfiles%\Microsoft\Exchange Server\ClientAccess\PopImap.

Port name Associated executable file

MSExchangeADTopologyPorts

MSExchangeADTopologyService.exe

MSExchangePOP3Ports

Microsoft.Exchange.Pop3Service.exe

MSExchangeIMAP4Ports

Microsoft.Exchange.Imap4Service.exe

MSExchangeFDSPorts

MSExchangeFDS.exe

MSExchangeServiceHostPorts

Microsoft.Exchange.ServiceHost.exe

MSExchangeMonitoringPorts

Microsoft.Exchange.Monitoring.exe

Unified Messaging Server Role

The following services are enabled by the Exchange 2007 registration file (Exchange2007.xml) for the Unified Messaging server role.

Microsoft Exchange Monitoring is set to start manually. All other services are set to start automatically.

Service name Friendly name

MSExchangeADTopology

Microsoft Exchange Active Directory Topology service

MSSpeechService

Microsoft Exchange Speech Engine

MSExchangeUM

Microsoft Exchange Unified Messaging

MSExchangeFDS

Microsoft Exchange File Distribution Service

MSExchangeMonitoring

Microsoft Exchange Monitoring

The following ports are enabled.

Note:
The default path for the SpeechService.exe file is %Programfiles%\Microsoft\Exchange Server\UnifiedMessaging.

Port name Associated executable file

MSExchangeADTopologyPorts

MSExchangeADTopologyService.exe

MSSPorts

SpeechService.exe

MSExchangeUMPorts

umservice.exe

UMWorkerProcessPorts

UMWorkerProcess.exe

MSExchangeFDSPorts

MSExchangeFDS.exe

MSExchangeMonitoringPorts

Microsoft.Exchange.Monitoring.exe

For More Information