Topic Last Modified: 2009-01-21

The Microsoft Exchange Server Best Practices Analyzer parses the permissions that are set on the Microsoft-Server-ActiveSync virtual directory to determine whether the appropriate permissions are assigned.

The Analyzer does not expect permissions to be set on the Microsoft-Server-ActiveSync virtual directory. The tool generates a best practices message if it determines that any of the following check boxes are selected on the Virtual Directory tab of the Microsoft-Server-ActiveSync Properties dialog box:

Microsoft Exchange ActiveSync allows for the synchronization of mailbox information with mobile devices. To do this, Exchange uses the Microsoft-Server-ActiveSync virtual directory in Internet Information Services (IIS). As a best practice, permissions on this virtual directory should be restricted. By default, the following check boxes are not selected on the Virtual Directory tab of the Microsoft-Server-ActiveSync Properties dialog box:

These permissions are not required on the virtual directory. To address this issue, modify the permission entries on the Microsoft-Server-ActiveSync virtual directory to restrict the permissions.

To modify permissions on the Microsoft-Server-ActiveSync virtual directory in IIS 6.0
  1. Start the Internet Information Services (IIS) Manager tool.

  2. Expand Web Sites, expand Default Web Site, right-click Microsoft-Server-ActiveSync, and then click Properties.

  3. Click the Virtual Directory tab, and then click to clear the following check boxes:

    • Script source access

    • Read

    • Write

    • Directory browsing

  4. Click OK.

  5. Start a command prompt, and then run the iisreset command to apply the changes.