Deployment Security Checklist
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Microsoft Exchange Server 2010 features are designed to help improve the security of your messaging environment. Generally, for Exchange 2010, the following conditions are true:
Accounts that are used by Exchange 2010 have the minimum rights that are required to perform the given task sets.
By default, services are started only when they are required.
Access control list (ACL) rights for Exchange objects are minimized.
Administrative permissions are set according to the scope of change on the object that a given modification requires.
By default, all internal default message paths are encrypted.
This topic lists steps that we recommend you take to harden the messaging environment before you install Microsoft Exchange. We recommend that you refer to this checklist every time that you install a new Exchange server role.
Before installing Exchange 2010, perform the following procedures.
Procedure | Done? |
---|---|
Run Microsoft Update. |
|
Run the Microsoft Windows Malicious Software Removal Tool. The Malicious Software Removal Tool is included with Microsoft Update. More information about the tool can be found at Malicious Software Removal Tool. |
|
Run the Microsoft Baseline Security Analyzer. |
|
© 2010 Microsoft Corporation. All rights reserved.