How to Apply an Existing SCW Policy to an Exchange Server Role

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to apply an existing Security Configuration Wizard (SCW) policy to a computer that has a Microsoft Exchange Server 2007 server role installed. The SCW is a tool that was introduced with Windows Server 2003 Service Pack 1. The SCW automates security best practices to reduce the attack surface for a server. After you create a custom SCW policy, you can use that policy to apply the configured security settings to each Exchange server that runs the same server role or roles in your organization.

Before You Begin

Before you begin, you must follow these steps:

• Install the Exchange 2007 server role. For more information, see Deploying Server Roles.

• Install the Security Configuration Wizard. For more information, see How to Install the Security Configuration Wizard.

• Register the SCW extension for the Exchange server role. For more information, see How to Register Exchange Server Role SCW Extensions.

• Create a custom SCW policy for the Exchange server role to meet the unique needs of your environment. Copy the XML file that is associated with the policy to the server on which you want to apply the policy. For more information, see How to Create a New Exchange Server Role SCW Policy.

To perform the following procedures, the account you use must be delegated the following:

• Exchange Server Administrator role and local Administrators group for the target server

To perform the following procedures on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Procedure

To use the Security Configuration Wizard to apply an existing policy

1. Click Start, point to All Programs, point to Administrative Tools, and then click Security Configuration Wizard to start the tool. Click Next on the welcome screen.

2. On the Configuration Action page, select Apply an existing security policy. Click Browse, select the XML file for your policy, and then click Open. Click Next.

3. On the Select Server page, verify that the correct server name appears in the Server (use DNS name, NetBIOS name, or IP address): field. Click Next.

4. On the Apply Security Policy page, click View Security Policy if you want to view the policy details, and then click Next.

5. On the Applying Security Policy page, wait until the progress bar indicates Application complete, and then click Next.

6. On the Completing the Security Configuration Wizard page, click Finish.

For More Information

For more information, see the following topics:

• Using the Security Configuration Wizard to Secure Windows for Exchange Server Roles

• How to Install the Security Configuration Wizard

• How to Register Exchange Server Role SCW Extensions

• How to Create a New Exchange Server Role SCW Policy