Exchange Server Security Hardening Guide


This guide is designed to provide you with essential information about how to harden your Microsoft® Exchange Server 2003 environment. In addition to practical, hands-on configuration recommendations, this guide includes strategies for combating spam, viruses, and other external threats to your Exchange 2003 messaging system. Although most server administrators can benefit from reading this guide, it is designed to produce maximum benefits for administrators responsible for Exchange messaging, both at the mailbox and architect levels.

This guide is a companion to the Windows Server 2003 Security Guide. Specifically, many of the procedures in this guide are related directly to security recommendations introduced in the Windows Server 2003 Security Guide. Therefore, before you perform the procedures presented in this guide, it is recommended that you first read the Windows Server 2003 Security Guide.


This guide makes several references to Exchange Group Policy Security Templates. These templates include the following files: Exchange_2003-Backend_V1_1.inf, Exchange_2003_DC_Incremental_V1_1.inf, Exchange_2003_Frontend_V1_1.inf, Exchange_2003_HTTP_V1_1.inf, Exchange_2003_IMAP4_V1_1.inf, Exchange_2003_NNTP_V1_1.inf, Exchange_2003_POP3_V1_1.inf, Exchange_2003_SMTP_V1_1.inf, Exchange_2003-Cluster_Node_Base_V1_1.inf, Exchange_2003-Cluster_Node_IMAP4_V1_1.inf, and Exchange_2003-Cluster_Node_POP3_V1_1.inf, Exchange_2003-RPC-HTTP_V1_2.inf. To fully benefit from the content in this guide, it is important that you download these templates. You can download the Exchange Group Policy Security Templates from the Microsoft Download Center.


Download Microsoft Exchange Server 2003 Security Hardening Guide to print or read offline.