programming4us
programming4us
SECURITY

Microsoft Exchange Server 2007 : Securing Windows for the Edge Transport Server Role (part 2) - Creating a New Edge Transport Server Security Policy

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
1/15/2015 3:26:44 AM

Creating a New Edge Transport Server Security Policy

When implementing network security through the implementation of an Edge Transport server, a security policy can be created on the Edge server. To create a new Edge Transport server security policy, do the following:

1.
Click Start, point to All Programs, point to Administrative Tools, and then click Security Configuration Wizard to start the tool. Click Next on the welcome screen.

2.
On the Configuration Action page, select Create a New Security Policy, and then click Next.

3.
On the Select Server page, verify that the correct server name appears in the Server (use DNS name, NetBIOS name, or IP address) field. Click Next.

4.
On the Processing Security Configuration Database page, wait for the progress bar to complete, and then click Next.

5.
On the Role-Based Service Configuration page, click Next.

6.
On the Select Server Roles page, select the Exchange 2007 Edge Server check box, and then click Next.

7.
On the Select Client Features page, select each client feature that is required on your Edge Transport server, and then click Next.

8.
On the Select Administration and Other Options page, select each administration feature that is required on your Edge Transport server, and then click Next.

9.
On the Select Additional Services page, select each service that is required to be enabled on the Edge Transport server, and then click Next.

10.
On the Handling Unspecified Services page, select the action to perform when a service that is not currently installed on the local server is found. You can select to take no action by selecting Do Not Change the Startup Mode of the Service, or you can select to automatically disable the service by selecting Disable the Service. Click Next.

11.
On the Confirm Service Changes page, review the changes that this policy will make to the current service configuration. Click Next.

12.
On the Network Security page, verify that Skip This Section is not selected, and then click Next.

13.
On the Open Ports and Approve Applications page, you must add two ports for LDAP communication to Active Directory Application Mode (ADAM). To add the ports:

a. Click Add. On the Add Port or Application page, in the Port Number field, enter 379. Select the TCP check box, and then click OK.

b. Click Add. On the Add Port or Application page, in the Port Number field, enter 626. Select the UDP check box, and then click OK.

14.
On the Open Ports and Approve Applications page, you must configure the ports for each network adapter. To do so:

a. Select Port 25, and then click Advanced. On the Port Restrictions page, click the Local Interface Restrictions tab. Select Over the Following Local Interfaces, select both the Internal Network Adapter and External Network Adapter check boxes, and then click OK.

b. Select Port 379, and then click Advanced. On the Port Restrictions page, click the Local Interface Restrictions tab. Select Over the Following Local Interfaces, select only the Internal Network Adapter check box, and then click OK.

c. Select Port 626, and then click Advanced. On the Port Restrictions page, click the Local Interface Restrictions tab. Select Over the Following Local Interfaces, select only the Internal Network Adapter check box, and then click OK.

d. Select Port 3389, and then click Advanced. On the Port Restrictions page, click the Local Interface Restrictions tab. Select Over the Following Local Interfaces, select only the Internal Network Adapter check box, and then click OK.

15.
On the Open Ports and Approve Applications page, click Next.

16.
On the Confirm Port Configuration page, verify that the incoming port configuration is correct, and then click Next.

17.
On the Registry Settings page, select the Skip This Section check box, and then click Next.

18.
On the Audit Policy page, select the Skip This Section check box, and then click Next.

19.
On the Save Security Policy page, click Next.

20.
On the Security Policy File Name page, enter a filename for the security policy and an optional description. Click Next. If a restart of the server is required after the policy is applied, a dialog box appears. Click OK to close the dialog box.

21.
On the Apply Security Policy page, select Apply Now, and then click Next.

22.
On the Completing the Security Configuration Wizard page, click Finish.

Administrator Permissions on an Edge Transport Server

By default, when you install an Edge Transport server role, the server is administered using local user accounts. This is because the server is configured as a standalone server in the perimeter network and has no domain membership.

The local Administrators group is granted full control over the Edge Transport server, including administration permissions over the instance of Active Directory Application Mode (ADAM) on the server. Logging on as an account with membership in the local Administrators group gives you permission to modify the server configuration, security configurations, ADAM data, and the status of queues and messages currently in transit on the server.

Generally, you would utilize Microsoft Windows Terminal server to administer an Edge Transport server, and the local Administrators group is granted remote logon permissions by default. Rather than allowing all of your administrators to use the default Administrator account, it is recommended that you create a separate local account for each administrator who will be administering your Edge servers, and adding these accounts to the local Administrators group on the server.

Table 1 below identifies administrative tasks that are commonly performed on an Edge Transport server, and the required group membership needed for each task.

Table 1. Edge Transport Server Administrative Tasks
Administative TaskMembership Needed
Backup and restoreBackup Operators
Enable and disable agentsAdministrators
Configure connectorsAdministrators
Configure antispam policiesAdministrators
Configure IP Block lists and IP Allow listsAdministrators
View queues and messagesUsers
Manage queues and messagesAdministrators
Create an EdgeSync subscription fileAdministrators
Other  
  •  Microsoft Exchange Server 2007 : Edge Transport Server Connectors (part 2) - Setting Message Delivery Limits, Configuring Authoritative Domains
  •  Microsoft Exchange Server 2007 : Edge Transport Server Connectors (part 1) - Configuring Send Connectors on the Edge Transport Server
  •  Microsoft Exchange Server 2007 : Server and Transport-Level Security - Exchange Server 2007 SMTP Connectors (part 2) - Hub Transport Server Connectors
  •  Microsoft Exchange Server 2007 : Server and Transport-Level Security - Exchange Server 2007 SMTP Connectors (part 1) - Connector Topology
  •  Microsoft Exchange Server 2007 : Server and Transport-Level Security - Transport-Level Security Defined
  •  Microsoft Exchange Server 2007 : Exchange Server-Level Security Features (part 2) - Protecting Exchange Server 2007 from Viruses
  •  Microsoft Exchange Server 2007 : Exchange Server-Level Security Features (part 1) - Exchange Server 2007 Antispam Measures
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 5) - Using Email Disclaimers
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 4) - Establishing a Corporate Email Policy, Securing Groups
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 3) - Hardening Windows Server 2003 - Running SCW
  •  
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us
    programming4us
     
     
    programming4us