Export (0) Print
Expand All
Expand Minimize

Windows Server 2003 SP1 Security Configuration Wizard was detected

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads the following registry value to determine which version of the Microsoft Windows® operating system is running on the Exchange server:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\CurrentVersion

If the CurrentVersion value equals 5.0, the Exchange server is running on Microsoft Windows 2000 Server. If the CurrentVersion value is 5.2, the Exchange server is running on Microsoft Windows Server™ 2003.

Additionally, the Exchange Server Analyzer reads the following registry value to determine the path for the Windows Program Files directory:

HKLM\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir

The Exchange Server Analyzer then examines the Windows Program Files directory to determine whether the Windows Program Files directory contains the \Exchsrvr folder for Exchange Server.

Finally, the Exchange Server Analyzer queries the Win32_OperatingSystem Windows Management Instrumentation (WMI) class to determine the value for the ServicePackMajorVersion key. The value for the ServicePackMajorVersion key indicates which Windows service pack is installed on the computer.

The Exchange Server Analyzer displays a warning if the following conditions are true:

  • The Exchange Server Analyzer determines that the Exchange Server computer is running on Windows Server 2003 Service Pack 1.
  • The Exchange Server Analyzer determines that Exchange Server 2003 is not installed in the default path of \Program Files\Exchsrvr.

This warning indicates that Exchange Server 2003 is not installed in the default Program Files folder on the server and that the Security Configuration Wizard is installed on the Exchange server. The Security Configuration Wizard is a tool that is included as an optional component of Windows Server 2003 Service Pack 1. If the Security Configuration Wizard is installed on an Exchange server, manual configuration of the Network Security section is needed.

noteNote:
To install the Security Configuration Wizard, you must first install Windows Server 2003 Service Pack 1. After Service Pack 1 is installed, open Add/Remove Programs in Control Panel to install the Security Configuration Wizard.

The Security Configuration Wizard helps reduce the attack surface of Windows servers by asking the user a series of questions that are designed to determine the functional requirements of a server. Specifically, the Security Configuration Wizard helps you perform the following tasks:

  • It automatically disables unnecessary services.
  • It automatically blocks unused ports.
  • It helps you apply additional address restrictions or security restrictions for ports that are left open.
  • It prevents unnecessary Internet Information Services (IIS) Web extensions, if applicable.
  • It reduces protocol exposure to server message block (SMB), LanMan, and Lightweight Directory Access Protocol (LDAP).
  • It defines a high signal-to-noise audit policy.

The Security Configuration Wizard guides you through the process of creating, editing, applying, or rolling back a security policy that is based on the selected roles of the server. The security policies that are created by using the Security Configuration Wizard are XML files that configure services, network security, specific registry values, and audit policy when they are applied. If applicable, Internet Information Services (IIS) can also be configured.

The Security Configuration Wizard includes a Network Security feature that configures and adds exceptions to Windows Firewall, in addition to performing other functions. Windows Firewall is the new version of the stateful packet filter in Windows Server 2003 Service Pack 1. Windows Firewall was first introduced in Windows XP Service Pack 2. It was called Internet Connection Firewall in Windows XP Service Pack 2.

There is a known issue that occurs when the Network Security feature in the Security Configuration Wizard runs on an Exchange server on which Exchange Server is not installed in the default path. In this configuration, the application of the resultant policy may cause Exchange Server to be inaccessible by clients. When the Network Security feature is used on an Exchange server on which Exchange Server is not installed to the default path, the Security Configuration Wizard can configure Windows Firewall to block TCP/IP port access by Exchange Server processes, such as the System Attendant (Mad.exe), the Microsoft Exchange Information Store (Store.exe), or the message transfer agent (Emsmta.exe). In this configuration, the Security Configuration Wizard displays Not Found! next to each process. If the Security Configuration Wizard is run until it is completed with a process that has Not Found! next to it, the Security Configuration Wizard applies security policy to the Windows Firewall that blocks network access by that process.

If the blocked processes include one or more Exchange Server processes, Exchange Server may become inaccessible by clients and other servers. If this condition exists, you should perform one of the following procedures to correct the problem.

To correct the problem
  • Perform one of the following procedures to correct the problem:

    • Use the rollback feature of the Security Configuration Wizard to roll back a security policy after it has been applied. For more information about how to do this, see the Security Configuration Wizard Help file that is included with Windows Server 2003 Service Pack 1. For more information about Windows Server 2003 Service Pack 1 and Security Configuration Wizard, see the Windows Server 2003 TechCenter (http://go.microsoft.com/fwlink/?LinkId=45315).
    • In the Security Configuration Wizard, manually fill in the Application path field to specify the location of the Exchange Server executable process files. To do this, select the process that has Not Found! next to it, and click Edit. It is recommended that you run the Security Configuration Wizard on the Exchange server to make sure that the path of each Exchange Server process executable is correct. After each process executable has been approved, the Security Configuration Wizard security policy can be applied, and Exchange Server should have the network access that it requires to function.

For more information about Windows Server 2003 Service Pack 1 and the Security Configuration Wizard, see the Windows Server 2003 TechCenter (http://go.microsoft.com/fwlink/?LinkId=45315).

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft