Improvements to Exchange 2003 Setup

Microsoft® Exchange 2003 Setup includes many new features that make it easier to deploy Exchange 2003 in your organization. This topic describes the improvements to Exchange Setup.

Identical schema files in Active Directory Connector and Exchange

In Exchange 2000, Active Directory Connector (ADC) schema files were a subset of the Exchange 2000 core schema files. In Exchange 2003, the schema files imported during the ADC upgrade are identical to the core Exchange 2003 schema files. Therefore, you only need to update the schema once.

Exchange Setup does not require full organization permissions

In Exchange 2000, the user account that was used to run Setup was required to have Exchange Full Administrator rights at the organization level. In Exchange Server 2003, although a user with Exchange Full administrator rights at the organization level must install the first server in a domain, you can now install additional servers if you have Exchange Full Administrator rights at the administrative group level.

Exchange Setup no longer contacts the schema Flexible Single Master Operations role

In Exchange 2000, the Setup or Update program contacted the schema Flexible Single Master Operations (FSMO) role each time it ran. In Exchange 2003, Setup only contacts the server that holds the schema FSMO role when an update to the schema is required.

ChooseDC switch

Exchange Setup includes the new /ChooseDC switch. You can now enter the fully qualified domain name (FQDN) of a Windows domain controller to force Setup to read and write all data from the specified domain controller (the specified domain controller must reside in the domain where you install your Exchange 2003 server). When installing multiple Exchange 2003 servers simultaneously, forcing each server to communicate with the same Active Directory® directory service domain controller ensures that replication latencies do not interfere with Setup and cause installation failures.

Default permissions at the organization level are assigned only once

Exchange Setup now assigns default permissions on the Exchange Organization object once (during the first server installation or upgrade) and does not re-assign permissions during subsequent installations. Previously, Exchange 2000 Setup re-assigned Exchange Organization permissions during each server installation. This action overwrote any custom changes to the permissions structure. For example, if you allowed all users to create top-level public folders, these permissions were removed during each installation or upgrade.

Warning message appears if Exchange groups are moved, deleted, or renamed

Exchange Setup ensures that the Exchange Domain Servers and Exchange Enterprise Servers groups are intact. If an administrator has moved, deleted, or renamed these groups, Setup stops, and a warning message appears.

Permissions to access mailboxes

Exchange Setup configures permissions on user mailbox objects so that members of groups that have any of the standard Exchange security roles (Exchange Full Administrator, Exchange Administrator, Exchange View Only Administrator) applied to them at the organization and administrative group levels cannot open other user mailboxes.

Domain users denied local logon rights

Whether you are installing or upgrading to Exchange 2003, Exchange Setup does not allow members of the Domain Users group to log on locally to your Exchange servers.

Item size for public folder set by default

If the value is not already set, Exchange Setup limits the item size for public folders to 10240 KB (10 MB). On upgrades from Exchange 2000 to Exchange 2003, if the item size for public folders is already set, that value is preserved.

Outlook Mobile Access and Exchange ActiveSync components installed by Setup

In previous versions of Exchange, you had to install Microsoft Mobile Information Server to enable support for mobile devices. Now, Exchange 2003 includes built-in mobile device support that supersedes Mobile Information Server functionality. Specifically, the Exchange 2003 components that enable this support are called Outlook® Mobile Access and Exchange Server ActiveSync. However, Outlook Mobile Access is not enabled by default. To enable Outlook Mobile Access, start Exchange System Manager, expand Global Settings, and then use the Mobile Services Properties dialog box (Figure 1).

Figure 1   The Mobile Services Properties dialog box

For more information about Outlook Mobile Access and Exchange ActiveSync, see Configuring Exchange 2003 for Client Access.

Automatic Internet Information Services version 6.0 configuration

In Microsoft Windows Server™ 2003, Internet Information Services (IIS) 6.0 introduces worker process isolation mode, which offers greater reliability and security for Web servers. Worker process isolation mode ensures that all of the authentication, authorization, Web application processes, and Internet Server Application Programming Interface (ISAPI) extensions that are associated with a particular application are isolated from all other applications. When you install Exchange 2003 on computers running Windows Server 2003, Exchange Setup sets IIS 6.0 to worker process isolation mode automatically.

By default, ISAPI extensions are not enabled during Windows Server 2003 installation. However, because some Exchange features (such as Outlook Web Access, WebDAV, and Exchange Web forms) rely on certain ISAPI extensions, Exchange Setup enables these required extensions automatically.

Automatic IIS 6.0 configuration while upgrading from Windows 2000 to Windows Server 2003

If you install Exchange 2003 on Microsoft Windows® 2000 Server and subsequently upgrade to Windows Server 2003, Exchange System Attendant sets IIS 6.0 to worker process isolation mode automatically. Event Viewer contains an event indicating that this mode change has occurred. After the upgrade, you may notice that some of the ISAPI extensions for other applications do not function properly in worker process isolation mode. Although you can set the IIS 6.0 mode to "IIS 5.0 isolation mode" to ensure compatibility with your ISAPI extensions, it is recommended that you continue to run IIS 6.0 in worker process isolation mode. Exchange 2003 features, such as Microsoft Outlook® Web Access, WebDAV, and Web forms, do not work in IIS 5.0 isolation mode.

Support for Device Update 4 (DU4)

Exchange 2003 Service Pack 1 (SP1) now includes support for additional worldwide devices. DU4 updates the list of supported mobile devices for Outlook Mobile Access. DU4 updates ensure that the mobile devices on the list have been tested and function properly with Outlook Mobile Access.

Security Enhancement for Outlook Web Access

To prevent unsafe code from being executed within the browser for certain MIME types, Exchange Setup adds new file extensions to the Outlook Web Access block lists. This update provides a list of known content types that are allowed to start within the browser.