How to Install Exchange 2003 on a Hardened Server
Although your hardened Microsoft® Exchange Server environment allows core Exchange services to run, it does not, by default, allow you to install or upgrade Exchange Server. This topic explains how to install or upgrade Exchange on hardened servers.
In some installation scenarios, you may have to restart some services and reboot your computers. In these cases, the Exchange Group Policy Security Templates may be re-applied during setup and, as a result, Exchange Setup may fail. To help you avoid potential setup failures, this topic explains how to install Exchange by resetting the group policy update interval such that the maximum time is available for an Exchange installation or upgrade. By default, Microsoft Windows® member servers update the group policy every 90 minutes. The procedure in this topic explains how to reset the group policy update interval. Therefore, resetting the update interval will provide 90 minutes for your installation or upgrade of Exchange.
For more information about how to set the group policy update interval, see Microsoft Knowledge Base Article 203607, How to modify the default group policy refresh interval.
After you reset the group policy update interval, you must verify that the correct services are enabled for Exchange Setup. Also, after you install Exchange, you must restart the computer to reapply the group policy settings.
Procedure
To install Exchange 2003 on a hardened server
On the computer where you will run Exchange Setup, reset the group policy update interval: Click Start, click Run, and then type the following command:
gpupdate.exe /target:computer /force
Before continuing, verify that the group policy has been successfully updated. Review the Application log for Event ID 1704 (Source SceCli) with a timestamp close to or after the execution time of step 1.
On the computer where you want to install or upgrade Exchange, open the Services MMC snap-in and verify that the following services are set to Manual or Automatic startup. If any of the services are disabled, set them to Manual startup:
Network News Transport Protocol (NNTP)
Microsoft Exchange POP3
Microsoft Exchange IMAP4
Information Store
Microsoft Exchange MTA Stacks
Microsoft Exchange Routing Engine
IIS Admin
Microsoft Exchange System Attendant
Microsoft Exchange Management
Simple Mail Transfer Protocol (SMTP)
HTTP SSL
World Wide Web Publishing
Distributed Transaction Coordinator
Windows Installer
Windows Management Instrumentation
Microsoft Search
NT LM Security Support Provider
Install or upgrade the Exchange server.
After the Exchange installation is complete, restart the Exchange server. This reapplies the Exchange Group Policy Security Templates.
For More Information
For information about the Group Policy Update utility, see Microsoft Knowledge Base article 298444, A Description of the Group Policy Update Utility.