Exchange Security Documentation: What's New and Who's Who
Topic Last Modified: 2007-05-11
By John Speare
If you have been watching the Security and Protection node in the Microsoft Exchange Server 2007 Technical Library, you may have noticed that it's grown a bit since we shipped Exchange 2007 a few months ago. In addition to some rich new permission and certificate content (which I describe below), we've added the following new content written by the Client Access and Unified Messaging teams, respectively, to the Security and Protection node:
You may wonder why we have spread our security-related content across the documentation set for Exchange Server 2007 rather than putting it all in one place. In the past, we published permission and "Security Hardening" content as stand-alone "guides." This approach made sense for locking down services and directories after Exchange Setup ran. However, today, with server role-based setup in Exchange 2007, Microsoft Exchange enables only those services that are required by the server role that is being installed. Microsoft Exchange is no longer installed and then "security hardened." It's designed to be secure by default.
Similarly, permission management isn't an add-on process; it should be built into the overall planning and deployment phases of your Exchange 2007 deployment. Therefore, we've streamlined our permission documentation, integrating it into the core content to provide seamless context for administrators as they plan for and deploy their administrative model.
Most of the content that you find in the Microsoft Exchange Server 2007 Technical Library on TechNet is written by full-time technical writers from the Exchange Server User Education team. The content is always reviewed by subject matter experts in Microsoft. These reviewers include the developer and tester who coded and tested the feature. And the program manager for the feature also takes a look, together with a representative from Customer Support Service in many cases.
We on the User Education team really appreciate this help and thought it would be a good idea to recognize some of the people from the Exchange product team and Customer Support Service who have provided content and made a significant impact in their reviews of the security-related content for Microsoft Exchange Server 2007 and earlier versions of Exchange Server.
For content that deals specifically with security features or functionality, we not only submit topics for our usual technical review, we also make sure to get some extra eyes and minds in on the review. We work closely with the Exchange Security team to ensure that this content is appropriate and comprehensive. Among these additional reviewers and contributors is one of our senior Enterprise consultants, Ross Smith IV.
After Exchange Server 2003 shipped, Ross Smith IV wrote a ton of great permission documentation. The User Education team spent a bit of time formatting and editing this excellent content and published it as Working with Active Directory Permissions in Exchange Server. Ross' content is thorough and precise, and it has been hugely popular with other consultants and Exchange administrators.
For Exchange 2007, Ross has updated the permission documentation. Specifically, the following Exchange 2007 Help topics include his updated and new permission documentation:
Planning for Access to Active Directory
Exchange 2007 Permissions: Frequently Asked Questions
Planning and Implementing a Split Permissions Model
Split Permissions Model Reference
Unified Messaging Permission Delegation in Exchange Server 2007
Exchange 2007 Server Setup Permissions Reference
As noted earlier, the User Education team relies on the Exchange Security team to help develop content and review it. Chris Ahlers, Software Developer, is our primary security reviewer. Chris is tireless in his dedication to thorough reviews of all the security-related content that we publish. He also helped author the Exchange 2003 version of the Exchange Server Security Hardening Guide.
And Eugene Siu, formerly of the Exchange Security Team and now a Microsoft Senior Security Consultant, wrote the Exchange registration files for the Microsoft Windows Security Configuration Wizard (SCW). For more information about how to deploy the SCW with Microsoft Exchange, see Using the Security Configuration Wizard to Secure Windows for Exchange Server Roles.
Eugene also provided the content for the excellent Data Path Security Reference.
Finally, we also recently received some fantastic content about certificate selection for Transport Layer Security (TLS) from Stuart Presley and Jenny Frye, who work in Customer Support. You can read more about how this content was developed in Selecting TLS Certificates on the Exchange Team Blog. And the User Education team "leveraged" their work in SMTP TLS Certificate Selection.
John Speare - Senior Technical Writer, Microsoft Exchange Server