Hardening the Windows Infrastructure
Before you harden your Exchange environment, you must complete the following two steps.
Important
The recommendations and template settings in this article were verified using the Windows Server 2003 "Enterprise Client" GPO templates. If you plan to run an Exchange 2003 in an environment where the Windows Server 2003 "High Security" GPO templates are deployed, additional testing and configurations may be necessary to provide full functionality. As noted in the Windows Server 2003 Security Guide, the High Security templates are very restrictive, and as a result, many applications may not function correctly. For this reason, performance may be impacted, and server management will be more challenging.
Deploy the Domain, Domain Controller, and Member Server Baseline policy templates throughout your forest. For information about how to deploy these templates, see Chapters 2, 3, and 4 in the Windows Server 2003 Security Guide.
Note
Exchange servers are considered to be member servers; therefore, be sure to apply the appropriate Member Server Baseline policy (Enterprise Client - Member Server Baseline.inf) to each Exchange server.
Deploy the Exchange Domain Controller Baseline Policy template (Exchange_2003-DC_Incremental_V1_1.inf) in all of the domain controllers in your organization. The Exchange_2003-DC_Incremental_V1_1.inf file is a security policy that allows Exchange to operate in a secured environment. The next section explains this policy in detail, including specific deployment steps.