Privilege Rights
After applying the Windows Server 2003 security policies, you only need to configure one privilege right to enable Outlook Web Access. Both the Outlook Web Access and public folders administration UI require that the Guests network logon be enabled. The Windows Server 2003 security policy sets the "Deny network logon" value to deny ANONYMOUS LOGON and the Guests group. The most efficient way to configure the "Deny network logon" is to apply a group policy that denies only ANONYMOUS LOGON.
If you deploy the Exchange 2003 Group Policy Security Templates, then the Exchange_2003-Backend_V1_1.inf file sets this value correctly.
If you are not deploying the Exchange 2003 Group Policy Security Templates, then you can edit the existing Windows Server 2003 security policy. For detailed steps explaining how to enable the Guests group, see "How to Enable the Guests Group in the Windows Server 2003 Baseline Security Policy."
Note
If you prefer to create your own group policy, you must add the following value under the [Privilege Rights] section: SeDenyNetworkLogonRight = *S-1-5-7. This argument blocks only ANONYMOUS LOGON.