Deploying the Exchange Group Policy Security Templates

In Windows Server 2003, you can define many security settings, including auditing, security options, registry settings, file permissions, and service settings using group policy objects. The Windows Server 2003 Security Guide provides recommendations for many of these settings, and many of these settings apply for Exchange Server 2003. As previously mentioned, the main area where additional settings are applied is for services, although there are some file permission changes and, for domain controllers, registry changes.

This section explains how to organize your Active Directory directory service structure to support deployment of the Exchange Group Policy Security Templates at the organizational unit level. The previous sections provided steps for installing the individual security templates on each local machine or manually configuring the recommended settings. In comparison, deploying the Exchange Group Policy Security Templates (in accordance with the recommended organizational unit structure presented in this section) is more predictable and less prone to configuration problems. Using organizational units and Group Policy objects (GPOs) to deploy the security templates helps ensure that all servers within a given organizational unit are configured identically. You can download the Exchange Group Policy Security Templates from the Microsoft Download Center.