Key Services That Are Disabled for Front-End Servers

  • Article

 

As with the back-end configuration, you may need to re-enable some services to provide the functionality you require. The following list describes some of the services that are disabled:

  • Microsoft Exchange POP3, Microsoft Exchange IMAP4

    If you do not have POP3 or IMAP4 clients, you can ensure that these services are disabled by group policy. However, before disabling these services, ensure that there are not any customized programs running in your environment that require these services.

  • Simple Mail Transfer Protocol (SMTP)

    When a front-end server acts as an HTTP, POP3, or IMAP4 server, it does not strictly require SMTP. However, if you configured your front-end server to receive SMTP mail (either as a gateway server or as an SMTP submission server for IMAP4 or POP3 clients), you must enable the SMTP service (SMTPSVC). For virus scanners, the Microsoft Exchange Information Store service (MSExchangeIS) and the Microsoft Exchange System Attendant service (MSExchangeSA) are also required.

  • Microsoft Exchange System Attendant

    On a front-end server, the System Attendant is required if you want to make configuration changes to the server or if you are using the front-end server as a RPC over HTTP front-end proxy. If you are not using the server as a RPC over HTTP proxy, to make any changes to a server that uses the Exchange 2003 Front-End Security Policy (including designating the server as a front-end server), you must temporarily start the Microsoft Exchange System Attendant service (MSExchangeSA) and associated services first. Otherwise, if you are using the server as a RPC/HTTP front-end proxy, you must deploy the Exchange_2003-RPC-HTTP_V1_2 group policy security template to enable the Microsoft Exchange System Attendant service.

  • Microsoft Exchange Information Store

    Because mail is not delivered to this server, the Microsoft Exchange Information Store service (MSExchangeIS) is not required. However, if the server is configured as an SMTP gateway server (without any user mailboxes or public folders), MSExchangeIS is required for virus scanning and to reliably route public folder mail.

Service Access Control Lists

The service access control list (ACLs) settings for front-end servers are identical to the service ACLs settings for back-end servers. For information about these service ACL settings, see "Service Access Control Lists."

Note

The Exchange_2003-Frontend_V1_1.inf security template configures these settings automatically.