How to Install Exchange 2003 on a Hardened Server


Topic Last Modified: 2005-12-15

Although your hardened Microsoft® Exchange Server environment allows core Exchange services to run, it does not, by default, allow you to install or upgrade Exchange Server. This topic explains how to install or upgrade Exchange on hardened servers.

In some installation scenarios, you may have to restart some services and reboot your computers. In these cases, the Exchange Group Policy Security Templates may be re-applied during setup and, as a result, Exchange Setup may fail. To help you avoid potential setup failures, this topic explains how to install Exchange by resetting the group policy update interval such that the maximum time is available for an Exchange installation or upgrade. By default, Microsoft Windows® member servers update the group policy every 90 minutes. The procedure in this topic explains how to reset the group policy update interval. Therefore, resetting the update interval will provide 90 minutes for your installation or upgrade of Exchange.

For more information about how to set the group policy update interval, see Microsoft Knowledge Base Article 203607, How to modify the default group policy refresh interval.

After you reset the group policy update interval, you must verify that the correct services are enabled for Exchange Setup. Also, after you install Exchange, you must restart the computer to reapply the group policy settings.

  1. On the computer where you will run Exchange Setup, reset the group policy update interval: Click Start, click Run, and then type the following command:

    gpupdate.exe /target:computer /force

  2. Before continuing, verify that the group policy has been successfully updated. Review the Application log for Event ID 1704 (Source SceCli) with a timestamp close to or after the execution time of step 1.

  3. On the computer where you want to install or upgrade Exchange, open the Services MMC snap-in and verify that the following services are set to Manual or Automatic startup. If any of the services are disabled, set them to Manual startup:

    • Network News Transport Protocol (NNTP)

    • Microsoft Exchange POP3

    • Microsoft Exchange IMAP4

    • Information Store

    • Microsoft Exchange MTA Stacks

    • Microsoft Exchange Routing Engine

    • IIS Admin

    • Microsoft Exchange System Attendant

    • Microsoft Exchange Management

    • Simple Mail Transfer Protocol (SMTP)

    • HTTP SSL

    • World Wide Web Publishing

    • Distributed Transaction Coordinator

    • Windows Installer

    • Windows Management Instrumentation

    • Microsoft Search

    • NT LM Security Support Provider

  4. Install or upgrade the Exchange server.

  5. After the Exchange installation is complete, restart the Exchange server. This reapplies the Exchange Group Policy Security Templates.

For information about the Group Policy Update utility, see Microsoft Knowledge Base article 298444, A Description of the Group Policy Update Utility.