Configuration and Security Update Recommendations for Exchange 2000 Server

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
Updated : September 22, 2003

Find the information you need to implement recommended security practices and to maximize the performance of your servers running Exchange 2000 Server. For information about optimizing other Exchange Server versions, see:


For optimum performance and security, build the system configurations listed in the following tables.

Server Configuration

Operating system

Microsoft Windows 2000 with Service Pack 4 (SP4) and the updates available from the Microsoft Update site.


Internet Explorer 6 with Service Pack 1 (SP1) and the updates available from the Microsoft Update site.


Exchange 2000 Server with Service Pack 3 (SP3)* with the update rollup for Exchange 2000 Server

Note: For information about how to use Internet Information Services (IIS) Lockdown and URLScan in conjunction with Exchange 2000 Server, see Article 309508: IIS Lockdown and URLscan Configurations in an Exchange Server Environment in the Knowledge Base.

Client Configuration

Operating system

Windows 2000 with SP4 or Windows XP with Service Pack 1a (SP1a) and the updates available from the Microsoft Update site.


Internet Explorer 6 with SP1 and the updates available from the Microsoft Update site.


Outlook 2002 with Microsoft Office XP Service Pack 2 (SP2)

Do not install Microsoft Outlook on servers running Exchange 2000 Server. For more information, see Article 266418: Microsoft Does Not Recommend Installing Exchange Server and Outlook on the Same Computer in the Microsoft Knowledge Base.

Service Packs, Security Updates, and Fixes

Keep your Exchange 2000 Server deployment up-to-date with the latest security enhancements.

Exchange 2000 Server

Download the Latest Security Update. Locate security bulletins by product or technology, or review a list of the most recent security bulletins on the Microsoft Security Bulletin Search page.

Update Rollup for Exchange 2000 Server. This update fixes issues discovered since the release of Exchange 2000 Server SP3, but requires SP3.
(Last updated: August 16, 2004)

Service Pack 3. This service pack is a cumulative update that includes all previous service pack updates. For deployment information, see the Exchange 2000 Server SP3 Deployment Guide.
(Last updated: October 31, 2003)

You can use the following procedure to manually check for product updates:

  1. Navigate to the Microsoft Download Center.

  2. In the Product/Technology box, select Exchange.

  3. In the Keywords box, enter either Exchange 2000 Enterprise Server or Exchange 2000 Server, depending on your version.

  4. Click Go.

Microsoft Baseline Security Analyzer. You can also scan for missing security updates and server security misconfigurations by downloading Microsoft Baseline Security Analyzer (MBSA).

Windows XP

Service Pack 1a. Windows XP SP1a is designed to ensure Windows XP compatibility with newly released software and hardware and includes Internet Explorer 6 SP1a. If you have already installed Windows XP SP1, you do not need to install Windows XP SP1a.
(Release date: February 3, 2003)

For automatic update detection, see the Microsoft Update site or turn on the automatic update features in Windows XP to stay up to date automatically. To manually search for critical and recommended updates, see the Windows XP Downloads page.

Windows 2000

Service Pack 4. For optimum reliability and stability of your Exchange 2000 Server environment, you should upgrade your servers running Exchange 2000 Server, Active Directory Connector, Exchange Conferencing Server, and all domain controllers and global catalog servers to SP4.
(Last updated: November 6, 2003)

For automatic update detection, see the Microsoft Update site. To manually search for critical and recommended updates, see the Windows 2000 Downloads page.

Outlook 2002

Office XP Service Pack 2. This service pack provides the latest updates to Outlook 2002 and Office XP, including significant security enhancements, stability, and performance improvements. This service pack combines new and previously released updates into one package.
(Last updated: July 16, 2002)

For automatic update detection, see Office Updates on the Microsoft Office Online site. To manually search for updates, see the Downloads on Microsoft Office Online.

Internet Explorer 6

Service Pack 1. Upgrade your Exchange 2000 server to Internet Explorer 6 SP1 and gain the latest features and updates. To locate the latest security updates and add-ons, see the Microsoft Internet Explorer Downloads page.
(Release date: September 9, 2002)

To find out the life-cycle support end dates for Internet Explorer 6 for your Windows operating system, see the Product Lifecycle Dates: Windows Product Family page on the Microsoft Help and Support site.


Change Password Functionality Replaced with Active Server Pages. Download this update for all installations of Windows 2000 with SP3 or earlier that run Microsoft Internet Information Services 5.0 (IIS 5.0). We recommend that you migrate to ASP technology to alleviate any risk associated with using ISM.dll. This does not affect systems when they are updated to SP4 at a later date. Note that Microsoft Windows Server 2003 does not require an update. Visit the Microsoft Help and Support site for details.
(Last updated: August 12, 2004)