Securing Server Roles in Exchange 2003

 

The Exchange Group Policy Security Templates (available from the Microsoft Download Center) help you secure server roles in your Exchange 2003 environment. To apply the templates, you must import them into your Group Policy settings.

The following table lists how server roles correspond to the security templates.

Important

In the following table, the sequence of the security templates corresponds to the order in which they are applied, not the order in which they should appear in the GPO list. In fact, because the Group Policies are implemented from the top of the list down, the order in which the templates should appear in the GPO list is exactly opposite.

Exchange 2003 server roles and corresponding security templates

Server role Description Security templates

Exchange 2003 back-end server

Server for mailbox and public folder access; when using POP, IMAP4, or NNTP, include the corresponding incremental template

  • Windows Server 2003 baseline template (Enterprise Client)

  • Exchange_2003-Backend_V1_1.inf

Exchange 2003 front-end server

Common settings for all front-end servers; disables all protocols; must apply a specific protocol for the server to function.

  • Windows Server 2003 baseline template (Enterprise Client)

  • Exchange_2003-Frontend_V1_1.inf

Exchange 2003 HTTP server

Dedicated front-end server for HTTP; used by Outlook Web Access, Outlook Mobile Access, Exchange Server ActiveSync, and WebDAV applications

  • Windows Server 2003 baseline template (Enterprise Client)

  • Exchange_2003-Frontend_V1_1.inf

  • Exchange_2003-HTTP_V1_1.inf

Exchange 2003 POP3 server

Dedicated front-end server for POP3, or added incrementally to an Exchange 2003 back-end server

  • Windows Server 2003 baseline template (Enterprise Client)

  • Exchange_2003-Frontend_V1_1.inf

  • Exchange_2003-POP3_V1_1.inf

Exchange 2003 IMAP4 server

Dedicated front-end server for IMAP4, or added incrementally to an Exchange 2003 back-end server

  • Windows Server 2003 baseline template (Enterprise Client)

  • Exchange_2003-Frontend_V1_1.inf

  • Exchange_2003-IMAP4_V1_1.inf

Exchange 2003 NNTP server

Added incrementally to an Exchange 2003 back-end server

  • Windows Server 2003 baseline template (Enterprise Client)

  • Exchange_2003-Backend_V1_1.inf

  • Exchange_2003-NNTP_V1_1.inf

Exchange 2003 SMTP server

Dedicated Internet-facing gateway server for SMTP or bridgehead

  • Windows Server 2003 baseline template (Enterprise Client)

  • Exchange_2003-Frontend_V1_1.inf

  • Exchange_2003-SMTP_V1_1.inf

Exchange 2003 front-end RPC over HTTP proxy server

Added incrementally to an Exchange 2003 front-end server that serves as an RPC/HTTP proxy.

  • Windows Server 2003 baseline template (Enterprise Client)

  • Exchange_2003-Frontend_V1_1.inf

  • Exchange_2003-HTTP_V1_1.inf

  • Exchange_2003-RPC-HTTP_V1_2.inf

For front-end servers, any combination of HTTP, POP3, IMAP4, and SMTP policies can be applied on top of the Exchange_2003-Frontend_V1_1.infpolicy. In fact, because the Exchange_2003-Frontend_V1_1.infsecurity policy turns off all Internet client protocols, you must apply all of those protocol security policies after deploying Exchange_2003-Frontend_V1_1.inf. For back-end servers, any combination of POP3, IMAP4, and NNTP can be applied on top of the Exchange_2003-Backend_V1_1.infExchange_2003-Backend_V1_1.infpolicy.