Exchange 2007 security


 


I get asked the question ‘how can we secure our Exchange 2007 servers’ so I’ve compiled a list from the Exchange 2007 Security Guide. As you know Exchange 2007 is by design secure, but here are the services that start automatically and the ones that you’ll start manually.


Mailbox role


The Microsoft Search (Exchange Server) service and Microsoft Exchange Monitoring are set to start manual. All other services are set to start automatically. Here are list of some of the services that are automatically enabled by default when the mailbox role starts:- 






































Service short name


Service name


MSExchangeIS


Microsoft Exchange Information Store


MSExchangeADTopology


Microsoft Exchange Active Directory Topology


MSExchangeRepl


Microsoft Exchange Replication Service


MSExchangeMailboxAssistants


Microsoft Exchange Mailbox Assistants


MSExchangeSearch


Microsoft Exchange Search Indexer


MSExchangeServiceHost


Microsoft Exchange Service Host


MSExchangeMonitoring


Microsoft Exchange Monitoring


MSExchangeSA


Microsoft Exchange System Attendant


MSExchangeMailSubmission


Microsoft Exchange Mail Submission Service


msftesql-Exchange


Microsoft Search (Exchange Server)

 


Clustered Mailbox Server Role


The Cluster Service is set to start automatically:-


 











Service short name


Service name


ClusSvc


Microsoft Cluster Service


Hub Transport Server Role


Microsoft Exchange Monitoring is set to start manually. All other services are set to start automatically:- 


























Service short name


Service name


MSExchangeADTopology


Microsoft Exchange Active Directory Topology service


MSExchangeTransport


Microsoft Exchange Transport service


MSExchangeAntispamUpdate


Microsoft Exchange Anti-spam Update service


MSExchangeEdgeSync


Microsoft Exchange EdgeSync service


MSExchangeTransportLogSearch


Microsoft Exchange Transport Log Search service


MSExchangeMonitoring


Microsoft Exchange Monitoring

 


Edge Transport Server Role


Microsoft Exchange Monitoring and the Microsoft Exchange Transport Log Search service are set to start manually. All other services are set to start automatically:-


























Service short name


Service name


MSExchangeTransport


Microsoft Exchange Transport service


MSExchangeAntispamUpdate


Microsoft Exchange Anti-spam Update service


ADAM_MSExchange


Microsoft Exchange ADAM


EdgeCredentialSvc


Microsoft Exchange Credential Service


MSExchangeTransportLogSearch


Microsoft Exchange Transport Log Search service


MSExchangeMonitoring


Microsoft Exchange Monitoring



Client Access Server Role


Microsoft Exchange Monitoring, the Microsoft Exchange POP3 service, and the Microsoft Exchange IMAP4 service are set to start manually. All other services are set to start automatically:- 


























Service short name


Service name


MSExchangeADTopology


Microsoft Exchange Active Directory Topology service


MSExchangePOP3


Microsoft Exchange POP3 service


MSExchangeIMAP4


Microsoft Exchange IMAP4 service


MSExchangeFDS


Microsoft Exchange File Distribution service


MSExchangeServiceHost


Microsoft Exchange Service Host


MSExchangeMonitoring


Microsoft Exchange Monitoring


Unified Messaging Server Role


Microsoft Exchange Monitoring is set to start manually. All other services are set to start automatically:-
























Service name


Friendly name


MSExchangeADTopology


Microsoft Exchange Active Directory Topology service


MSSpeechService


Microsoft Exchange Speech Engine


MSExchangeUM


Microsoft Exchange Unified Messaging


MSExchangeFDS


Microsoft Exchange File Distribution Service


MSExchangeMonitoring


Microsoft Exchange Monitoring


 Written by Daniel Kenyon-Smith

Comments (1)

  1. Anonymous says:

    Active Directory 101 Do's and Don'ts How to Ensure Simpler Microsoft Exchange High Availability