Exchange 2007 security
I get asked the question ‘how can we secure our Exchange 2007 servers’ so I’ve compiled a list from the Exchange 2007 Security Guide. As you know Exchange 2007 is by design secure, but here are the services that start automatically and the ones that you’ll start manually.
Mailbox role
The Microsoft Search (Exchange Server) service and Microsoft Exchange Monitoring are set to start manual. All other services are set to start automatically. Here are list of some of the services that are automatically enabled by default when the mailbox role starts:-
Service short name |
Service name |
MSExchangeIS |
Microsoft Exchange Information Store |
MSExchangeADTopology |
Microsoft Exchange Active Directory Topology |
MSExchangeRepl |
Microsoft Exchange Replication Service |
MSExchangeMailboxAssistants |
Microsoft Exchange Mailbox Assistants |
MSExchangeSearch |
Microsoft Exchange Search Indexer |
MSExchangeServiceHost |
Microsoft Exchange Service Host |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
MSExchangeSA |
Microsoft Exchange System Attendant |
MSExchangeMailSubmission |
Microsoft Exchange Mail Submission Service |
msftesql-Exchange |
Microsoft Search (Exchange Server) |
Clustered Mailbox Server Role
The Cluster Service is set to start automatically:-
Service short name |
Service name |
ClusSvc |
Microsoft Cluster Service |
Hub Transport Server Role
Microsoft Exchange Monitoring is set to start manually. All other services are set to start automatically:-
Service short name |
Service name |
MSExchangeADTopology |
Microsoft Exchange Active Directory Topology service |
MSExchangeTransport |
Microsoft Exchange Transport service |
MSExchangeAntispamUpdate |
Microsoft Exchange Anti-spam Update service |
MSExchangeEdgeSync |
Microsoft Exchange EdgeSync service |
MSExchangeTransportLogSearch |
Microsoft Exchange Transport Log Search service |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
Edge Transport Server Role
Microsoft Exchange Monitoring and the Microsoft Exchange Transport Log Search service are set to start manually. All other services are set to start automatically:-
Service short name |
Service name |
MSExchangeTransport |
Microsoft Exchange Transport service |
MSExchangeAntispamUpdate |
Microsoft Exchange Anti-spam Update service |
ADAM_MSExchange |
Microsoft Exchange ADAM |
EdgeCredentialSvc |
Microsoft Exchange Credential Service |
MSExchangeTransportLogSearch |
Microsoft Exchange Transport Log Search service |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
Client Access Server Role
Microsoft Exchange Monitoring, the Microsoft Exchange POP3 service, and the Microsoft Exchange IMAP4 service are set to start manually. All other services are set to start automatically:-
Service short name |
Service name |
MSExchangeADTopology |
Microsoft Exchange Active Directory Topology service |
MSExchangePOP3 |
Microsoft Exchange POP3 service |
MSExchangeIMAP4 |
Microsoft Exchange IMAP4 service |
MSExchangeFDS |
Microsoft Exchange File Distribution service |
MSExchangeServiceHost |
Microsoft Exchange Service Host |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
Unified Messaging Server Role
Microsoft Exchange Monitoring is set to start manually. All other services are set to start automatically:-
Service name |
Friendly name |
MSExchangeADTopology |
Microsoft Exchange Active Directory Topology service |
MSSpeechService |
Microsoft Exchange Speech Engine |
MSExchangeUM |
Microsoft Exchange Unified Messaging |
MSExchangeFDS |
Microsoft Exchange File Distribution Service |
MSExchangeMonitoring |
Microsoft Exchange Monitoring |
Written by Daniel Kenyon-Smith