Below I’ve pasted an edited and cleaned up copy of most of the Q&A from today’s webcast on Implementing Exchange Server 2003 Security (Part 1 of 2). BIG thank you to Harold Wong and Blain Barton for handling the Q&A on the backend, and who’s work this really represents.
Questions and Answers:
“Is it recommended to implement sp2 now, or wait for a period of time? (sorry, this question is not specifically to Security)”
The timing for this right now is good, don’t wait.
“I did not un-install IMF first. What procedure should I follow to correct? What is the impact of not un-installing first?”
You can check out the hardening guide, and here is some more info on IMF, http://support.microsoft.com/?kbid=907747
“How can you tell if you have IMF installed?”
Go to Control Panel -> Add / Remove Programs and see if Microsoft Exchange IMF is listed. NOTE that it will only show up in the list if you are currently logged in with the account that installed it.
“IMF is listed in my Add or Remove Programs. Does this only refer to v1? If I remove, do I need to reinstall Exch SP2?”
If it is listed in Add / Remove Programs, then this is version 1.
“If IMF v1 not un-installed and then Exch SP2 installed, do I first use Add or Remove to uninstall IMF v1, then redo Exch SP2?”
The latest Intelligent Message Filter updates can be uninstalled by using Add or Remove Programs in Control Panel. If you uninstall the latest Intelligent Message Filter update, the files from the corresponding subfolder in the MSCFV2 folder are removed. Additionally, the registry entry under the following subkey is removed: HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesExchange Server 2003SP3KB907747. Check out the article for this http://support.microsoft.com/?kbid=907747
“In order to security our Exchange infrastructure, we plan to install SP2 on the passive node Exchange cluster. Is there a problem for sp1 and sp2 co-exist in Exchange Clustering environment for some time?(if fail-over occur)”
This shouldn’t be a problem if a fail-over should occur to the passive node. The challenge may come in where you try to fail-back to the original node if that node has not been updated to SP2.
“How do you go about limiting the IE to administrators only?”
Take precautions, check out: http://support.microsoft.com/kb/888534
“Was it recommended that ExBPA NOT be run on an Exchange server?”
No… I didn’t make that recommendation specifically. But if you want to avoid impacting performance on one of your Exchange Servers, you could run it on a separate machine (even one of your XP boxes) and target the Exchange installation from there.
“The exchange server analyzer tool should not be run on SBS2003, correct?”
The ExBPA does understand SBS 2003 and could be run on it, but to minimize impact on what is probably already a busy server, I’d recommend running it from some other workstation.
“Does MBSA work with SBS2003?”
“What’s the link to Part 2 (of 2) of this webcast series?”
“I cannot uninstall IMF v.1. I read in order to do it you have to login using the account that was used to install it, then try to uninstall it thru Add/Remove Programs? it is that a true statement?”
Yes, that is true. See http://support.microsoft.com/default.aspx?scid=kb;en-us;867633#XSLTH3140121123120121120120
“What if I do not know which account was used? Any administrator account including local admin should be able to do it. Is there a way to know which account was used?”
THAT is a good question… and I don’t know the answer to it. (Anyone?… Anyone?… Bueller?…) I’m looking into that one and will update this entry if/when I find the answer.