Guide to the Secure Configuration and Administration of Microsoft ...

More documents

Recommendations

Info

Warnings Do not attempt to implement any of the settings in this guide without first testing in a non-operational environment. This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore this guide does not address site-specific configuration issues. Care must be taken when implementing this guide to address local operational and policy concerns. SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Please keep track of the latest security patches and advisories at the Microsoft security bulletin page at http://www.microsoft.com/technet/security/current.asp. This document contains possible recommended settings for the system Registry. You can severely impair or disable a Windows NT System with incorrect changes or accidental deletions when using a Registry editor (Regedt32.exe or Regedit.exe) to change the system configuration. Currently, there is no “undo” command for deletions within the Registry. Registry editor prompts you to confirm the deletions if “Confirm on Delete” is selected from the options menu. When you delete a key, the message does not include the name of the key you are deleting. Therefore, check your selection carefully before proceeding. II
Trademark Information Windows NT, Microsoft Exchange, and Microsoft Outlook are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and other countries. All other names are registered trademarks or trademarks of their respective companies. III
Page 1: Guide to the Secure Configuration a
Page 5 and 6: Table of Contents About the Guide t
Page 7 and 8: Chapter 3, “Administrative Permis
Page 9 and 10: Chapter 1 Exchange Server Installat
Page 11 and 12: separate partition will provide a l
Page 13 and 14: Chapter 2 Client Installation Insta
Page 15 and 16: Domain Admins: Full Control SYSTEM
Page 17 and 18: Chapter 3 Administrative Permission
Page 19 and 20: Summary In summary, when assigning
Page 21 and 22: Site Level Server Level The Directo
Page 23 and 24: Server Level At the server level, t
Page 25 and 26: Configuration Use the Windows NT ev
Page 27 and 28: GWS1 (Server) Jack (Client) NT Remo
Page 29 and 30: Summary When connecting servers in
Page 31 and 32: other hosts were detailed in Chapte
Page 33 and 34: Chapter 7 Client Security and “Ad
Page 35 and 36: For each zone, one of four levels o
Page 37 and 38: Respect the concept of least privil
Page 39 and 40: KMS password. It is very critical t
Page 41 and 42: When advanced security is invoked,
Page 43 and 44: ecommended that you follow the guid
Page 45 and 46: “contributor” right (allowing o
Page 47 and 48: Authentication Exchange 5.0 Exchan
Page 49 and 50: Data Confidentiality It is importan
Page 51 and 52: IMAP LDAP allowed authentication me
Page 53 and 54:
To control anonymous access: Selec
Page 55 and 56:
This issue can be overcome simply b
Page 57 and 58:
For recoverability, log files can b
Page 59 and 60:
from using the distribution list, t
Page 61 and 62:
Revisions: Version 1.1 - Cleaned up
show all

Guide to the Secure Configuration and Administration of Microsoft ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?