Kevin Remde's IT Pro Weblog

Blogs

Best of Q&A from Webcast: Implementing Exchange Server 2003 Security (Part 1 of 2)

  • Comments 3
  • Likes

Greetings!

Below I’ve pasted an edited and cleaned up copy of most of the Q&A from today’s webcast on Implementing Exchange Server 2003 Security (Part 1 of 2).  BIG thank you to Harold Wong and Blain Barton for handling the Q&A on the backend, and who’s work this really represents.

-Kevin

Questions and Answers:

“Is it recommended to implement sp2 now, or wait for a period of time? (sorry, this question is not specifically to Security)”

The timing for this right now is good, don't wait.

 

“I did not un-install IMF first. What procedure should I follow to correct? What is the impact of not un-installing first?”

You can check out the hardening guide, and here is some more info on IMF, http://support.microsoft.com/?kbid=907747

 

“How can you tell if you have IMF installed?”

Go to Control Panel -> Add / Remove Programs and see if Microsoft Exchange IMF is listed.  NOTE that it will only show up in the list if you are currently logged in with the account that installed it.

 

“IMF is listed in my Add or Remove Programs. Does this only refer to v1? If I remove, do I need to reinstall Exch SP2?”

If it is listed in Add / Remove Programs, then this is version 1.

 

“If IMF v1 not un-installed and then Exch SP2 installed, do I first use Add or Remove to uninstall IMF v1, then redo Exch SP2?”

The latest Intelligent Message Filter updates can be uninstalled by using Add or Remove Programs in Control Panel. If you uninstall the latest Intelligent Message Filter update, the files from the corresponding subfolder in the MSCFV2 folder are removed. Additionally, the registry entry under the following subkey is removed: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP3\KB907747. Check out the article for this http://support.microsoft.com/?kbid=907747

 

“In order to security our Exchange infrastructure, we plan to install SP2 on the passive node Exchange cluster. Is there a problem for sp1 and sp2 co-exist in Exchange Clustering environment for some time?(if fail-over occur)”

This shouldn't be a problem if a fail-over should occur to the passive node. The challenge may come in where you try to fail-back to the original node if that node has not been updated to SP2.

 

“How do you go about limiting the IE to administrators only?”

Take precautions, check out: http://support.microsoft.com/kb/888534

 

“Was it recommended that ExBPA NOT be run on an Exchange server?”

No… I didn’t make that recommendation specifically.  But if you want to avoid impacting performance on one of your Exchange Servers, you could run it on a separate machine (even one of your XP boxes) and target the Exchange installation from there.

 

“The exchange server analyzer tool should not be run on SBS2003,  correct?”

The ExBPA does understand SBS 2003 and could be run on it, but to minimize impact on what is probably already a busy server, I’d recommend running it from some other workstation.

 

“Does MBSA work with SBS2003?”

Yes

 

“What’s the link to Part 2 (of 2) of this webcast series?”

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032287342&Culture=en-US

 

“I cannot uninstall IMF v.1. I read in order to do it you have to login using the account that was used to install it, then try to uninstall it thru Add/Remove Programs? it is that a true statement?”

Yes, that is true. See http://support.microsoft.com/default.aspx?scid=kb;en-us;867633#XSLTH3140121123120121120120

 

“What if I do not know which account was used? Any administrator account including local admin should be able to do it. Is there a way to know which account was used?”

THAT is a good question... and I don't know the answer to it.  (Anyone?...  Anyone?...  Bueller?...)  I'm looking into that one and will update this entry if/when I find the answer.

 

 

 

  • Any chance of getting a PDF of the webcast?

  • The following opinions are just my own and are as-is, implying no warranty. Following them could be suicidal.

    “What if I do not know which account was used? Any administrator account including local admin should be able to do it. Is there a way to know which account was used?”

    You don't have to worry about that too much. In all my experiments removing everything under the following registry entry will allow you to re-apply Exchange SP2 which integrates IMF.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter


    “If IMF v1 not un-installed and then Exch SP2 installed, do I first use Add or Remove to uninstall IMF v1, then redo Exch SP2?”

    Yes, but you will get an error and it will fail with a number of errors. Here is a simple procedure:
    1) On the SP2 machine install IMFv1
    2) Add/Remove... Uninstall IMFv1
    3) Reinstall Exchange 2003 SP2
    4) Search for \"MSExchange.UceContentFilter.Dll\" in
    HKLM\\Software\\Classes
    5) Make a note of the GUID of the first instance
    6) Recreate the \"ContentFilterBindings\"=\"1::25:{GUID from the
    search}\" in HKLM\\Software\\Microsoft\\Exchange\\ContentFilter
    6a) You can also add the \"ArchiveSCL\"=dword:01 to this key to aid in
    testing - to show the SCL in mail even if it\'s not classed as spam by
    IMF.
    7) Restart server

    “How can you tell if you have IMF installed?”
    1) Look for the HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter registry key.
    2) Look in add/remove programs
    3) Look in the Exchange System Manager - Global Settings - Message Delivery, there will be a tab indicating that IMF is installed.

    Vlad Mazek
    MCSE, Exchange MVP
    http://www.vladville.com

  • Thanks for the great in-depth, Vlad! Good stuff!

    (We do so love our MVPs! :)

Blog - Post Feedback Form(CAPTCHA)
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment