This was a question asked by a university in New Mexico. I searched high and low for one but the product team has confirmed there is no SCW template available for OCS 2007 R2.
What can I do to reduce the attack surface for my OCS 2007 R2 servers?
The first thing you can do is apply the Windows Server 2008 OS SCW template to reduce the attack surface of the hosting OCS server. You can export the XML file and re-apply to each OCS server. Read more here. Be sure to read the OCS R2 Security guide below to allow for appropriate ports which OCS R2 needs to communicate.
Where can I read about how to secure OCS 2007 R2 servers?
Download the OCS 2007 R2 Security Guide here. This security guide has a lot of good information around securing your edge server, firewall rules, client policy, hardening OCS servers, etc.
Are there other ways to turn down unused OCS services?
Yes, you can disable unused OCS Edge services using LCSCMD such as this example if the Web Conf and Access Edge roles are not used on a consolidated Edge server:
LCSCmd.exe /Server /Role:AP /Components:AP,DP /Action:Deactivate
Executes the action for the specified server FQDN.
/server - deactivates the local server.
/server:<remoteComputerFQDN> - deactivates the role on the remote computer.
Specifies the role of the server.
Specifies the component roles available on an Office Communications Server 2007 R2 Edge Server. Components are separated by commas. You must specify at least one Edge Server role, or activation will fail.
Valid values are:
AP to deactivate Access Edge Server
DP to deactivate Web Conferencing Edge Server
MR to deactivate A/V Edge Server
If you aren’t using services like Conferencing Attendant, Conferencing Announcement Service, Response Group Service and Outside Voice Control on an OCS front end server:
You can stop the Windows Service called: UCAS to reduce your attack surface