Additions for Exchange Server 2007 - Part 1: Introduction steps

Marc Grote

In this series, I will show you how to add Exchange Server 2007 SP1 (Beta), installed on Windows Server 2008 (also Beta). We talked about the steps needed to add the underlying operating system by only installing a minimum number of server roles and services. In the second part, we intend to introduce the installation and operation of a secure Exchange Server 2007 installation and the third part will cover how to secure secure client access from OWA, POP3 / MAP4. and how to combat viruses and spam.

Before we get started, we should note that this is an article based on the Beta version of Windows Server 2008 and Exchange Server 2007 SP1 and so may have new features added or minor changes. with the final version of these products.

This series will focus on some new features and topics related to Exchange Server 2007 and Windows Server 2008. If you want additional information about environment security, user guides. and more, can refer to some other articles.

Exchange Server 2007 and the terms

In Exchange 2003, the following security roles are provided through the Delegation utility in Exchange System Manager:

1. Full administrator rights
2. Exchange administrator
3. Administrators are only allowed to view

This model is relatively stable and does not provide deep access. This model of permissions is often a problem in large environments where it is absolutely necessary to distribute different administrative tasks to different users or groups without compromising security in Windows. Server 200x and Exchange Server 2007. Exchange Server 2007 has a completely different model of permissions. There are several new administrator roles similar to the security groups built into Windows Server and you can use the Exchange Management Console (EMC) or Exchange Management Shell (EMS) to view, add, and delete members. from any administrative role.

There are several other Exchange terms:

1. Global Data (Global Data)
2. Recipient Data (Recipient Data)
3. Server data (Server Data)

Global data (Global data)

Global Data (Global Data) is not associated with any specific Exchange Server and is stored in the Active Directory configuration section, the item is re-created in forest wide, so only trusted users can access it. this data.

Recipient Data (Recipient Data)

Recipient Data (Recipient Data) are recipients of Exchange Domain Active Directory. Recipient data includes activated user email, contact list, distribution groups and mailbox, .

Server data (Server Data)

Server data (Server Data) is the data of a certain Exchange in the Active Directory domain under some Exchange Server object. Some examples of this data are receive connectors (send connectors are forest wide), virtual directories, etc.

Exchange Server 2007 administrators

1. Organizational administrator
2. Administrator of the recipient
3. Administrators only view

Additions for Exchange Server 2007 - Part 1: Introduction steps Picture 1
Figure 1: Administrator of Exchange Server 2007

For an overview, we have used a different set of permissions permissions of different Exchange Server from the Microsoft TechNet website, which will tell you a lot about how to use different Exchange permissions.

Administrator role Member Member of the Exchange Administrator Terms of the Administrators organization, or the account used to install the first Exchange 2007 server Recipient Administrator

Internal group of Comprehensive Control for Microsoft Exchange entries in Active Directory Administrators who receive organizational administrators Administrators only see Comprehensive control over Exchange properties on Active Directory objects users Admin Server administrator Administrators organization Administrators only view

Internal group of Total Exchange Control Administrators only view the recipient Administrator

Exchange Server Administrator ( ) Administrator recipient

Exchange Server Administrator Allows reading Microsoft Exchange entries in Active Directory

Allows reading all Windows domains with ExchangeExchange Servers recipientsEach Exchange 2007 computer account Readers only

Table 1: Exchange Server 2007 permissions

Property sets in Exchange Server 2007

You can use the set of properties in Exchange Server 2007 for attribute grouping to enable access control for specific object properties. Property sets use a separate Access Control Entry (ACE) instead of ACE for each individual attribute.

Exchange Server 2007 creates two new attribute sets for itself and does not use existing Active Directory attribute sets. During Active Directory Schema extension, Exchange Server 2007 performs the following actions:

1. Expand the Active Directory schema with new classes and properties.
2. Create attribute sets for Exchange Server 2007, Exchange Information and Exchange Personal Information.
3. Add properties that match the property set of Exchange Information and Exchange Personal Information.

Role of Exchange server

Exchange Server 2007 has a new role. You can install five different Exchange Server 2007 roles. These roles are:

1. Mailbox server role
2. The Hub Transport server role
3. Client Access server role
4. Unified Messaging role server
5. Edge Transport server role

Each role performs some special functions and businesses can combine these roles on the same or on different computers. All roles can be combined without any exception. The Edge Transport Server role cannot be installed with other Exchange roles on the same machine. This problem is similar to the Active and Passive Exchange Cluster service node, but the Exchange Cluster function will not be included in the Exchange Server role category.

Exchange Server 2003 officially does not have an installed role, but you can configure one or more servers as Front End Server (like the Exchange Server 2007 CAS role). The server holds mailboxes and public folders in the Front End Server called Exchange Back End Server. With Exchange Server 2003, it is possible to configure Exchange Server as a server for routing mail only. This server does not have public mailboxes and databases but it is responsible for mail routing.

Additions for Exchange Server 2007 - Part 1: Introduction steps Picture 2
Figure 2: Exchange Server 2007 roles

Firewall

Windows Server 2008 firewall with advanced network connection is enabled for inbound and outbound connections by default. You can manually configure firewall port exceptions and programs are allowed to communicate with other hosts. The Security Configuration Wizard is the utility used in Windows Server 2003 SP1 that aims to establish a security configuration based on the role, which is responsible for creating exceptions based on the currently configured role. No longer used in Windows Server 2008.

Note :
Do not compare Windows Server 2008 Server Manager with Server Manager in Windows NT4. They are completely different programs.

Windows Server 2008 Server Manager is used to provide role-based security for installed Windows services and features, but we think Server Manager will be used in the future with problems. Role-based security for installed applications such as Microsoft SQL Server 200x and later versions. With the current version of Windows Server 2008 Beta and Beta for Exchange Server 2007 SP1, Exchange setup opens the necessary ports and programs depending on the Exchange role you install.

Additions for Exchange Server 2007 - Part 1: Introduction steps Picture 3
Figure 3: Windows Server 2008 Firewall

Exchange Server 2007 services are installed

Depending on the Exchange roles given during the installation, only the necessary services will be installed according to that option.

Additions for Exchange Server 2007 - Part 1: Introduction steps Picture 4
Figure 4: Exchange Server 2007 services on Windows Server 2008

Conclude

In this section, we discussed some of the additional methods under Windows Server 2008 and how some of the Exchange Server 2007 role-based installation roles are important throughout the solution. security solutions. We also introduced the new Exchange Server permissions model and installed Exchange Server 2007 services. In the second part of this article, I will continue the discussion about security in Exchange Server 2007 and the third part is how to secure client access to Exchange Server 2007 as well as some configuration changes. need to be done in the Exchange Server 2007 configuration.

Additions for Exchange Server 2007 - Part 1: Introduction steps Picture 5 Part 2: Default protection
Additions for Exchange Server 2007 - Part 1: Introduction steps Picture 6 Part 3: Email client access protection