Additions for Exchange Server 2007 - Part 1: Introduction steps
In this series, I will show you how to add Exchange Server 2007 SP1 (Beta), installed on Windows Server 2008 (also Beta). We talked about the steps needed to add the underlying operating system by only installing a minimum number of server roles and services. In the second part, we plan to do it
Marc Grote
In this series, I will show you how to add Exchange Server 2007 SP1 (Beta), installed on Windows Server 2008 (also Beta). We talked about the steps needed to add the underlying operating system by only installing a minimum number of server roles and services. In the second part, we intend to introduce the installation and operation of a secure Exchange Server 2007 installation and the third part will cover how to secure secure client access from OWA, POP3 / MAP4. and how to combat viruses and spam.
Before we get started, we should note that this is an article based on the Beta version of Windows Server 2008 and Exchange Server 2007 SP1 and so may have new features added or minor changes. with the final version of these products.
This series will focus on some new features and topics related to Exchange Server 2007 and Windows Server 2008. If you want additional information about environment security, user guides. and more, can refer to some other articles.
Exchange Server 2007 and the terms
In Exchange 2003, the following security roles are provided through the Delegation utility in Exchange System Manager:
- Full administrator rights
- Exchange administrator
- Administrators are only allowed to view
This model is relatively stable and does not provide deep access. This model of permissions is often a problem in large environments where it is absolutely necessary to distribute different administrative tasks to different users or groups without compromising security in Windows. Server 200x and Exchange Server 2007. Exchange Server 2007 has a completely different model of permissions. There are several new administrator roles similar to the security groups built into Windows Server and you can use the Exchange Management Console (EMC) or Exchange Management Shell (EMS) to view, add, and delete members. from any administrative role.
There are several other Exchange terms:
- Global Data (Global Data)
- Recipient Data (Recipient Data)
- Server data (Server Data)
Global data (Global data)
Global Data (Global Data) is not associated with any specific Exchange Server and is stored in the Active Directory configuration section, the item is re-created in forest wide, so only trusted users can access it. this data.
Recipient Data (Recipient Data)
Recipient Data (Recipient Data) are recipients of Exchange Domain Active Directory. Recipient data includes activated user email, contact list, distribution groups and mailbox, .
Server data (Server Data)
Server data (Server Data) is the data of a certain Exchange in the Active Directory domain under some Exchange Server object. Some examples of this data are receive connectors (send connectors are forest wide), virtual directories, etc.
Exchange Server 2007 administrators
- Organizational administrator
- Administrator of the recipient
- Administrators only view
Figure 1: Administrator of Exchange Server 2007
For an overview, we have used a different set of permissions permissions of different Exchange Server from the Microsoft TechNet website, which will tell you a lot about how to use different Exchange permissions.
Administrator role Member Member of the Exchange Administrator Terms of the Administrators organization, or the account used to install the first Exchange 2007 server Recipient Administrator
Internal group of Comprehensive Control for Microsoft Exchange entries in Active Directory Administrators who receive organizational administrators Administrators only see Comprehensive control over Exchange properties on Active Directory objects users Admin Server administrator Administrators organization Administrators only view
Internal group of Total Exchange Control Administrators only view the recipient Administrator
Exchange Server Administrator ( ) Administrator recipient
Exchange Server Administrator Allows reading Microsoft Exchange entries in Active Directory
Allows reading all Windows domains with ExchangeExchange Servers recipientsEach Exchange 2007 computer account Readers only
Table 1: Exchange Server 2007 permissions
Property sets in Exchange Server 2007
You can use the set of properties in Exchange Server 2007 for attribute grouping to enable access control for specific object properties. Property sets use a separate Access Control Entry (ACE) instead of ACE for each individual attribute.
Exchange Server 2007 creates two new attribute sets for itself and does not use existing Active Directory attribute sets. During Active Directory Schema extension, Exchange Server 2007 performs the following actions:
- Expand the Active Directory schema with new classes and properties.
- Create attribute sets for Exchange Server 2007, Exchange Information and Exchange Personal Information.
- Add properties that match the property set of Exchange Information and Exchange Personal Information.
Role of Exchange server
Exchange Server 2007 has a new role. You can install five different Exchange Server 2007 roles. These roles are:
- Mailbox server role
- The Hub Transport server role
- Client Access server role
- Unified Messaging role server
- Edge Transport server role
Each role performs some special functions and businesses can combine these roles on the same or on different computers. All roles can be combined without any exception. The Edge Transport Server role cannot be installed with other Exchange roles on the same machine. This problem is similar to the Active and Passive Exchange Cluster service node, but the Exchange Cluster function will not be included in the Exchange Server role category.
Exchange Server 2003 officially does not have an installed role, but you can configure one or more servers as Front End Server (like the Exchange Server 2007 CAS role). The server holds mailboxes and public folders in the Front End Server called Exchange Back End Server. With Exchange Server 2003, it is possible to configure Exchange Server as a server for routing mail only. This server does not have public mailboxes and databases but it is responsible for mail routing.
Figure 2: Exchange Server 2007 roles
Firewall
Windows Server 2008 firewall with advanced network connection is enabled for inbound and outbound connections by default. You can manually configure firewall port exceptions and programs are allowed to communicate with other hosts. The Security Configuration Wizard is the utility used in Windows Server 2003 SP1 that aims to establish a security configuration based on the role, which is responsible for creating exceptions based on the currently configured role. No longer used in Windows Server 2008.
Note :
Do not compare Windows Server 2008 Server Manager with Server Manager in Windows NT4. They are completely different programs.
Windows Server 2008 Server Manager is used to provide role-based security for installed Windows services and features, but we think Server Manager will be used in the future with problems. Role-based security for installed applications such as Microsoft SQL Server 200x and later versions. With the current version of Windows Server 2008 Beta and Beta for Exchange Server 2007 SP1, Exchange setup opens the necessary ports and programs depending on the Exchange role you install.
Figure 3: Windows Server 2008 Firewall
Exchange Server 2007 services are installed
Depending on the Exchange roles given during the installation, only the necessary services will be installed according to that option.
Figure 4: Exchange Server 2007 services on Windows Server 2008
Conclude
In this section, we discussed some of the additional methods under Windows Server 2008 and how some of the Exchange Server 2007 role-based installation roles are important throughout the solution. security solutions. We also introduced the new Exchange Server permissions model and installed Exchange Server 2007 services. In the second part of this article, I will continue the discussion about security in Exchange Server 2007 and the third part is how to secure client access to Exchange Server 2007 as well as some configuration changes. need to be done in the Exchange Server 2007 configuration.
You should read it
- Switch from Exchange 2000/2003 to Exchange Server 2007 (part 1)
- Learn about Permission and Role Based Access Control - RBAC part 2
- Analysis of disaster recovery perspective and high availability of Exchange Server
- Learn about Permission and Role Based Access Control - RBAC (part 1)
- Transfer Exchange 2003 to Exchange 2007 (Part 1)
- Introducing Exchange Server 2019, how to install Exchange Server 2019
- Transfer from Linux Mail Server to Exchange Server 2007 (Part 1)
- Discover EMC in Exchange Server 2010 (Part 2)
- Exchange Server 2007's spam filtering feature does not need the Exchange Server 2007 Edge Server
- Transfer Exchange 2003 to Exchange 2007 (Part 2)
- Installing and configuring Exchange 2007 from the command line utility - Part 3
- 6 leading Exchange Server monitoring software
Maybe you are interested
Why don't traffic lights in the US have a second counter? Facebook develops devices that turn thoughts into text, words 18 extremely creative advertising ideas that impress at first sight 30 creative templates make viewers unable to take their eyes off 20 impressive ads where creators can read our thoughts 17 'impressive' advertising ideas on social networks