Friday, December 17, 2010

How to Register Exchange 2007/2010 Server Roles with Security Configuration Wizard(SCW)

The Security Configuration Wizard(SCW) automates security best practices to reduce the attack surface for a server. The Exchange Server role extensions enable you to use the Security Configuration Wizard(SCW) to create a security policy that is specific to the functionality that is required for each

Microsoft Exchange server role. The extensions are provided with Exchange 2007 and must be registered before you can create a custom security policy.

Step 1. Install an Exchange server role\roles.Install the Security Configuration Wizard(SCW) you will find it in Control Panel-->Add/Remove Programs-->Add/Remove Windows Components-->select Security Configuration Wizard and click next

Note:You must perform the registration procedure on each Exchange 2007 server to which you want to apply an  Security Configuration Wizard security policy.

Step 2.To do this step you must be memeber of Local Administrators on the Exchange Server you want to apply the security policy and Exchange Server Administrator .On a server with the Edge Transport Role installed you need to be member of Local Administrators.open cmd and type:

scwcmd register /kbname:Ex2007KB /kbfile:"C:\Program Files\
Microsoft\Exchange Server\scripts\Exchange2007.xml"



Note:the command above works on Windows Server 2003-based or Windows Server 2003 
R2-based computer that is running the Mailbox, Hub Transport, Unified Messaging, or Client Access server role.

scwcmd register /kbname:Ex2007EdgeKB /kbfile:"C:\Program Files\
Microsoft\Exchange Server\scripts\Exchange2007Edge.xml"
 
Note:the command above works on Windows Server 2003-based or Windows Server 2003 R2-based computer that is running Edge Transport Server role.

Step 3. To verify that the command has completed successfully  examine the SCWRegistrar_log.xml  file that is located in the C:\Windows\Security\Msscw\Logs folder

Step2 For Windows Server 2008-based computer that is running the Mailbox, Hub Transport, Unified Messaging, or Client Access server role is like this:

scwcmd register /kbname:Ex2007KB /kbfile:C:\Program Files\
 Microsoft\Exchange Server\scripts\Exchange2007_WinSrv2008.xml"

For Windows Server 2008-based computer that is running the Edge Transport server role is like this:

scwcmd register /kbname:Ex2007EdgeKB /kbfile:"C:\Program Files\ 
Microsoft\Exchange Server\scripts\Exchange2007Edge_WinSrv2008.xml"

Note:Step1. and Step3 are the same as for Server 2003-based or Windows Server 2003 R2-based computers

Hope this helped you.Thanks for reading.

No comments:

Post a Comment