How to Register Exchange 2007/2010 Server Roles with Security Configuration Wizard(SCW)

The Security Configuration Wizard(SCW) automates security best practices to reduce the attack surface for a server. The Exchange Server role extensions enable you to use the Security Configuration Wizard(SCW) to create a security policy that is specific to the functionality that is required for each

Microsoft Exchange server role. The extensions are provided with Exchange 2007 and must be registered before you can create a custom security policy.

Step 1. Install an Exchange server role\roles.Install the Security Configuration Wizard(SCW) you will find it in Control Panel-->Add/Remove Programs-->Add/Remove Windows Components-->select Security Configuration Wizard and click next

Note:You must perform the registration procedure on each Exchange 2007 server to which you want to apply an  Security Configuration Wizard security policy.

Step 2.To do this step you must be memeber of Local Administrators on the Exchange Server you want to apply the security policy and Exchange Server Administrator .On a server with the Edge Transport Role installed you need to be member of Local Administrators.open cmd and type:

scwcmd register /kbname:Ex2007KB /kbfile:"C:\Program Files\
Microsoft\Exchange Server\scripts\Exchange2007.xml"

Note:the command above works on Windows Server 2003-based or Windows Server 2003 
R2-based computer that is running the Mailbox, Hub Transport, Unified Messaging, or Client Access server role.

scwcmd register /kbname:Ex2007EdgeKB /kbfile:"C:\Program Files\

Microsoft\Exchange Server\scripts\Exchange2007Edge.xml"

Note:the command above works on Windows Server 2003-based or Windows Server 2003 R2-based computer that is running Edge Transport Server role.

Step 3. To verify that the command has completed successfully  examine the SCWRegistrar_log.xml  file that is located in the C:\Windows\Security\Msscw\Logs folder

Step2 For Windows Server 2008-based computer that is running the Mailbox, Hub Transport, Unified Messaging, or Client Access server role is like this:

scwcmd register /kbname:Ex2007KB /kbfile:C:\Program Files\

 Microsoft\Exchange Server\scripts\Exchange2007_WinSrv2008.xml"

For Windows Server 2008-based computer that is running the Edge Transport server role is like this:

scwcmd register /kbname:Ex2007EdgeKB /kbfile:"C:\Program Files\ 

Microsoft\Exchange Server\scripts\Exchange2007Edge_WinSrv2008.xml"

Note:Step1. and Step3 are the same as for Server 2003-based or Windows Server 2003 R2-based computers

Hope this helped you.Thanks for reading.

How to Install first Exchange 2007 Server from the command line

Before you install Exchange Server 2007/2010 verify that you have Windows Server 2003 at least sp1 or Windows Server 2003 R2 with sp1.You have installed MMC 3.0(Microsoft Management Console), .Net Frameworks 2.0 and Windows Power Shell.The SMTP and NNTP services must NOT be installed.
Note:
For Mailbox Server Role you need IIS 6.0 installed and COM+Access and World Wide Service components active + the things needed for a tipical install.
For Client Access Server Role you need  IIS 6.0 installed and World Wide Service,RPC over HTTP and Asp.NET 2.0  components active + the things needed for a tipical install.
For Unified Messaging Server Role you need Microsoft Windows Media Encoder,Microsoft Windows Media Audio Voice codec,Microsoft Core XML Services (MSXML 6.0)+ the things needed for a tipical install.
For Hub Transport role you need nothing more.
For Edge Transport you need Active Directory Application Mode (ADAM) installed on a stand alone server which is not part of the domain and is located in a dmz or perimeter network.

1.Open cmd and navigate where your Exchange setup folder is or if you have it on cd navigate from cmd in that folder.
2.now type: setup /PrepareAD
3.setup /mode:install /roles:MailBox /OrganizationName exmydomainname
Note:If you want to specify more roles type like this:

setup /mode:install /roles:MailBox,ClientAccess,HubTransport,ManagementTools  /OrganizationName exmydomainname

Note: the prepare AD command must be run in the same site with your domain's Schema Master Server and you must be a member of Enterprise Administrators and Schema Administartors Active Directory groups to run this commands.If there are errors verify your Event Viewer -> Application Log to view them.

Hope this helped you.Thanks for reading.