RE: Exchange mail server settings - easy dump possible?

From: Makousky, Steve C (SMAKOUS1@Fairview.org)
Date: Tue May 24 2005 - 14:27:42 EDT

• Next message: Beauford, Jason: "RE: Exchange mail server settings - easy dump possible?"
• Previous message: Alfred Huger: "Volunteer moderator needed"
• Maybe in reply to: Petr.Kazil@eap.nl: "Exchange mail server settings - easy dump possible?"
• Next in thread: Beauford, Jason: "RE: Exchange mail server settings - easy dump possible?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you used a policy compliance tool you could setup a baseline server
and check all other servers against that one. If the tool had
remediation you could fix servers that fell out of compliance.

Pedestal has a tool called SecureExpressions. Very nice tool!
www.pedestal.com

Steve Makousky

-----Original Message-----
From: Sullivan Tim P [mailto:tim@nativemode.com]
Sent: Tuesday, May 24, 2005 1:01 AM
To: Petr.Kazil@eap.nl; pen-test@securityfocus.com
Subject: RE: Exchange mail server settings - easy dump possible?

Not that I know of.

Since securing exchange relies on file permissions, services, registry
settings, and proper server configuration, I would think it would be
hard to just dump all of the settings to a file for reimporting later.
Especially when AD and the server name are all intertwined as well.

Normally policies in exchange would be setup to allow you to standardize
some settings across your exchange environment, and GPO's would be used
to further standardize.

But its not really meant to go from lab to production.

Tim

-----Original Message-----
From: Petr.Kazil@eap.nl [mailto:Petr.Kazil@eap.nl]
Sent: Monday, May 23, 2005 9:58 AM
To: pen-test@securityfocus.com
Subject: Exchange mail server settings - easy dump possible?

I've been playing with a trial version of Exchange Server 2003.
Using the NIST, NSA and Microsoft security guidelines I'm getting a
better idea of the relevant security settings.
But it's a pain to click through all the relevant screens in the System
Manager GUI.

Is there a tool that dumps all the settings in one readable text file -
for example like Dumpsec ?
I haven't been able to find it yet.

I have found and used the Exchange Best Practices Analyzer Tool, and it
works fine and covers some of the relevant settings but (AFAIK) not all
of them.

Or are the settings stored in the registry, a config file or an XML-file
with settings somewhere?
I'm reluctant to try scripting, because I fear that the learning curve
will be steep (I know VBscript but not the WMI/API interfaces I would
probably need).

I will search through my old WindowsITPro magazines and probably it will
be in here somewhere ...

Thanks for any suggestions.
Petr

• Next message: Beauford, Jason: "RE: Exchange mail server settings - easy dump possible?"
• Previous message: Alfred Huger: "Volunteer moderator needed"
• Maybe in reply to: Petr.Kazil@eap.nl: "Exchange mail server settings - easy dump possible?"
• Next in thread: Beauford, Jason: "RE: Exchange mail server settings - easy dump possible?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:21 EDT