SCW for Exchange Server 2007 – Part I
What is the Security Configuration Wizard (SCW)?
The Security Configuration Wizard is a security tool that reduces the attack surface of an Exchange server by disabling unnecessary services, ports, features, and programs. Additionally, the wizard configures auditing and the Windows Firewall, secures network interfaces, and more. In doing so, we further secure a server to provide a more secure, stable, Windows environment.
The SCW is a straightforward interface that takes much of the guesswork out of securing an Exchange 2007 server.
The SCW is a feature of Windows Server 2003 SP1, but isn’t installed by default, nor is it aware of Exchange Server. However, we can get it installed and it can be easily extended to support Exchange Server 2007.
Installing the SCW in Windows
After ensuring that your Windows Server 2003 box has Service Pack 1 for the operating system installed, getting the SCW installed is quite easy. Click Start > All Programs > Control Panel > Add/Remove Programs > Windows Components. Scroll down and check the box for Security Configuration Wizard as seen in Figure A.
Click Next, then Finish when the installation is done.
You’ll notice that there is a shortcut to the help info placed on the desktop of the server. You should look through this information as it will prove beneficial to securing your server.
Registering the Exchange 2007 XML files
Once the SCW is installed, the configuration files for Exchange Server 2007 need to be registered. As mentioned previously, the SCW isn’t aware of Exchange 2007, so we register some XML files to add the configuration settings into the SCW.
When Exchange Server 2007 is installed, the default XML configuration files are copied to the \scripts folder of the Exchange Server installation point. Setup then backs up the default XML files using .bak extensions, then creates copies that are specific to the installation on that server. That way, the XML files contain the correct paths to service related files. By default, the scripts folder is c:\Program Files\Microsoft\Exchange Server\scripts. We’ll use that path in our examples.
There are two methods to registering the XML files. The first is a manual process from a command prompt. The second is by running a simple PowerShell command. I’ll show both versions here. They both accomplish the same task, so take your pick as to which to perform.
For the command prompt method, open a command prompt and type
scwcmd register /kbname:Ex2007KB /kbfile:"%programfiles%\Microsoft\Exchange Server\scripts\Exchange2007.xml"
And press Enter as seen in Figure B below.
For servers holding the Edge Transport role, register the Exchange2007Edge.xml file using
scwcmd register /kbname:Ex2007EdgeKB /kbfile:"%programfiles%\Microsoft\Exchange Server\scripts\Exchange2007Edge.xml"
Simple enough, right? Well, the PowerShell method is even easier. Here’s how we can get the XML files registered in PowerShell:
Open the Exchange Management Shell, and navigate to the scripts folder, which by default, as mentioned previously, is \Program Files\Microsoft\Exchange Server\Scripts.
From there, type
This script is fairly intelligent and will figure out what roles the server holds and register the appropriate XML file. If you need to unregister the XML file, you can simply run
In this part, we’ve installed the Security Configuration Wizard, and we’ve registered the Exchange 2007 specific XML files. In the next part, we’ll create and apply a policy.
Got a question? Post it on our Exchange Server Forums!
More in Exchange Server
M365 Changelog: Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail to be retired
May 24, 2022 | Petri Staff
M365 Changelog: (Updated) Microsoft Defender for Office 365: Updates to URL Protection Report
May 24, 2022 | Petri Staff
M365 Changelog: Safe Links Global Settings Migrated to Custom Policies
May 20, 2022 | Petri Staff
Microsoft to Ship Some Exchange Server Security Updates in .EXE Packages
May 11, 2022 | Rabia Noureen
M365 Changelog: Exchange Transport Rule Report moving to the new Exchange Admin Center (EAC) from the Security and Compliance Center
Apr 22, 2022 | Petri Staff
Hive Ransomware Group Attacks Vulnerable Microsoft Exchange Servers
Apr 22, 2022 | Rabia Noureen
Most popular on petri