From: Beauford, Jason (jbeauford@EightInOnePet.com)
Date: Tue May 24 2005 - 14:38:07 EDT
Within ADSIEdit, I found some interesting Exchange settings. Not sure
if anything there can help you.
JMB
-----Original Message-----
From: Sullivan Tim P [mailto:tim@nativemode.com]
Sent: Tuesday, May 24, 2005 2:01 AM
To: Petr.Kazil@eap.nl; pen-test@securityfocus.com
Subject: RE: Exchange mail server settings - easy dump possible?
Not that I know of.
Since securing exchange relies on file permissions, services, registry
settings, and proper server configuration, I would think it would be
hard to just dump all of the settings to a file for reimporting later.
Especially when AD and the server name are all intertwined as well.
Normally policies in exchange would be setup to allow you to standardize
some settings across your exchange environment, and GPO's would be used
to further standardize.
But its not really meant to go from lab to production.
Tim
-----Original Message-----
From: Petr.Kazil@eap.nl [mailto:Petr.Kazil@eap.nl]
Sent: Monday, May 23, 2005 9:58 AM
To: pen-test@securityfocus.com
Subject: Exchange mail server settings - easy dump possible?
I've been playing with a trial version of Exchange Server 2003. Using
the NIST, NSA and Microsoft security guidelines I'm getting a better
idea of the relevant security settings. But it's a pain to click through
all the relevant screens in the System Manager GUI.
Is there a tool that dumps all the settings in one readable text file -
for example like Dumpsec ? I haven't been able to find it yet.
I have found and used the Exchange Best Practices Analyzer Tool, and it
works fine and covers some of the relevant settings but (AFAIK) not all
of them.
Or are the settings stored in the registry, a config file or an XML-file
with settings somewhere? I'm reluctant to try scripting, because I fear
that the learning curve will be steep (I know VBscript but not the
WMI/API interfaces I would probably need).
I will search through my old WindowsITPro magazines and probably it will
be in here somewhere ...
Thanks for any suggestions.
Petr
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:21 EDT