How can we secure Exchange 2007 server? This settings we can consider for Exchange 2007 baseline security.
Here is the one option.
WSS and UNC provided file share access for mobile devices. If the functionality is not needed by mobile users then it should be disabled to reduced Exchanges attack surface and exposure to internal file shares.
How to implement
Open the Exchange Management Console, perform the following steps:
– Microsoft Exchange Organization Configuration –> Client Access –>Exchange ActiveSync Mailbox Policies
– Right Click on <name> Policy, Select Properties
– General Tab WSS/UNC Access Windows File Shares: Unchecked
Windows SharePoint Services : Unchecked
- Open the Exchange Management Shell, perform the following:
Set-ActiveSyncMailboxPolicy –identity <name> -WSSAccessEnabled $false -UNCAccessEnabled $false
Reports are the greate companion in my sccm journey. Through the below reports we can easily identify the windows /software updates status on sccm clients.
Report 1Enforcement state for deployment : Will give following status
Failed to install upates
Pending system restart
Report 2 – Evaluation state of deploymnet
Evaluation state unknown
Report 3 -Compliance 1- overall compliance
This report will give the full windows update details by client by client.
What is scavenging in DNS Server?
Removing stale records from DNS database based on the refresh interval and no-refresh interval settings in Aging tab.
How to configure Scavenging in DNS Server?
Properties of the zone—> Aging Tab—> select the box scavenge stale resource record. and configure the proper refresh interval and no refresh interval.
For example: Refresh Interval – 7 days.
No-refresh interval – 8 dyas. In this case scavenging will happen every 15 days.
How to find out Scavenging is working properly or not?
Check the Event ID 2501 in Event viewr. In this id you can see the status of scavenging.
Please note that if you create a DNS record on the console manually and this record will not be eligible for scavenging process. However if a client sends a dynamic update (or maybe the DHCP server) for the record you created manually, the record will become a dynamic record.
For manual creted record there will not be any time stamp.