Penetration Testing mailing list archives

RE: Exchange mail server settings - easy dump possible?

From: "Makousky, Steve C" <SMAKOUS1 () Fairview org>
Date: Tue, 24 May 2005 13:27:42 -0500

If you used a policy compliance tool you could setup a baseline server
and check all other servers against that one.  If the tool had
remediation you could fix servers that fell out of compliance.

Pedestal has a tool called SecureExpressions.  Very nice tool!
www.pedestal.com

Steve Makousky

 

-----Original Message-----
From: Sullivan Tim P [mailto:tim () nativemode com] 
Sent: Tuesday, May 24, 2005 1:01 AM
To: Petr.Kazil () eap nl; pen-test () securityfocus com
Subject: RE: Exchange mail server settings - easy dump possible?

Not that I know of.

Since securing exchange relies on file permissions, services, registry
settings, and proper server configuration, I would think it would be
hard to just dump all of the settings to a file for reimporting later.
Especially when AD and the server name are all intertwined as well.

Normally policies in exchange would be setup to allow you to standardize
some settings across your exchange environment, and GPO's would be used
to further standardize.

But its not really meant to go from lab to production.

Tim 

-----Original Message-----
From: Petr.Kazil () eap nl [mailto:Petr.Kazil () eap nl]
Sent: Monday, May 23, 2005 9:58 AM
To: pen-test () securityfocus com
Subject: Exchange mail server settings - easy dump possible?


I've been playing with a trial version of Exchange Server 2003.
Using the NIST, NSA and Microsoft security guidelines I'm getting a
better idea of the relevant security settings.
But it's a pain to click through all the relevant screens in the System
Manager GUI.

Is there a tool that dumps all the settings in one readable text file -
for example like Dumpsec ?
I haven't been able to find it yet.

I have found and used the Exchange Best Practices Analyzer Tool, and it
works fine and covers some of the relevant settings but (AFAIK) not all
of them.

Or are the settings stored in the registry, a config file or an XML-file
with settings somewhere?
I'm reluctant to try scripting, because I fear that the learning curve
will be steep (I know VBscript but not the WMI/API interfaces I would
probably need).

I will search through my old WindowsITPro magazines and probably it will
be in here somewhere ...

Thanks for any suggestions.
Petr

Current thread:

RE: Exchange mail server settings - easy dump possible? Sullivan Tim P (May 24)
- <Possible follow-ups>
- RE: Exchange mail server settings - easy dump possible? Jörg H . Schauff (May 24)
- RE: Exchange mail server settings - easy dump possible? Makousky, Steve C (May 24)
- RE: Exchange mail server settings - easy dump possible? Beauford, Jason (May 24)