Overview of Security-Enhanced Settings in the Default Configuration of Exchange Server 2003 (818474)

MORE INFORMATION

The following is a list of the changes to security settings that apply when you run Exchange Server 2003 Setup to perform a new installation of Exchange Server 2003. The list also contains information about whether these out-of-the-box settings apply when you perform an upgrade installation of Exchange Server 2003:

• For both new and upgrade installations of Exchange Server 2003, members of the Builtin\Users group do not have the user right to log on locally to the Exchange Server 2003 computer. When you install Exchange Server 2003 on a member server, Exchange Server 2003 Setup removes the Builtin\Users group from the Log on locally policy setting for the local computer. As a result, authenticated users cannot log on locally to the Exchange Server 2003 computer.
  
  Note that the Builtin\Users group is already removed from the Log on locally policy setting on a domain controller.
• If global message size limits are not already configured, the default maximum size limits for sending and for receiving individual messages are set to 10 megabytes (MB).
  
  These settings apply to the first installation of Exchange Server 2003, regardless of whether you upgrade to Exchange Server 2003, perform a new installation of Exchange Server 2003 in a new organization, or add a new Exchange Server 2003 computer to an existing Exchange organization.
• If the maximum item size for public folders is not already configured, the default maximum item size for public folders is set to 10 MB.
  
  This setting applies to both new and upgrade installations of Exchange Server 2003.
• By default, in a new installation of Exchange Server 2003, the Microsoft Exchange POP3 service, the Microsoft Exchange IMAP4 service, and the Network News Transfer Protocol (NNTP) service are disabled.
  
  When you upgrade to Exchange Server 2003 from Exchange 2000 Server, your existing settings for these services are preserved.
  
  By default, when you run Exchange Server 2003 in a cluster environment, the IMAP4, the POP3, and the NNTP cluster resources are not created when you create an Exchange Server 2003 virtual server. If you want to use these services on a cluster, you must start the appropriate service (the Exchange IMAP4 service, the Exchange POP3 service, and the Network News Transfer Protocol [NNTP] service) on the cluster node, and then manually create the resources by using the Cluster Administrator tool.
• By default, in a new installation of Exchange Server 2003, the default POP3 virtual server, the default IMAP4 virtual server, and the default NNTP virtual server are configured to use both basic authentication and integrated Windows authentication. Anonymous access is disabled.
  
  When you upgrade to Exchange Server 2003, your existing virtual server settings are preserved in most scenarios. However, there is an exception when you upgrade an Exchange 2000 Server front-end server to Exchange Server 2003. In this scenario, the default IMAP4 virtual server and the default POP3 virtual server are both configured to only use basic authentication.
• By default, in Exchange Server 2003, Microsoft Outlook Mobile Access (OMA) Browse is disabled.
  
  This setting applies to the first installation of Exchange Server 2003, regardless of whether you upgrade to Exchange Server 2003, perform a new installation of Exchange Server 2003 in a new organization, or add a new Exchange Server 2003 computer to an existing Exchange Server 2003 organization.
• The Everyone group and the Anonymous Logon group are not assigned the "Create top level folder permissions" permissions to public folders. If these permissions are already configured, Setup removes them.