Re: Security issue with MS Exchange and Windows 2003 Server


"ITTester" <ITTester@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C71AFADC-ECF4-4D0D-BF76-A5561135951F@xxxxxxxxxxxxxxxx

> I install my W2K3 on the server w/o internet connection. upon finshed, I
> created 2 local users (AVS and Debug) which will be use as av services
> account and logon user.
>
> Install avast server version

> run pre-boot scan.

No manual AV scans are necessary at this point... unless you're talking
about the normal short check that AV products do by themselves automatically
during system boot up.

> Install rmonit, starter and erunt to protect registry changes and control
> startup process. create a backup of registry using erunt.

Not necessary. If you really want to do this, I would do this after the
system is fully set up to avoid hassles when the initial Microsoft patches
make registry changes.

> Connect to internet. update virus def.

> Disconnect from internet and run a
> second scan on safe mode (F8).

Not necessary.

> If result are correct then I connect back to internet and run windows
> update
> by using www.microsoft.com/update/
>
> Once all security patches and SP1 for server and SP2 for XP, then I make a
> port scan to see if any unsafe ports are open.

Not necessary. If you really want to do this, I would do this after the
system is fully set up.

> Once above done, I assign a lan static ip to the new serevr (dhcp for xp)
> and attached the server to the production lan and network as member
> server.
>
> promote the new server to DC but not primary DC as I am not sure about
> mails
> server.

AD doesn't have primary DCs, all equal peers. The five FSMO roles don't
really count as being a primary DC, and they can and should be spread across
multiple DCs anyways instead of all on one DC. See my post in
microsoft.public.security.

> once AD is replcate to the new Dc, I disconnect the new DC.

I may have neglected to mention: you really want to make sure you transfer
the FSMO roles off of the old DC before you retire it, or else you'll have
to seize the FSMO roles and risk problems. Google has instructions if
necessary.



.

Relevant Pages

  • Re: Installation of 2003 SP2 ip address/gateway question
    ... The OEM 'reseal' procedure causes the original server name to differ from ... having diffuculties setting up internet and email accounts. ... NICs and ISA ... Plan to install SBS three times to ensure you've gotten the ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA: no items to be displayed
    ... (it will also be installed if you install ISA 2000 FP1). ... Clear the server and client cache. ... Open Internet Information Service Manager. ... Right-click the Default Web Site, ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA issues
    ... When your client trying to browse the OWA from the Internet, ... Clear the server and client cache. ... Apply 831464 hot fix (do not install it if you have Exchange Server ... Right-click the Default Web Site, ...
    (microsoft.public.exchange.admin)
  • RE: Problems with Permissions
    ... we recommend that you to install Firewall Client on each client ... computer in order to access the Internet. ... and then click Server Management. ...
    (microsoft.public.windows.server.sbs)
  • Re: XP Home - IE - AOL - Security settings
    ... replaces the page from which we invoke the secure session. ... don't think that the server on the other end is isn't even touched. ... Tools - Internet Opt - cleared cookies, ... Doesn't install any ...
    (microsoft.public.windowsxp.basics)