You need to start with the Exchange install cd and then apply SP4 as far as I know (I had to do that but we were only on SP3 at that point). I thought there was something in the FAQ about this too? In one of the appendices maybe? Yup, here it is:
http://www.swinc.com/resource/exch_faq_appxg.htm Ronni > -----Original Message----- > From: Tony McCarthy [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 08, 2002 2:15 PM > To: Exchange Discussions > Subject: RE: OWA and IIS Security > > > > Thanks for the info. I'll have a go at installing OWA on the > web server I > think. I see IIS as a necessary evil. We're basically a Microsoft > environment here so since I have to use IIS for the web > server I may as well > install OWA on it as well. Do I just install the OWA > component from SP4? Any > other Exchange components required? > > Regards > Tony > > -----Original Message----- > From: Smith, Ronni [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 9 July 2002 8:49 a.m. > To: Exchange Discussions > Subject: RE: OWA and IIS Security > > 1) I think you can't really make anything bulletproof but > Microsoft has a > security tool that sets perms for an IIS server running OWA > to minimize > risk. Search for the "IIS security tool" or something like that. > > 2) Yes you can run OWA on a different server. I do that. I > have a cheapo > ex-desktop that runs IIS and OWA and that is it. But I don't > have very many > users on it either. Be aware that if you have the IIS server > in a DMZ then > you may have to open more holes in your firewall than you > would like. Some > folks recommend keeping the OWA server inside the firewall so > you don't have > to open more than 2 ports to it. This has been discussed on > the list in the > past. People can get somewhat passionate about their view on > the subject. > You might want to check the archives although I don't know > how well the > search feature is working right now. > > > -----Original Message----- > > From: Tony McCarthy [mailto:[EMAIL PROTECTED]] > > Sent: Monday, July 08, 2002 1:30 PM > > To: Exchange Discussions > > Subject: OWA and IIS Security > > > > > > Hi Everyone, > > > > Lately I've been noticing a number of attempts to hack one of > > our Exchange > > Servers. Our network is behind a Pix firewall and I've closed all > > unnecessary ports and have it fairly tightly locked down. > > However I have > > Port 80, 25 and 110 open for Exchange. My main concern is IIS. I am > > considering the possibility of disabling IIS and OWA on the > > Exchange server > > to minimize attacks. I have all the latest NT4 security > > patches (that I know > > of) but the hackers are still attempting to do mischief. > There are two > > things I'd like to know: - > > > > 1. Is there a means of making IIS bullet proof with a patch > > or 3rd party > > tool? > > > > 2. Is it possible to install the OWA component on a server > > that is running > > IIS but not Exchange? The reason I ask this is because we > > have a web server > > that's running IIS. I thought it may reduce the risk of > > attack if I remove > > IIS from the Exchange server and use our web server for OWA? > > I know this is > > probably a dumb question but I thought I'd ask it anyway. > > I've checked out > > the FAQ but couldn't find anything on this particular > > scenario. The Exchange > > server in question is running Exchange 5.5 and Nt4 (SP6). The > > web server is > > running W2K (SP2). > > > > I'd greatly appreciate feedback re this. > > > > Regards > > Tony > > > > Tony McCarthy > > Systems Engineer > > OSI Software Ltd > > Auckland > > New Zealand > > Ph:64 09 522 5909 > > Fax:64 09 522 5901 > > Mob: 021 703035 > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
