Conrad H Agramont Jr Timothy Blum Kevvie Fowler Raymond Arthur Gabriel Twan Grotenhuis K Brian Kelley Matt Shepherd Robert McLaws Henrik Walther Gene Whitley This page intentionally left blank Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) not guarantee or warrant the results to be obtained from the Work There is no guarantee of any kind, expressed or implied, regarding the Work or its contents The Work is sold AS IS and WITHOUT WARRANTY You may have other legal rights, which vary from state to state In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents Because some states not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc “Syngress: The Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc Brands and product names mentioned in this book are trademarks or service marks of their respective companies PUBLISHED BY Syngress Publishing, Inc Elsevier, Inc 30 Corporate Drive Burlington, MA 01803 The Best Damn Exchange, SQL and IIS Book Period Copyright © 2007 by Elsevier, Inc All rights reserved Printed in the United States of America Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication Printed in the United States of America ISBN 13: 978-1-59749-219-5 Publisher: Amorette Pedersen Acquisitions Editor: Andrew Williams Project Manager: Greg deZarn-O’Hare Page Layout and Art: SPi Copy Editor: Mike McGee, Darlene Bordwell, and Judy Eby For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights, at Syngress Publishing; email m.pedersen@elsevier.com This page intentionally left blank Technical Editors Rodney Buike (MCSE) is an IT Pro Advisor with Microsoft Canada As an IT Pro Advisor, Rodney spends his day helping IT professionals in Canada with issues and challenges they face in their environment and careers He also advocates for a stronger community presence and shares knowledge through blogging, podcasts, and in-person events Rodney’s specialties include Exchange Server, virtualization, and core infrastructure technologies on the Windows platform Rodney worked as a LAN administrator, system engineer, and consultant and has acted as a reviewer on many popular technical books Rodney is also the founder and principal content provider for Thelazyadmin.com and a former author for MSExchange.org Rodney enjoys all his personal and professional activities and is up-front about the support he gets from his family and especially his wife, Lisa Without her support, what he does would not be possible Kirk Vigil (MCSE, MCSA), coauthor of MCSA/MSCE Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure and How to Cheat at Managing Windows Server Update Services is a senior systems consultant for NetBank, Inc in Columbia, SC He has worked in the IT integration industry for over 13 years, specializing in Microsoft messaging and network operating system infrastructures He has worked with Microsoft Exchange since its inception and continues to focus on its advancements with the current release of Exchange 2007 as well as its integration with the Windows Server line of products Kirk holds a bachelor’s degree from the University of South Carolina He also works as an independent consultant for a privately owned integration company, lending technical direction to local business practices He is a contributing author to Microsoft Certified Professional Magazine Kirk would first like to thank God, for without Him nothing is possible Kirk would also like to thank his beautiful girlfriend, Kimberley Paige, for her continued and loving support as Kirk’s takes on more “bookwork” as she likes to call it She is irreplaceable and loved very much Kirk thanks his family for their unconditional love and support Lastly, Kirk is grateful to the owners, editors, and writers of Syngress/Elsevier Publishing for the opportunity to continue working with them as a technical writer/editor v Robert J Shimonski (MCSE) is an Entrepreneur and best-selling author and editor of hundreds of published books and thousands of magazine and industry articles Rob consults within today’s most challenging business and technology environments and brings frontline industry knowledge to the reader in every page he writes Rob is always on top of the latest trends and reporting the state of the business and technology industry from a real-world perspective As of the writing of this book, Rob is currently on assignment testing and developing secure Vista images and designing a Longhorn upgrade for a large global firm Mark Horninger (A+, Net+, Security+, MCSE+I, MCSD, MCAD, MCDBA, MCTS, MCITP, MCPD) is president and founder of Haverford Consultants Inc (www.haverfordconsultants.com), located in the suburbs of Philadelphia, PA He develops custom applications and system engineering solutions, specializing primarily in Microsoft Net Technology and Microsoft SQL Server He was a contributing author to Configuring and Troubleshooting Windows XP Professional; MCSA/MCSE Exam 70-292 Study Guide & DVD Training System: Managing and Maintaining a Windows Server 2003 Environment for an MCSA Certified on Windows 2000; and Designing SQL Server 2000 Databases for NET Enterprise Servers, all of which were published by Syngress, an imprint of Elsevier Inc Mark is also an adjunct professor teaching Web design at Kaplan University Mark has over 15 years of computer consulting experience and has passed 50+ Microsoft Certification Exams He lives with his wife, Debbie, and son, Robby, in the Philadelphia area Mark would like to thank his wife, Debbie, for her infinite patience, love, and support during this project Chris Adams is a Program Manager for Microsoft Corp Focused heavily on “customer experience,” Chris spends his time working closely with customers to ensure that their voices are heard for current and shipped products He spends most of his time focusing on building and reviewing technical content for IIS, working with IIS most valuable professionals (MVPs), and spearheading new and exciting programs to best reach customers for the IIS team Chris has owned such things as www.iis.net, the IIS Webcast Series, and the IIS Diagnostics Tools releases while at Microsoft Chris was formally a Microsoft Product Support Services (PSS) engineer, technical lead, and supportability lead for the IIS product and has deep technical experience in the use and functionality of IIS 4.0, 5.0, 5.1, 6.0, and 7.0 Chris is currently Microsoft certified as an MCP, MCSA, and MCSE vi Contributing Authors Conrad H Agramont Jr is a Partner Technology Specialist with Microsoft, where he focuses on technical readiness for Microsoft Infrastructure Partners focusing on the small to midmarket enterprises Conrad was previously the Senior Architect for a Microsoft Gold Partner, where he was responsible for product planning, software architecture, and technical evangelism, focusing on service providers worldwide He was also a Program Manager at Microsoft, driving hosting scenarios and architecting components for the Microsoft Provisioning System, Microsoft Solutions for Hosted Messaging and Collaboration, and Windows-Based Hosting 3.0 Conrad has more than 10 years of experience working in the Microsoft automation and hosting space, speaking at public events, and publishing articles in magazines He is also an active blogger, focusing on many Microsoft-related topics His blog can be found at http://agramont.net/ Timothy Blum (MCDBA, MCTS, MCITP) is the senior database administrator at HighPoint Solutions, LLC, which provides business and technology solutions to the pharmaceutical and life sciences industry He currently provides senior-level strategic and technical consulting to HighPoint Solutions’ clients in the northeast region of the U.S His specialties include Microsoft SQL Server design and implementation, Integration Services, Data Transformation Services, Analysis Services, business intelligence architecture and design, and database tuning During his 15 years working in the IT industry, Timothy has held positions as a senior SQL Server database administrator, PICK database administrator, Oracle database developer, and a C++,VB, ASP, and UNIX Business Basic programmer for companies such as CEI Network, DDS Ltd, and ECC Management Services Kevvie Fowler is the manager of managed security services at Emergis Inc., where he is responsible for the delivery of specialized security and incident response services Kevvie has more than 10 years of professional information security and IT experience within vii development, database, and host/network platforms In 2007, Kevvie was a featured presenter at the Black Hat USA security conference, where he presented his ground-breaking research on SQL Server database forensics Kevvie is a GIAC Gold Certified Forensic Analyst, and he holds several other certifications, including CISSP, MCTS, MCSD, MCDBA, and MCSE Raymond Arthur Gabriel (MCSD, MCAD, MCSD Net) formed a consulting practice, Integrated MicroSystems Design Corp (www.imicrodev net), in 1989 to provide technical consulting services as an application architect and solution developer He has 20 years of experience in IT, including full life-cycle experience with multitier Windows and Web application development Raymond holds an associate’s degree in electronic engineering from the Cleveland Institute of Electronics and is a member of the IEEE He currently resides in Chester County, PA, with his wife, Sharon, whose support is an eternal source of great encouragement Twan Grotenhuis (MCT, MCSE NT4, 2000 and 2003, MCSE+messaging 2000 and 2003, MCSE+security 2000 and 2003, CCNA) is a consultant with Sylis Netherlands He currently provides strategic and technical consulting to several customers of Sylis in the Netherlands His specialties include Microsoft Exchange and ISA architecture, design, implementation, troubleshooting, and optimization Twan has been involved in several major Exchange implementation and migration projects where designing the new messaging infrastructure was his main focus K Brian Kelley (MCSE, GSEC, Security+) is a systems architect for AgFirst Farm Credit Bank At AgFirst he provides infrastructure and security guidance with respect to Windows-based technologies, including Active Directory, Internet Information Server, and Microsoft SQL Server Brian, author of Start to Finish Guide to SQL Server Performance Monitoring, is a regular columnist and blogger at SQLServerCentral.com, where he focuses primarily on SQL Server security He is also a frequent contributor to SQL Server Standard Magazine Brian’s background includes stints with BellSouth as a systems administrator and with the United States Air Force as a communications/computer systems officer in a multitude of IT-related roles viii Brian holds bachelor’s degrees from The Citadel, the Military College of South Carolina, and is a member of the Professional Association of SQL Server (PASS), the SQL Server Worldwide Users Group, the Information Systems Audit and Control Association (ISACA), and the Association for Computing Machinery He is also active in the Midlands PASS chapter, an official PASS chapter for South Carolina Brian currently resides in Columbia, SC, with his family Matt Shepherd (CISSP, MCSE, MCDBA, GCFW, CEH) is a consultant in the Security and Privacy Division at Project Performance Corporation of McLean,VA Matt uses his experience as a network administrator, IT manager, and security architect to deliver high-quality solutions for Project Performance Corporation’s clients in the public and private sector Matt holds bachelor’s degrees from St Mary’s College of Maryland, and he is currently working on his master’s of science in information assurance Robert McLaws is a technology writer from Mesa, AZ He currently resides in northern Phoenix, where he works as a contract software consultant He started a Web site called LonghornBlogs.com in October 2003 The site, now called Windows-Now (www.windows-now.com/ default.aspx), has received several awards, including PC Magazine’s Top 100 Sites of 2004 and CMP Media’s Top 10 Tech Blogs of 2005 Henrik Walther (Exchange MVP, MCSE Messaging/Security) is a senior consultant working for Interprise Consulting A/S (a Microsoft Gold Partner) based in Copenhagen, Denmark Henrik has more than 14 years of experience in the IT business, where he primarily works with Microsoft Exchange, ISA Server, MOM, IIS, clustering, Active Directory, and virtual server technologies In addition to his job as a senior consultant, Henrik runs the Danish Web site Exchange-faq.dk He is also the primary content creator, forums moderator, and newsletter editor at the leading Microsoft Exchange site, MSExchange.org Henrik is the author of CYA: Securing Exchange Server 2003 & Outlook Web Access (Syngress Publishing), and he has been a reviewer on several other messaging books (including another Exchange 2007 book) ix Index Clustered Mailbox Server in Exchange Management Console, 549–551 working status, 547–548 cmdlet code, 13–14 CMDlets, in Exchange Server 2007 Add-ADPermission, 138 Add-AttachmentFilterEntry, 433, 436 Add-MailboxPermission, 138 Add-PublicFolderAdministrativePermission, 184 Add-PublicFolderClientPermission, 180 ClearActiveSyncDevice, 303 Disable-Mailbox, 90 Disable-MailPublicFolder, 190 Disable-StorageGroupCopy, 500 EmailAddressPolicy, 137, 327 Enable-DatabaseCopy, 482, 494 Enable-MailPublicFolder, 188 Enable-OutlookAnywhere, 258 Enable-StorageGroupCopy, 482, 494, 495 Get-ActiveSyncVirtualDirectory, 290 Get-MailboxStatistics, 135 Get-MailPublicFolder, 188 Get-MessageTrackingLog, 358 Get-PublicfolderStatistics, 179 Get-TransportConfig, 540 Move-ClusteredMailboxServer, 548 Move-Mailbox, 95 New-ActiveSyncMailboxPolicy, 295 New-AddressList, 203 New-AddressRewriteEntry, 467 New-DistributionGroup, 121 New-DynamicDistributionGroup, 125, 126 New-EdgeSubscription, 393 New-EmailAddressPolicy, 332 New-ExchangeCertificate, 253 New-JournalRule, 341 New-Mailbox, 88 New-MailboxDatabase, 167 New-MailUser, 131 New-ManagedContentSettings, 209 New-ManagedFolderMailboxPolicy, 215 New-OfflineAddressBook, 231 New-PublicFolder, 176 New-PublicFolderDatabase, 173 New-ReceiveConnector, 354 New-RemoteDomain, 324 New-SendConnector, 347 New-TransportRule, 339 PublicFolderAdministrativePermission, 185 PublicFolder-ClientPermission, 180 Remove-ActiveSyncDevice, 303 Remove-Mailbox, 90, 134 Remove-MailboxDatabase, 193 Remove-PublicFolderAdministrativePermission, 185 Remove-PublicFolderClientPermission, 180 Remove-PublicFolderDatabase, 193 Remove-StorageGroup, 164 Restore-StorageGroupCopy, 486 Resume-PublicFolderReplication, 188 Set-ActiveSyncVirtualDirectory, 290 Set-AttachmentFilterListConfig, 436, 437 Set-CASMailbox, 265 Set-ClientAccessServer, 241 Set-DistributionGroup, 121 Set-DynamicDistributionGroup, 125 Set-MailboxServer, 221 Set-MailContact, 130 Set-MailPublicFolder, 189 Set-SenderReputationConfig –ProxyServerName, 438 Set-Service MSExchangeIMAP4, 305 Set-Service MSExchangePOP3, 305 Set-TransportConfig, 541 Setup /PrepareAD, 38 Setup /PrepareSchema, 38 Start-Service MSExchangeIMAP4, 305 Start-Service MSExchangePOP3, 305 Stop-PublicFolderReplication, 188 Suspend-StorageGroupCopy, 493 Code of Federal Regulation (CFR) Part 11, 913 collection schema in IIS 7.0, 792 Common Language Runtime (CLR), 764 connection filtering agent, in Edge Support Server IP allow list, 413, 415 IP block list, 414, 416 console tree, work centers, 10 content filtering agent features 1175 1176 Index content filtering agent (Continued ) Outlook E-Mail Postmark Validation, 431–432 safelist aggregation, 428–431 properties, 427–428 SCL rating, 425 working principle, 425 The Coordinated Spam Reduction Initiative, 441 CREATE ASYMMETRIC KEY statement, 1117 CREATE CERTIFICATE statement, 1121 CREATE_ENDPOINT event, 1086 CREATE ENDPOINT statement, 1132–1133 CREATE MASTER KEY statement, 1107 CREATE ROLE DDL statement, 1083 CREATE_SCHEMA event, 1083 CREATE SCHEMA statement, 1020, 1024 CREATE SYMMETRIC KEY statement, 1110–1111, 1115 custom detailed error, 850 custom error message configuring httpErrors, 854–858 using IIS Manager, 852 CustomErrorModule, 862 Custom Error Module, using Visual Studio C# Express Edition (VSCE) create and compile, 876–878 options, 875 custom errors messages, properties of, 860 D Database Master Key, 1104, 1107–1109, 1119, 1131 Database Mirroring endpoint, 1132 database restoration, using Windows 2003 backup utility, 583–588 Data Definition Language (DDL), 1070 data encryption asymmetric key for, 1116–1121 certificates for, 1121–1126 Database Master Key for, 1107–1109 definition of, 1100 need for, 1102 organizational requirements, 1101 pass phrases and, 1126–1127 Service Master Key for, 1105–1106 for stored procedure, 1127–1128 using EFS, 1103–1104 using Master Key, 1105–1107 using symmetric key, 1109–1116 Data Manipulation Language (DML), 1070 Data Protection API (DAPI), 1104 DDL (Data Definition Language), 1070 DDL triggers auditing changes to specific logins, 1091–1092 login creation and deletion, 1089–1090 statements, 1079–1081 user creation/deletion, 1092–1093 database ownership and, 1087 definition, 1070 deployment of, 1086 disabling, 1083–1084 and DML triggers, 1074 e-mail alert using, 1081–1082 endpoint creation and, 1086 event information from, 1077–1078 for events, 1072 maintenance window and, 1088 metadata and, 1085 multiple, 1073 options in, 1076–1077 rollback in, 1079 scope of, 1072 syntax of, 1074–1075 system-stored procedures and, 1083 temporary objects and, 1073 Debug Diagnostics Tool (DDT) capturing memory link, 883–887 configuring leak rule, 886 memory leak, 882–883 DECRYPTBYKEY statement, 1114 Dedicated Administrator Connection (DAC), in SQL Server, 979–980 Default Web Site, in Client Access Server, 231, 240, 243–246, 252 delegating custom errors, 891 demilitarized zone (DMZ), 378 DHAs (Directory harvest attacks), 420 Index dial plan, 667 Direct Attached Storage (DAS), 504 Directory harvest attacks (DHAs), 420 DirectPush technology, 286–287 distribution groups, management advanced tab, 117 general tab, 116 Mail Non-Universal group, 115 new dynamic, 121–127 new groups, 118–119 type selection, 120 types of, 112 DLLs (dynamic linked libraries), 738 DML (Data Manipulation Language), 1070 DML triggers, 1074 DMZ (demilitarized zone), 378 DNS server, 33, 386 Domain Name System (DNS), 454 domain security feature, of Exchange Server 2007, 378 DROP CERTIFICATE statement, 1125 DROP LOGIN statement, 1083 DROP SCHEMA statement, 1029 DROP SYMMETRIC KEY statement, 1115 DROP TABLE command, 1072 dynamic linked libraries (DLLs), 738 E EDB file, 164, 166, 173, 192, 193, 233, 584 EdgeSync replication, 379 EdgeSync service, Edge Transport Server Role, of Exchange 2007 accepted domains, 408–409 actual installation, 389–392 address rewrite agent, 466–468 antispam filtering features in agent list, 411 attachment, 432–437 connection, 412–417 content, 425–432 installation, on Hub Transport Server, 412 recipient, 418–421 sender, 417–418 Sender ID, 421–425 Sender Reputation, 437–440 connectors, creation address space, 405 network settings, 404 new, 403 receiving, 407–408 smart host security settings, 406 use, 402 deployment prerequisites ADAM installation, 387–389 DNS server configuration, 386–387 DNS suffix creation, 380–382 name resolution and Hub Transport Servers, 382–386 edge subscription and configure, 393 file creation, 396–397 verification of, 399–400 EdgeSync Service and goal of, 378–379 installation of using setup wizard, 391–392 verifying, 392 Jet database, 380 monitoring, 468 multiple deployment, 453–455 postmaster mailbox, 400–402 rules in action properties, 455–458 creating new, 461–464 exceptions in, 465 and Exchange Management Console, 466 supported actions, 454–461 Security Configuration Wizard (SCW), 442–451 verifying deployment, 392 element schema, in IIs 7.0, 792 EML files, 360 ENCRYPTBYASYMKEY statement, 1119 ENCRYPTBYKEY statement, 1113 ENCRYPTBYPASSPHRASE statement, 1126, 1127 encryption See data encryption Encryption File System (EFS), 1103–1104 1177 1178 Index endpoints, in SQL Server HTTP based basic authentication, 974 digest authentication, 975 encryption, 1132 integrated authentication, 976–977 Kerbros authentication, 976 NT LAN Manager, 975 TCP based, 977–978 T-SQL and, 972–973 Enterprise Tracing for Windows (ETW), Windows Server 2003, 691, 865 enum schema, in IIS 7.0, 792 equipment mailboxes, 83 Exchange ActiveSync (EAS), DirectPush method and, 286–287 function of, 286 licensing companies, 287–288 new features, 288–289 policy management, 293–300 properties page authentication tab, 292 remote file servers tab, 293 virtual directory, configuring, 290–291 Exchange ActiveSync (EAS) device policy, 637 exchange address lists, 127 Exchange Administrator, 474, 514 Exchange 2007 Bootstrapper, 42 Exchange Dogfood, 123 Exchange Enterprise Client Access License (CAL), 339 Exchange Installable File System (ExIFS), 165 Exchange Management Console (EMC), in Exchange Server 2007, 3, 8, 56, 186, 478 Clustered Mailbox Server in, 549–551 Organization Configuration Mailbox Node Address Lists tab, 195–203 Managed Customer Folders tab, 209–222 Managed Default Folders tab, 203–209 Offline Address Book tab, 222–232 property pages, 97–101 Recipient Configuration work center node Disconnected Mailboxes management, 131–136 Distribution Group management See Distribution Group management Mailbox management See Mailbox management Mail Contact management, 129–131 Server Configuration work center node mailbox node, 157 work panes, 9–12 Exchange Management Shell (EMS), 14–15, 61, 80, 253 commands, 14, 61, 90, 121, 126, 148, 160, 164, 180, 189 mailbox manipulation using, 90 Exchange Product group, 2, 3, 5, 12, 15, 26, 33, 80, 156, 260, 303, 316, 327, 378, 454, 626 Exchange Server 2000, 5, 136–139, 156, 247 Exchange Server 2003, 80, 136–139, 156 Exchange Server 2007 antivirus scanning in, 441 architectural goals, backup in Client Access Server, 579–582 Edge Transport Server, 583 Hub Transport Server, 578–579 Mailbox Server, 574–578 Unified Messaging (UM) Server, 582–583 Client Access License (CAL), 27–28, 72 editions, 26–27, 72 32-bit evaluation version, features de-emphasized, 21 discontinued, 21–23 installation on Active Directory domain, 33–40 finalize deployment, 62–63 hardware requirements, 29–30 licensing, 57–61 prerequisites, 28, 72–73 server requirements, 33 server roles, addition and removal, 64–70, 75 software requirements, 30–31 using setup wizard, 40–53, 73 using unattended setup, 53–55, 73 verifying, 55–56, 74 Windows components, for server role, 31–32 Index introduction to, licensing, 57–61 mailbox management Mail Flow Troubleshooter tool functions of, 362 launching, 362 Management Console (EMC), 8–12 message tracking in, 356–358 new wizards, 12–16 permissions, 18–20 Public Folder databases, 172–193 Queue Viewer in launching, 361 queue types, 359–360 recipient management in coexisting environment, 136–139 customizing, 140–147 Disconnected mailboxes, 131–136 Distribution Group management See Distribution Group management Mailbox management See Mailbox management Mail contacts and mail users, 127–131 recipient filtering, 147–149 routing and transport, of messages, 316–318 routing topology, 20 server roles, 3–8 services, 16–18 single-instance storage (SIS), 165 Storage groups in, 157–162 themes, 2–3 Unified Messaging feature definition, 662 features, 664–666 infrastructure, 668–669 IP protocols for, 670 mailbox policies, 671–673 uninstallation, 70–71, 75 Web services, 239–241 Exchange Server Best Practices Analyzer (ExBPA) tool, 11, 28, 56 Exchange Server Database Utilities (Eseutil.exe), 495 Exchange Server 2003 SP2, 286, 295 Exchange 2007 Server Universal Groups (USGs), 33, 38 Exchange 2007 Setup Wizard, 41–46 Exchange 2007 Wiki, 242 eXtensible Markup Language (XML), 11 Extensible Storage Engine (ESE), 164, 475 Extensible Storage Engine Utilities (Eseutil), database repairing, 588–595 F Failed Request Tracing (FRT) architecture, 865 configuring, 865–867 module extending, 874 using IIS Manager, 867 Failed Request Tracing rules, 865 FastCGI, in IIS 7.0, 16 fax receiving, in Exchange Server 2007, 241–242 filename extensions, for Attachment Filtering agent, 434–435 File Transfer Protocol (FTP), 683 flags schema, in IIS 7.0, 792 ForeFront Security product, 441 FREB, in IIS 7.0, 701–702 Fully Qualified Domain Name (FQDN), 984 G GAL (Global Address List), 418 geoclustering, CCR, 504 Global Address List (GAL), 80, 98, 115, 118, 418 Global Catalog servers, 625 Gramm-Leach-Biley Act (GLBA), 913, 1102 group policies, in SQL Server 2005, 1042–1046 GroupWise, 624 H Health Insurance Portability and Accountability Act of 1996 (HIPAA), 1086, 1102 Health Insurance Portability and Privacy Act (HIPAA), 913 HTTP 200, 897 HTTP based endpoints, in SQL Server basic authentication, 974 digest authentication, 975 1179 1180 Index HTTP based endpoints, in SQL Server (Continued ) integrated authentication, 976–977 Kerbros authentication, 976 NT LAN Manager, 975 HTTP error responses for physical directory, 854 URL, 854 virtual directory, 854 Web application, 854 Web server, 854 Web site, 854 httpErrors, in custom error messages Child node attributes and values defaultRosponseMode, 855 detailedMoreInformationLink, 855 errorMode, 856 existingResponse, 856 XML node attributes and values Path, 858 prefixLanguageFilePath, 858 responseMode, 858 statusCode, 858 subStatusCode, 858 HTTP (Hypertext Transfer Protocol), 32, 223, 249 HTTP.sys, 684 Hub Transport server, management of accepted domains creating new, 325–327 New-AcceptedDomain cmdlet, 327 properties page, 325 DNS lookups, 348 E-mail address policies creation of new, 329–331 function of, 327 list of, 328 parameters, 332 function of, 316 global limits, 354–355 internet-facing transport server configuration of anti-spam agent installation, 366 EdgeSync service disabling, 368–369 MX record pointing, 369–371 performing, 364–365 SMTP banner, 368 journaling rule concept, creating new, 340–341 mail flow troubleshooting, 362 message size limits, 354 New-SendConnector cmdlet, 347 outbound messages limit, 349 out of office (OOF) messages, 320–322 Queue Viewing using, 361–369 receive connectors, creation of, 352–354 remote Domains default entry, 320 new entry for, 322–324 New-RemoteDomain cmdlet, 324 send connectors in address space, specifying, 344 creating new, 342–343 network settings, 345 smart host authentication settings, 346 source server, 347 transport rules actions page, 337 conditions page, 336 disclaimer, 338 introduction page, 335 New-TransportRule cmdlet, 339 Hub Transport Server role, of Exchange Server 2007, Hunt group, 668 Hypertext Transfer Protocol (HTTP), 32, 223, 249 I IgnoredLogs folder, 475 IIS 6.0 administration of scripts for, 690 using adsutil.vbs, 690 using IIS Manager, 689 core components HTTP.sys, 684 Inetinfo.exe, 687 Web Service Administration and Monitoring, 686–687 worker process (w3wp.exe), 685 installation of Index unattended, 682–683 using inetsrv directory, 679–681 using user interface, 681–682 troubleshooting, tools for, 690–691 IIS 7.0 ApplicationHost.config for, 776–777 authentication in, 819–820 configuration sections unlocking, 796–800 core server, 749–750 delegation in location tags, 794–795 working principle, 794 diagnostics with, 700–702 enabling WMI for, 698–699 feature sets, installation of FTP Publishing Service, 734–735 Web Management Tools, 735–737 World Wide Web Services, 737–738 iHttpModule Interface Support, 764–770 IIS Manager in, 696–697 installation of IIS 7.0 on Longhorn Server, 714–725 unattended, 728–733 using pkgmgr.exe, 725–728 on Windows Vista, 708–714 ISAPI extensions in, 749 managed code and ASP.NET installation, 763–765 modes in, 770–771 modules in, 766–770 migration from IIS 6.0 ASP.NET requests, 903–905 ASP requests, 901–902 centralized logging, 905 configuration file backup, 906 consideration, 892–893 failed request tracing, 898 HTML requests, 899–900 ISAPI-based extension requests, 902–903 tracing, after upgradation, 897–899 upgrade steps, 894–896 upgrading paths, 893 module selection for, 694 native (C/C++) modules and contents of, 752 development, 752 installation, 755–763 schemas, 789–793 section and attribute locking in, 795 setup features and modules Application Development features, 740–741 Common HTTP features, 741–742 Health and Diagnostics feature, 742 Performance features, 742–743 Security feature, 743 sorting and group by, IIS manager, 815 system.application host for, 785 vs IIS 6.0, 692 WMI provider in, 833–836 XML 101 for, 778–783 IIS (Internet Information Services), 316 IIS log files, 899 IIS 6.0 Management Compatibility, 735 IIS Manager, in IIS 7.0 application, 798 authentication settings, 818–820 center column, 811 changing diagnostic settings, 821 connection manager in Windows Server, 814 creating applications, 817 creating virtual directories, 816–817 definition and use of, 800–801 feature delegation, 695–696 rules for failed request tracing, 821–823 sorting in, 814–815 task pane, 812 Web site creation, 816 worker process details, 820–821 IMF (Intelligent Message Filter), 3, 379, 425 Information Technology (IT), Info Worker Situation theme, installation, of Exchange Server 2007 on active directory domain requirements, 33–36 schema preparation, 36–40 on active node, 541–545 fast, 72–75 finalize deployment, 62–63 hardware requirements, 29 licensing, 57–61 1181 1182 Index installation, of Exchange Server 2007 (Continued ) on passive node, 545–548 prerequisites, 28 server requirements, 33 server roles addition, 64–68 removal, 68–70 software requirements, 30–31 using setup wizard adding Microsoft NET Framework 2.0, 41–42 completion, 53 error reporting page, 45 exchange organization, 48 introductory page, 44 readiness check, 50–51 running setup, 41–42 server installation type selection, 47 splash screen, 43 using unattended setup, 53–55 verification, 55–56 INSTEAD OF trigger, 1070, 1075 Intelligent Message Filter (IMF), 3, 379, 425 Internet Information Services (IIS), 316 Internet Information Services (IIS) Manager, 240, 243, 246, 249, 290 Internet Messaging Access Protocol (IMAP4), 5, 303 configure, 306 enable, using Services Snap-in, 304 limiting access to, 306–307 Internet Security and Acceleration (ISA) Server, 238, 249 Internet Server Application Programming Interfaces (ISAPIs), 748 IP addresses, 244, 245, 290, 348 IP-PBX, 667 ISAPI extension, 901 ISA Server, 642 IT Pro Situation theme, J Joint Engine Technology ( JET), 164 journaling feature, in Exchange Server 2007, 339–341 K Kerberos, 976 key pair, 1116 L LDAP Data Interchange Format (LDIF), 36 licensing, of Exchange Server 2007, 57–61 Lightweight Directory Access Protocol (LDAP), linked mailboxes, 83, 111 local continuous replication (LCR), 5, 16, 474 architecture of, 476 copy, on Storage group database dismounting, 486 drive letter changing, 488–491 resume, 493–494 suspending, 491–493 using Restore-StorageGroupCopy CMDlet, 486–488 copy status, 483–484 disable, 498–500 disk partitioning for, 477 enabling, on Storage Group action pane, 478–479 database copy, 481 path settings, 480 using EMS, 482 integrity check, 495–498 performance objects and counters, 500–503 purpose of, 475 seeding, database copy, 494–495 log files, 475, 551 Log Parser tool, 899 Longhorn Server, 504, 708, 765, 814 Lotus, 624 M mailbox databases, in Exchange Server 2007 create new, 166–167 maintenance, 168 properties page, 169–170 restoration of, 614–616 mailbox management, in Exchange Server 2007 disable mailbox, 89 Index linked mailbox creation, 111–112 moving, 91–95 removing mailbox, 90 room mailbox creation, 109–112 unified messaging in custom attributes, 98 enable, 96 user mailbox creation account tab, 104 delivery options, 105 e-mail addresses tab, 109 mailbox features, 107 mail flow settings, 104 message size restrictions, 105 name and account information, 86 property page, 97–101 storage group selection, 87 storage quotas, 103 user type selection, 85 Mailbox Server role, of Exchange 2007, 5, 156–157 Mailbox stores, 156 Majority Node Set (MNS), 505 managed code, in SQL Server 2005, 923 Managed Custom Folders creating, 211 properties, 212 tab, 210 Managed Default Folders, 203–209 Managed Folder Mailbox Policy creating, 213 folder selection, 214 messaging records management, 218 properties, 216 selecting, 219 managed modules in IIS 7.0 adding, 878–879 enabling trace, 879–881 memory leak, 882–883 message tracking, in Exchange Server 2007, 356–358 message transport and routing, 316–318 metadata, and DDL triggers, 1085 Microsoft Baseline Security Analyzer (MBSA) tool, 921 Microsoft Data Protection Manager version (DPM v2), 551 Microsoft Exchange Replication Service, 475, 494 Microsoft Exchange Transport service, 316 Microsoft Exchange Troubleshooting Assistant (ExTRA), 595–605 Microsoft “Longhorn” Server, 764 Microsoft Management Console (MMC), 31, 35, 542 Microsoft NET Framework Version 2.0 Redistributable Package (x86), 532 Microsoft Operations Manager (MOM), 468 Microsoft.Web.Administration (MWA) accessing runtime information with, 839 application pool addition, 841–842 console application, in C# Express, 837–838 creating virtual directories, 841 currently executing requests and, 844 Web site creation, 839–840 Migration process, 624 Mobile Administration Web tool, 300 Monad See Windows PowerShell Mount points, 486, 489 MSSQLSvc service, 983 multiple DDL triggers, 1073 N Native (CC++) Modules addition to IIS 7.0, 755–763 contents, 752–754 deploying with IIS Manager, 758–763 implementing Register Module, 753 NET Framework 2.0, 31, 532 New Technology File Systems (NTFS), 1103 NNTP protocol, 32 nodes, Exchange Server 2007 installation on active active clustered mailbox role, 544 Cluster Continuous Replication intallation, 545 custom exchange server installation, 543 splash screen, 542 passive, 546 Northwind database, 1002, 1003 Novell GroupWise connector, 626 NT LAN Manager (NTLM), 975 1183 1184 Index O Office Resource Kit, 239 offline address book (OAB), 170–171 Address lists in, 225 dependency, 223–224 distribution point, 228 distribution tab, 226 Mailbox Server selection, 228 new, 226–227 properties, 224 tab, 223 OPEN SYMMETRIC KEY statement, 1112 Organization Configuration work center, 10–11 Organizationwide Situation theme, Outlook 2007, 6, 156, 219, 222, 240, 425, 431 Outlook AnyWhere, management of enable, 256–258 function of, 249 Outlook 2007 client configuration, 258–260 RPC over HTTP Proxy component installation, 255–256 SSL certificate, installation of, 249–255 Outlook e-mail postmark validation, 431–432 Outlook MAPI client, Outlook Voice Access (OVA), 96, 665–666 Outlook Web Access (OWA) 2007, 5, 106, 238 features, 260 change password option, 277–278 create multiple calendars, 276 direct link access, 278 HTML formatting, 279 junk e-mail feature, 279 mailbox limit notification, 274 mark all as read, 281–282 open other mailbox, 274–275 reminders, 277 signature editor, 279 view message header, 275 webready document viewing, 280–281 light feature, 271 logon page, 270–271 logon settings page, 272 managing mobile devices, 302 property page Authentication tab, 263–264 General tab, 263 Public Computer File Access tab, 266 Remote File Servers tab, 268–269 Segmentation tab, 264–265 WebReady Document Viewing, 268 UI, 273 URL, 282–286 virtual directories, 261–262 Out of office (OOF) messaging, in Exchange Server 2007, 320–322 OWA 2007, 642 /owa virtual directory (vdir), 262 P Passive Clustered Mailbox Role, of Exchange 2007, 546 pass phrases, in data encryption, 1126–1127 password policies, in SQL Server 2005, 1042, 1047–1051, 1053–1055 permissions, in Exchange Server 2007, 18–19 permissions, in SQL Server 2005 assigning, 992–994 T-SQL and, 994 types, 988–991 personal identification number (PIN), 96 Personal Information Protection and Electronic Documents Act (PIPEDA), 1102 pkgmgr.exe, for IIS 7.0 installation, 726–728 POP3 (Post Office Protocol version 3), postmaster mailbox, 400–402 Post Office Protocol version (POP3), 5, 303 configure, 306 enable, using Services Snap-in, 304 limiting access to, 306–307 premium journaling, 339 principle of least access, 913 PRINT statement, 1079 Private Branch eXchange (PBX), 667 public folder databases, 5, 156 creating new, 172–174 moving a, 192 properties page, 174–175 Index public folder client permission settings, 180–188 create new, 176 mail-enabling a, 188–192 Outlook 2007 and, 179 properties page, 178 replica settings, 188 removing, 193 public folder stores, 156 Q Queue viewer tool launching, 361–362 queue types, 359–360 R Rapid Deployment Program (RDP), in Exchange 2007, 80, 90 RC4 and RC2 algorithms, 1101 readiness checks, in Exchange Server 2007, 50 Real-Time Transport Protocol (RTP), 670 Recipient Configuration work center node, 81, 127 Recipient filtering, in Edge Support Server recipient policies, 156 Recipient Update Service (RUS), in Exchange Server 2003, 327 RecoverCMS switch, cluster recovery, 612–613 RecoverServer switch, and Exchange Server 2007 installation feature, 610–612 recover feature, 608–610 Recovery Storage Group (RSG), management of, 595 using Exchange Management Shell (EMS), 605–612 using Microsoft Exchange Troubleshooting Assistant (ExTRA), 595–605 remote domains, in Exchange 2007, 318–324 Remote procedure call (RPC), 32 Request for Comment (RFC), 164 resource mailbox, in Exchange Server 2007, 195 RESTORE SERVICE MASTER KEY statement, 1106 RFC (Request for Comment) 822, 164 RoadSync, 287 roles, in SQL Server 2005 administration of Extended Properties window, 961 General page, 958–959 Securables page, 959–960 types fixed server roles, 957–958 predefined database roles, 954–956 user-defined application roles, 954 user-defined standard roles, 953–954 and windows groups, 952–953 ROLLBACK command, 1079 room mailboxes, 83 routing group connectors, 316 RPC (Remote procedure call), 32 RTP(Real-Time Transport Protocol), 670 Runtime State and Control API (RSCA), 701 S Sarbanes-Oxley Act of 2000 (SOX), 913, 1086 Scalability, in Exchange server 2007, SCHEMABINDING, 1070–1071 schemas, in IIS 7.0 attribute, 790–792 collection, 792 element, 792 enum, 792 flags, 792 section, 790 schemas, in SQL Server 2005 built-in schemas, 1006–1008 as containers, 1000–1001 creating using Server Management Studio, 1020–1024 using T-SQL, 1024 default schema, 1034–1035 definition, 1000 designing of namespace and, 1012 security and, 1013 dropping using Server Management Studio, 1028 using T-SQL, 1029 1185 1186 Index schemas, in SQL Server 2005 (Continued ) information viewing using SQL Server Management Studio, 1016 using T-SQL, 1016–1019 move objects using Server Management Studio, 1025–1026 T-SQL, 1026 ownership changes using, 1029–1030 permissions on defined, 1031–1032 permissions settings using Server Management Studio, 1032–1034 using T-SQL, 1034 server upgradation, 1011 in SQL Server 2000, 1002–1005 SCL rating, in content filtering, 425 section schema, in IIS 7.0, 790 Secure Sockets Layer (SSL) certificates, 243–249, 310 Security Configuration Wizard (SCW), and Edge Transport Server adding, 443 confirming service changes, 447 extension file, 444 port addition, 448–450 role selection, 446 security policy, 451 viewing, 445 seeding, in local continuous replication, 494 sender filtering, in Edge Support Server, 417–418 Sender ID filtering results, 422–423 working principle, 421–422 Sender Policy Framework (SPF), 421 Sender Reputation agent properties page, 439–440 working principle, 437–438 SendMail, 624 server roles, in Exchange Server 2007, 3–4 Client Access Server role, 5–6 Edge Transport Server role, Hub Transport Server role, Mailbox Server role, software requirement, 31 Unified Messaging Server role, 6–8 server-wide logging, 905 Service Broker endpoints, 1132 Service Master Key, 1105, 1107, 1109 Service Principal Names (SPNs), 976, 980, 983, 996 services, in Exchange Server 2007, 16–18 Session Initiation Protocol (SIP), 670 Setup /PrepareSchema command, 38 SharePoint, 172 Simple Mail Transfer Protocol (SMTP), 356, 378 Simple Object Access Protocol (SOAP), 973 Single Copy Clusters (SCC), in Exchange Server 2007, 474 managing, 552–553 network settings, cluster disks for, 554–559 SIP (Session Initiation Protocol), 670 Site Overriding, 858–860 Small Business Server (SBS), 41 SMTP engine, 33 SMTP (Simple Mail Transfer Protocol), 356, 378 SMTP Tarpitting feature, in Edge Transport Server, 420, 421 SMTP Transport Layer Security (TLS), 317 SOAP (Simple Object Access Protocol), 973 SPF (Sender Policy Framework), 421 SPNs(Service Principal Names), 976, 980, 983, 996 SQL Browser, 918 SQL Server 2005 access, granular managing, 991 permissions, 988–991 principals, 987 securables, 987–988 authentication modes auditing, 986 changing, 970 locating, 971 login types, 968–969 data encryption in certificates for, 1121–1126 stored procedure and, 1127–1128 using asymmetric key, 1116–1121 Index using EFS, 1103–1104 using symmetric keys, 1109–1116 DDL triggers auditing database ownership and, 1087 definition, 1070 deployment of disabling, 1083–1084 and DML triggers, 1074 e-mail alert using, 1081–1082 endpoint creation and, 1086 event information from, 1077–1078 for events, 1072 maintenance window and, 1088 metadata and, 1085 multiple, 1073 options in, 1076–1077 rollback in, 1079 scope of, 1072 syntax of, 1074–1075 system-stored procedures and, 1083 temporary objects and, 1073 Dedicated Administrator Connection (DAC), 979–980 endpoints in authentication types, 974–978 encryption, 1130 and T-SQL, 972–973 features turned off, 916 installation, and best practices, 913–914 Kerberos support, configuring clustered server and, 985 HTTP endpoint, 984 TCP endpoint, 984 managed code feature, 923 Management Studio (SSMS), 1014, 1076, 1083 password polices in definition, 1042 principle of least access, 913 roles in schemas in built-in schemas, 1006–1008 as containers, 1000–1001 creating, 1020–1024 default schema, 1034–1035 definition, 1000 designing of namespace and, 1012 security and, 1013 dropping, 1028–1029 information viewing, 1016–1019 move objects using, 1025–1026 ownership changes using, 1029–1030 permissions settings defined, 1031–1032 using Server Management Studio, 1032–1034 using T-SQL, 1034 server upgradation, 1011 in SQL Server 2000, 1002–1005 security issues, 912 services in, 917, 936 surface area definition, 930–931 tool, 931–947 Surface Area Configuration Manager, 918 T-SQL access, 972–973 Web-based reporting engine integration services, 914 notification services, 914 reporting services, 913–914 SQL Server 2000 endpoints, 972 SQL Server Management Studio (SSMS), 958, 1014, 1076, 1083 SQL Slammer worm, 912 SQL specification rules, 1000 SSMS (SQL Server Management Studio), 958 standard journaling, 339 standby cluster, 553 storage groups, in Exchange Server 2007 creating new, 158–160 definition, 157 moving, 162 properties page, access to, 161 remove a, 163 replication, 158 restoration, using Windows 2003 backup, 584–588 1187 1188 Index Streaming file (.STM), 164 Structured Query Language (SQL), subscriber access feature, in unified messaging, SUPTOOLS.MSI file, 39 Surface Area Configuration tool, in SQL Server 2005 command line utility installation, 942 syntax, 942–943 connection with remote computer, 934 for features, 940–941 functions of, 931 launching, 931–933 multi instance server and, 936–937 practical applications, 944–947 for services and connections, 935–936 service settings, 938–940 settings, 934 Surface area, definition of, 930–931 Symantec’s bv-Control, 971 symmetric keys, for data encryption alter, 1113–1114 creating, 1109–1111 drop, 1115–1116 opening, 1112 System.ApplicationHost authentication section group, 789 sections groups unlocking of, 794 Security Section, 788 system.web server for, 786–789 tracing section, 789 System Development Life Cycle (SDLC), 1013 T Technology Adoption Program (TAP), in Exchange 2007, 80 themes, Exchange Server 2007, 2–3 TLS (SMTP Transport Layer Security), 317 Toolbox work center, Exchange Server 2007, 11–12 Transaction logs, 504 Transact-SQL (T-SQL), 972, 973, 977, 978, 994, 1015, 1070, 1089 Transition process, 624 transition, to Exchange Server 2007 coexistence with Exchange 2003, 637–638 decommissioning, 649–654 Legacy Mailboxes and, 643–646 Public Folder replication, 638–642 redirecting inbound mail, 646–649 requirements for Active Directory forest preparation, 623–626 Active Directory preparation, 630–637 legacy Exchange organization preparation, 626–628 Link State updates, suppressing, 629–630 Transport Dumpster, in Hub Transport Server configure, 541 functions of, 540 T.38 (Real-Time Facsimile), 670 triggers, in SQL Server See DDL triggers Triple Data Encryption Standard (3DES), 1101, 1105, 1111, 1118 The Trustworthy Computing Security Development Lifecycle, by Microsoft, 922 T-SQL (Transact-SQL), 972, 973, 977, 978, 994, 1015, 1070, 1089 U unattended setup, for Exchange Server 2007 installation, 53–54 unified messaging feature, in Exchange Server 2007 definition of, 662 features Call Answering, 664 Outlook Voice Access (OVA), 665–666 infrastructure, 668–669 installation, 663 IP protocols for, 670 mailbox policies, 671–673 Unified Messaging Server role, 6–8 Universal Security Groups (USGs), 38 V virtual private network (VPN), 249 Visual C# Express, 837 Index Visual Studio 2005, 837 Voice over Internet Protocol (VoIP), 667 Volume ShadowCopy Service (VSS) backups, 477 VSS Writer, SQL Server 2005, 919 W Windows 2003 backup utility database restoration, 583–588 Exchange 2007 restoration, 579–583 Storage Groups restoration, 584–588 Windows Clustering Services, 504 Windows “Longhorn” server, 30, 931 Windows mobile 5.0, 6, 253, 287, 292, 293 Windows PowerShell, 2, 8, 13, 14, 31, 42, 80, 150, 389, 430, 541, 692, 697, 699, 700 Windows Server 2003, 30, 35, 477, 1104 Windows Server 2008 Beta 3, 892 Windows 2003 Small Business Server (SBS), 30 Windows Sysinternals process explorer, 749 Windows Vista, 708, 764, 892, 905 WMI provider, in IIS 7.0 authentication setting, 835 creating application pools, 834–835 creating virtual directories, 834 creating web sites using, 834 enabling logical Layout, 697–698 using PowerShell with, 699 failed request tracing, 835–836 worker process (w3wp.exe), in IIS 7.0, 685 World Wide Web Service (W3SVC), 52 X XML data type, 1078 XML 101 in IIS 7.0 configuration, 778–783 xp_loginconfig stored procedure, 971 XQuery language, 1078 XQuery () methods, 1078, 1094 1189 ... Burlington, MA 01803 The Best Damn Exchange, SQL and IIS Book Period Copyright © 2007 by Elsevier, Inc All rights reserved Printed in the United States of America Except as permitted under the Copyright... professionals (MVPs), and spearheading new and exciting programs to best reach customers for the IIS team Chris has owned such things as www .iis. net, the IIS Webcast Series, and the IIS Diagnostics... Carolina, and is a member of the Professional Association of SQL Server (PASS), the SQL Server Worldwide Users Group, the Information Systems Audit and Control Association (ISACA), and the Association