ExAdmin is configured for Secure Channels and Encryption.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18788	EMG2-305 Exch2K3	SV-20502r1_rule	ECCT-1	Low

Description
ExAdmin Virtual Directory is used by the Exchange System Manager to access mailboxes and Public Folders. Users do not directly access the ExAdmin Virtual Directory. This feature controls the security setting used to determine whether client machines should be required to connect to this virtual directory using secure channels and encryption. The services that use the ExAdmin Virtual Directory do not support the use of secure channels. Secure channels should not be configured on this virtual directory, as it will effectively disable the Exchange Mail and Public Folder functionality.

Description

ExAdmin Virtual Directory is used by the Exchange System Manager to access mailboxes and Public Folders. Users do not directly access the ExAdmin Virtual Directory. This feature controls the security setting used to determine whether client machines should be required to connect to this virtual directory using secure channels and encryption. The services that use the ExAdmin Virtual Directory do not support the use of secure channels. Secure channels should not be configured on this virtual directory, as it will effectively disable the Exchange Mail and Public Folder functionality.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22498r1_chk )
Ensure that ExAdmin Virtual Directory is using correct security. Procedure: IIS Manager>> [Server name]>>Web Sites>>Default Web Site >> ExAdmin >>Properties >> Directory Security Tab >> Secure Communications >> Edit Button All checkboxes should be cleared. Criteria: If all security checkboxes are cleared, this is not a finding.

Fix Text (F-19443r1_fix)
Configure ExAdmin Security. Procedure: IIS Manager>> [Server name]>>Web Sites>>Default Web Site >> ExAdmin >>Properties >> Directory Security Tab >> Secure Communications >> Edit Button Clear all checkboxes.