Friday, January 28, 2011

Default Authentication Settings for Exchange-related Virtual Directories

Default Authentication Settings for Exchange-related Virtual Directories
Topic Last Modified: 2010-09-20
The installation of Microsoft Exchange Server 2007 automatically configures several Internet Information Services (IIS) virtual directories, as appropriate for the particular Exchange role or roles that are installed.
This topic discusses the default settings for the Exchange-related virtual directories. Specifically, this topic contains information about the default authentication settings and about the default SSL settings.
The following table lists the default settings on a stand-alone Exchange 2007 CAS server.

Default CAS server IIS authentication and SSL settings

Virtual directoryAuthentication methodSSL settingsAdditional comments
Default Web Site
  • Anonymous authentication
  • SSL required
  • Require 128-bit encryption
The Enable HTTP Keep-Alives option should be enabled. This option is on the Web Site tab.
aspnet_client
  • Anonymous authentication
  • SSL required
  • Require 128-bit encryption
Autodiscover
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Shell.
EWS
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
owa
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
Exchange
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
Public
  • Basic authentication
  • Windows authentication
  • Not required
Authentication management should be performed by using the Exchange Management Console.
Exchweb
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
OAB
  • Windows authentication
Not required
Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
UnifiedMessaging
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Microsoft-Server-ActiveSync
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
Rpc
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Outlook Anywhere requires this component. Authentication management should be performed by using the Exchange Management Shell.
RpcWithCert
By default, all authentication methods are disabled
SSL required
Authentication management should be performed by using the Exchange Management Shell.
The following table lists the default settings on a stand-alone Exchange 2007 Mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directoryAuthentication methodSSL settingsAdditional comments
Default Web Site
Anonymous
Not required
Exadmin
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Exchange
  • Basic authentication
  • Windows authentication
Not required
Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
Public
  • Basic authentication
  • Windows authentication
Not required
Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
The following table lists the default Exchange 2007 IIS settings on a Windows SBS 2008-based server.

Default Exchange-related IIS authentication and SSL settings.

Virtual directoryAuthentication methodSSL settingsAdditional comments
Default Web Site
  • Anonymous authentication
Not required
aspnet_client
  • Anonymous authentication
Not required
Autodiscover
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Shell.
EWS
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Exadmin
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Exchange
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
Exchweb
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
Microsoft-Server-ActiveSync
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.
OAB
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
owa
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
Public
  • Basic authentication
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
Rpc
  • Basic authentication
  • Windows authentication
Not required
Outlook Anywhere requires this component. Authentication management should be performed by using the Exchange Management Shell.
RpcWithCert
By default, all authentication methods are disabled
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Shell.
UnifiedMessaging
  • Windows authentication
  • SSL required
  • Require 128-bit encryption
The following table lists the default settings on a stand-alone Exchange 2007 CAS server.

Default CAS server IIS authentication and SSL settings

Virtual directoryAuthentication methodSSL settingsAdditional comments
Default Web Site
Anonymous authentication
  • SSL required
  • Require 128-bit encryption
The Enable HTTP Keep-Alives option should be enabled. This option is on the Web Site tab.
aspnet_client
Anonymous authentication
  • SSL required
  • Require 128-bit encryption
Autodiscover
  • Anonymous authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Shell.
EWS
Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
owa
Basic authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
Exchange
  • Basic authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
Public
  • Basic authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
Exchweb
  • Basic authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console.
OAB
  • Integrated Windows authentication
Not required
Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.
UnifiedMessaging
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
Microsoft-Server-ActiveSync
  • Basic authentication
  • SSL required
  • Require 128-bit encryption
Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
The following table lists the default settings on a stand-alone Exchange 2007 Mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directoryAuthentication methodSSL settingsAdditional comments
Default Web Site
Anonymous
Not required
Exadmin
  • Basic authentication
  • Integrated Windows authentication
  • SSL required
  • Require 128-bit encryption
Exchange
  • Basic authentication
  • Integrated Windows authentication
Not required
Authentication management should be performed by using the Exchange Management Console or the Exchange Management Shell.
Public
  • Basic authentication
  • Integrated Windows authentication
Not required
Authentication management should be performed by using the Exchange Management Console or Exchange Management Shell.

No comments:

Post a Comment