Implementing Messaging Security for Exchange Server Clients

Similar documents
HOL122 Lab 1: Configuring Microsoft Windows Server 2003 RPC Proxy

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

This PDF Document was generated for free by the Aloaha PDF Suite If you want to learn how to make your own PDF Documents visit:

RPC Over HTTP Install Windows Server 2003 Configure your Exchange 2003 front-end server as an RPC Proxy server

etoken Integration Guide etoken and ISA Server 2006

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

20411D D Enayat Meer

ms-help://ms.technet.2004apr.1033/win2ksrv/tnoffline/prodtechnol/win2ksrv/howto/efsguide.htm

ms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm

Module 9. Configuring IPsec. Contents:

SCCM Plug-in User Guide. Version 3.0

Installing and Configuring vcloud Connector

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

Wavecrest Certificate SHA-512

Status Web Evaluator s Guide Software Pursuits, Inc.

Installation Instructions for SAS Activity-Based Management 6.2

VMware AirWatch Certificate Authentication for EAS with ADCS

LAB 5 ANSWER KEY WORKING WITH FIREWALLS, ENCRYPTED FILE SYSTEMS (EFS) AND USER ACCOUNT CONTROL (UAC)

5.5.3 Lab: Managing Administrative Settings and Snap-ins in Windows XP

Using SSL to Secure Client/Server Connections

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

Copyright 2017 Softerra, Ltd. All rights reserved

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

10ZiG Technology. Thin Desktop Quick Start Guide

Installing a SSL Server Certificate on Client Access Server

Installing and Configuring vcloud Connector

Avaya Modular Messaging Microsoft Outlook Client Release 5.0

Send the Ctrl-Alt-Delete key sequence to the Guest OS one of two ways: Key sequence: Ctlr-Alt-Ins Menu Sequence: VM / Guest / Send Ctrl-Alt-Delete

Amazon WorkMail. User Guide Version 1.0

Windows Server 2012 Immersion Experience Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control

3. In the upper left hand corner, click the Barracuda logo ( ) then click Settings 4. Select the check box for SPoE as default.

Advanced Security Measures for Clients and Servers

Transport Gateway Installation / Registration / Configuration

Optional Lab. Identifying the Requirements. Configuring Windows 7 with virtualization. Installing Windows Server 2008 on a virtual machine

NETWRIX PASSWORD EXPIRATION NOTIFIER

Exostar LDAP Proxy/Secure Setup Guide September 2017

NBC-IG Installation Guide. Version 7.2

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

User Guide. BlackBerry Workspaces for Windows. Version 5.5

IT Essentials v6.0 Windows 10 Software Labs

Microsoft ISA 2006 Integration. Microsoft Internet Security and Acceleration Server (ISA) Integration Notes Introduction

Workstation Configuration

Microsoft Dynamics GP Web Client Installation and Administration Guide For Service Pack 1

Workstation Configuration

Configuring Cisco Unified MeetingPlace Web Conferencing Security Features

OUTLOOK WEB APP (OWA): MAIL

Cisco TelePresence Management Suite Extension for Microsoft Exchange

Configuring Remote Access using the RDS Gateway

Installing and Configuring vcenter Multi-Hypervisor Manager

Best Practices for Security Certificates w/ Connect

Kernel for Exchange Server. Installation and Configuration Guide

Workstation Configuration Guide

HOL124: Migrating from Exchange Server 5.5/Windows NT 4 Server to Exchange Server 2003/Windows Server Part 1

Installation Guide for Pulse on Windows Server 2012

Transport Gateway Installation / Registration / Configuration

User Guide for Accessing Cisco Unity Connection Voice Messages in an Application

User Manual. Active Directory Change Tracker

Workstation Configuration

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

VMware Horizon Client for Chrome Installation and Setup Guide. 15 JUNE 2018 VMware Horizon Client for Chrome 4.8

VIRTUALIZATION MANAGER ENTERPRISE EDITION GETTING STARTED GUIDE. Product: Virtual Iron Virtualization Manager Version: 4.2

Deployment guide for Duet Enterprise for Microsoft SharePoint and SAP Server 2.0

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

08 March 2017 NETOP HOST FOR ANDROID USER S GUIDE

Course CLD221x: Enabling Office 365 Clients

OUTLOOK WEB ACCESS UOW USER GUIDE INDEX

VMware AirWatch: Directory and Certificate Authority

Password Reset Server Installation

Lab - System Utilities in Windows

IBM WebSphere Java Batch Lab

VMware Horizon FLEX Client User Guide

LifeSize Control Installation Guide

Archiving Service Administrator Guide

Network Identity Manager with SN-Gina Outlook Web Access

Workshop on Windows Server 2012

Getting Started with Cisco WebEx Meeting Applications

Lesson 3: Identifying Key Characteristics of Workgroups and Domains

Using the Terminal Services Gateway Lesson 10

Installing the Cisco Unified MeetingPlace Web Server Software

EM Library Startup guide

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

ms-help://ms.technet.2004apr.1033/win2ksrv/tnoffline/prodtechnol/win2ksrv/howto/grpolwt.htm

Copyright

Installing AX Server with PostgreSQL (multi-server)

Certificate Management

Workstation Configuration

VII. Corente Services SSL Client

Amazon WorkMail. User Guide Version 1.0

When starting the installation PKI Install will try to find a high port available for https connection.

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

Certificates for Live Data Standalone

Microsoft Windows Server 2003 or Microsoft Windows Server 2008 Windows SharePoint Services 3.0 or Microsoft Office SharePoint Server 2007

8 Administering Groups

Genesys Security Deployment Guide. What You Need

Automating the Windows 2000 Installation

Transcription:

Implementing Messaging Security for Exchange Server Clients Objectives Scenario At the end of this lab, you will be able to: Protect e-mail messages using S/MIME signing and encryption Manage e-mail attachment security using the Outlook Security Template Secure remote Microsoft Office Outlook 2003 using RPC over HTTPS Secure Outlook Web Access (OWA) connections You are the administrator for Northwind Traders. You are implementing a number of tasks to help secure your messaging infrastructure. You have decided to deploy S/MIME with Exchange Server 2003 to help protect e-mail content. To increase the security of e-mail attachments, you are also implementing the Outlook Security Template. Northwind Traders has a number of roaming users that use Outlook 2003 for their e-mail client. To provide secure connections for these clients, you are to implement RPC over HTTPS. The majority of external users will be using Outlook Web Access (OWA) to send and receive e-mail. To help secure the OWA connections you will deploy SSL and forms-based authentication. A portion of the Northwind Traders network infrastructure is illustrated below: Computers Estimated time to complete this lab: 75 minutes This lab uses the following computers: VAN-DC1, VAN-ISA1, and VAN-CL1. Before you begin the lab, you must start the VAN-DC1, VAN-ISA1, and VAN- CL1 computers.

2 Implementing Messaging Security for Exchange Server Clients Lab Setup To complete each lab module, you need to review the following: Virtual PC This lab makes use of Microsoft Virtual PC 2004, an application that allows you to run multiple virtual computers on the same physical hardware. During the lab, you will switch among different windows, each of which contains a separate virtual machine. Before you start the lab, familiarize yourself with the following basics of Virtual PC: Task To switch the focus for your mouse and keyboard to the virtual machine. To remove the focus from a virtual machine. To issue the CTRL+ALT+DELETE keyboard combination inside a virtual machine. To make the virtual machine window larger. To switch to full-screen mode, and to return from full-screen mode. Procedure Click inside the virtual machine window. Move the mouse pointer outside the virtual machine window. Use the <RIGHT>ALT+DELETE keyboard combination. In Virtual PC, the <RIGHT>ALT key is called the host key. Drag the lower-right corner of the window. Press the <RIGHT>ALT+ENTER keyboard combination. To complete this lab, you need to start the virtual machines and then log on to the computers. In each exercise, you only have to start the virtual machines that are needed. To log on to a computer in a virtual machine 1. Press <RIGHT>ALT+DEL (instead of CTRL+ALT+DEL) to open the Logon dialog box. Important If a service startup error appears on VAN-DC1 during the boot process, check to ensure that the Exchange Server services have started as expected.

Implementing Messaging Security for Exchange Server Clients 3 Exercise 1 Protecting E-mail Messages Using S/MIME Signing and Encryption In this exercise, you learn how to implement encrypted and signed e-mail messages using Outlook Express and Microsoft Office Outlook 2003. You begin by installing and configuring a Windows Server 2003 Certification Authority to support S/MIME signing and encryption of e-mail. After obtaining the required certificates, you then see how an e-mail client can send and receive signed and encrypted e-mail using S/MIME. Scenario The executive leadership at Northwind Traders has commissioned your IT department to enhance the security of the Microsoft Exchange Server 2003 messaging infrastructure. The following requirements apply: Requirement Immediately secure all e-mail sent between employees. Provision e-mail users with clients that support POP3, IMAP, and HTTP Proposed solution Enable e-mail users to digitally sign and encrypt e-mail. Use S/MIME. Store and deploy certificates by using an internal Certificate Authority integrated with Active Directory. Recommend the following be supported: Microsoft Office Outlook 2003 Outlook Express Outlook Web Access Note: This exercise uses the following computers: VAN-DC1 and VAN-CL1. Note: Perform the following steps on the VAN-DC1 computer. 1. Configure Certificate Services on VAN-DC1 to be used to support S/MIME security. CA Type: Enterprise Root CA Common Name: Northwind Traders CA a. Log on to VAN-DC1 as Administrator with the password P@ssw0rd. b. Click Start, point to Control Panel, and then click Add or Remove Programs. c. In the Add or Remove Programs window, click Add/Remove Windows Components. After a few moments the Windows Components Wizard opens. d. Click the check box next to Certificate Services. A Microsoft Certificate Services message box says that the machine name and domain membership may not be changed. e. Click Yes to continue. f. In the Windows Components dialog box, click Next. g. In the CA Type dialog box, select Enterprise root CA and then click

4 Implementing Messaging Security for Exchange Server Clients 2. Export the Trusted Root Certificate. 3. Verify that S/MIME support is enabled in Exchange Server 2003. Next. h. In the CA Identifying Information dialog box, under Common name for this CA, type Northwind Traders CA. i. Click Next. j. On the Certificate Database Settings dialog box, accept the defaults and then click Next. A Microsoft Certificate Services message is displayed stating that Internet Information Services must be temporarily stopped. k. In the Microsoft Certificate Services prompt, click Yes. The Configuring Components page displays to show the progress of the component configuration and installation. l. When the Insert Disk prompt displays, click OK. m. In the Files Needed dialog box, click the Browse button. n. Browse to C:\Win2k3\I386 and then click Open. o. In the Files Needed dialog box, click OK. The component configuration continues. This may take a few minutes to complete. p. On the Completing the Windows Components Wizard page, click Finish. q. Close the Add or Remove Programs window. a. Click Start, Run, and then type certmgr.msc in the Open text box. Click OK. The Certificate manager MMC opens. b. Expand Trusted Root Certification Authorities. c. Click Certificates. d. In the details pane, scroll down and right-click the first instance of Northwind Traders CA. e. Point to All and then click Export. f. In the Welcome to the Certificate Export Wizard page, click Next. g. On the Export File Format page click Next. h. On the File to Export page, type C:\RootCert.cer and then click Next. i. Click Finish and then click OK. j. Close the Certificate manager MMC. a. Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager. b. Expand Servers, VAN-DC1, and then First Storage Group. c. Right-click Mailbox Store (VAN-DC1), and then click Properties. The Mailbox Store (VAN-DC1) Properties dialog box opens. d. On the Properties page, verify that the Clients support S/MIME signatures check box is selected. e. Click Cancel to close the Properties dialog box. f. Close the Exchange System Manager.

Implementing Messaging Security for Exchange Server Clients 5 Note: Perform the following steps on the VAN-CL1 computer. 4. Install the CA root certificate (RootCert.cer) into the Computer s Trusted Root Certification Authorities store. 5. Log on as Don and request a digital certificate to use for the security features of S/MIME. a. Log on to VAN-CL1 as Administrator with the password P@ssw0rd. b. Click Start and then click Run. c. In the Open text box, type \\VAN-DC1\c$ and then press ENTER. d. Copy RootCert from VAN-DC1 to C:\ on VAN-CL1. e. Close the VAN-DC1 window. f. Click Start and then click Run. g. In the Open text box, type mmc and then press ENTER. h. Click the File menu and then click Add/Remove Snap-in. i. In the Add/Remove Snap-in dialog box, click Add. j. In the Add Standalone Snap-in dialog box, select the Certificates snap-in and then click Add. k. In the Certificates snap-in dialog box, select Computer account and then click Next. l. In the Select Computer dialog box, select Local computer and then click Finish. m. In the Add Standalone Snap-in dialog box, click Close. n. In the Add/Remove Snap-in dialog box, click OK. o. Expand Certificates (Local Computer) p. Right-click Trusted Root Certification Authorities, point to All and then click Import. q. On the Welcome to the Certificate Import Wizard page, click Next. r. On the File to import page, click Browse. s. Browse to C:\ and select RootCert. Click Open. t. On the File to import page, click Next. u. On the Certificate Store page, click Next. v. Click Finish and then click OK. w. Close the Certificates MMC and do not save console settings. x. Log off of VAN-CL1. a. Log on to VAN-CL1 as Don with the password P@ssw0rd. b. Click Start and then click Internet Explorer. c. In the Address text box, type http://van-dc1.nwtraders.msft/certsrv and then press ENTER. d. At the logon prompt type Don with the password of P@ssw0rd. The Microsoft Certificate Services Northwind Traders CA Web page opens. e. On the Welcome page, click Request a certificate. f. On the Request a Certificate page, click User Certificate. g. On the User Certificate Identifying Information page, click Submit. A warning states that the Web site is requesting a new certificate on your behalf.

6 Implementing Messaging Security for Exchange Server Clients 6. Using the Certificates Microsoft Management Console, verify that the certificate has been installed correctly. Note: Perform the following step on the VAN-DC1 computer. 7. Using Active Directory Users and Computers, verify that the Don s public key is stored in Active Directory. Note: Perform the following steps on the VAN-CL1 computer. 8. Verify default S/MIME security settings using Microsoft Office Outlook 2003. 9. Attempt to send an encrypted message. Recipient: Kim Akers h. In the Potential Scripting Violation dialog box, click Yes. After a few moments the certificate is generated and is available to be installed. i. On the Certificate Issued page, click Install this certificate. A warning states that the Web site is adding one or more certificates to the computer. j. In the Potential Scripting Violation dialog box, click Yes. k. When the Certificate Installed page is displayed, close Internet Explorer. a. Click Start, click Run, type certmgr.msc, and then click OK. b. In the Certificates console, expand Certificates Current User, and then expand Personal. Click the Certificates folder. c. In the details pane, double-click the certificate issued to Don Hall. Notice that the certificate can be used to protect e-mail messages and to prove your identity to a remote computer. d. Click OK to close the certificate details. e. Close the Certificates MMC. a. Switch to VAN-DC1 and open Active Directory Users and Computers from the Administrative Tools menu. b. Click View, and then click Advanced Features. c. In the left pane, click the Users node. d. In the details pane, double-click Don Hall. e. Click the Published Certificates tab. Notice that a certificate is issued to Don Hall. f. Click OK and then close Active Directory Users and Computers. a. Click Start and then click E-mail. Microsoft Office Outlook 2003 opens. b. Click Tools and then click Options. c. Click on the Security tab. Notice the options related to encrypted e-mail that affect the default security settings for all e-mail messages. d. Click Settings and verify that S/MIME is being used with SHA1 as the hash algorithm and 3DES as the encryption algorithm. e. Verify that the check box next to Send these certificates with signed messages is enabled. f. Click OK twice to close the Options dialog box. a. To compose a new message, click New. b. In the To box, type Kim. c. In the Subject box, type Test message. d. In the body of the message, type Hello, this is a test message.

Implementing Messaging Security for Exchange Server Clients 7 Security setting: Encrypt message contents and attachments 10. Attempt to send a digitally signed message. Recipient: Kim Akers Security setting: Add digital signature to this message Note: Perform the following steps on the VAN-CL1 computer. 11. Log on as Kim and request a digital certificate to use for the security features of S/MIME. e. Click the Options button. f. In the Message Options dialog box, click Security Settings. g. In the Security Properties dialog box, click the Encrypt message contents and attachments check box. Click OK. h. Click the Close button to close the Security Settings dialog box. i. Click Send. A message states that Outlook had problems encrypting the message because the recipients do not have any valid certificates or have conflicting or unsupported encryption capabilities. This message appears because Kim Akers has not yet enrolled for a certificate to be used for S/MIME encryption. j. In the Encryption Problems dialog box, click the Send Unencrypted button. The message is sent to Kim unencrypted. a. To compose a new message, click New. b. In the To box, type Kim. c. In the Subject box, type Test signed message. d. In the body of the message, type Hello, this is a test of a signed message. e. Click the Options button. f. In the Message Options dialog box, click Security Settings. g. In the Security Properties dialog box, click the Add digital signature to this message check box. Click OK. h. Click the Close button to close the Security Settings dialog box. i. Click Send. The signed message is sent to Kim. The message is signed with Don s private key, and so Kim does not need to have a certificate in order to read Don s signed message. j. Close Outlook and log off. a. Log on to VAN-CL1 as Kim with the password P@ssw0rd. b. Click Start and then click Internet Explorer. c. In the Address text box, type http://van-dc1.nwtraders.msft/certsrv and then press ENTER. d. At the logon prompt type Kim with the password of P@ssw0rd. The Microsoft Certificate Services Northwind Traders CA Web page opens. e. On the Welcome page, click Request a certificate. f. On the Request a Certificate page, click User Certificate. g. On the User Certificate Identifying Information page, click Submit. A warning is displayed stating that the Web site is requesting a new certificate on your behalf.

8 Implementing Messaging Security for Exchange Server Clients 12. Read and verify an S/MIME signed e-mail message using Outlook Express. 13. Send an encrypted and signed reply message. Note: Perform the following step on the VAN-CL1 computer. 14. Log on as Don and verify the signed and encrypted e- h. In the Potential Scripting Violation dialog box, click Yes. After a few moments the certificate is generated and is available to be installed. i. On the Certificate Issued page, click Install this certificate. A warning is displayed stating that the Web site is adding one or more certificates to the computer. j. In the Potential Scripting Violation dialog box, click Yes. k. When the Certificate Installed page is displayed, close Internet Explorer. a. Click Start and then click Outlook Express. b. In the folders list, click Inbox. c. Double-click the message with the subject line Test signed message. Maximize the message window. Notice that the e-mail content provides information that the message has been digitally signed by the sender. d. In the message pane, click the Continue button. The message opens. Notice that a security field is shown that states that the message is digitally signed and verified. Also notice the red seal icon in the top right-hand corner of the message. This seal represents the signed message. e. Click the Seal icon. The Test Signed message dialog box opens. Notice that the contents have not been altered and that the signature is trusted. f. Click the View Certificates button. g. In the View Certificates dialog box, click the Signing Certificate button. h. Notice that you can view the Don Hall s certificate details. i. Click OK to close the Signing digital ID properties dialog box. j. Click OK to close the View Certificates dialog box. k. Click OK to close the Test Signed message dialog box. a. Click Reply. Maximize the message window. b. Click the Encrypt button found on the toolbar. c. Ensure that the Sign button is also selected. Both a seal icon and a lock icon are displayed on the right-hand corner of the message to indicate a signed and encrypted message. d. In the message body, type I received your signed message. I am replying back to you with a signed and encrypted message. e. Click Send. f. Close Outlook Express and log off. a. Log on to VAN-CL1 as Don with the password P@ssw0rd. b. Click Start and then click E-mail.

Implementing Messaging Security for Exchange Server Clients 9 mail message. 15. Test Outlook Web Access functionality with signed and encrypted e-mail and install the S/MIME Control. After a few moments the message from Kim Akers is displayed on the Inbox. Notice that the content of the e-mail message cannot be viewed in the Reading pane. c. Double-click the message from Kim Akers. d. Click the lock icon in the top right-hand corner of the message. The Message Security Properties dialog box opens. e. Click the Encryption Layer node. Notice that the description states that the message is protected by 168 bit 3DES encryption. f. Click the Signer:Kim@NWtraders.msft node. Notice that the description states that the message has been signed by Kim@NWtraders.msft using RSA/SHA1. g. Click the Close button. h. Close the message and then close Microsoft Outlook. a. Click Start and then click Internet to open Internet Explorer. b. In the Address text box, type http://van-dc1.nwtraders.msft/ exchange and then press ENTER. Note that Outlook Web Access should always be configured using SSL encryption. This will be configured later in the lab. c. In the logon prompt type Don as the User name with the password of P@ssw0rd. Notice that the message from Kim Akers cannot be displayed because the message is encrypted and digitally signed. OWA does not support S/MIME by default. d. In the left-hand pane, click the Options button. e. In the details pane, scroll down to the E-mail Security section. The E-mail Security section provides a command to install the latest version of the S/MIME Control. The S/MIME Control adds S/MIME functionality to OWA. f. Click the Download button. g. In the Security Warning dialog box, click Run. h. After a few moments another Security Warning dialog box is displayed, Click Run. The Windows Installer prepares to install the S/MIME Control. After a few moments the installation continues and then completes. i. In the left-hand pane, click the Inbox. Notice that the message now displays in the Reading pane with icons indicating that the message is signed and encrypted. j. Click the Reply button in the toolbar. Notice that the message window now has a lock button to provide encryption capabilities and a seal button to provide signing capabilities. k. In the message body, type I am sending this message from OWA with the S/MIME control installed.

10 Implementing Messaging Security for Exchange Server Clients l. Click Send. m. In the left-hand pane, click the Sent Items folder. n. Verify that the latest message sent to Kim Akers was encrypted and signed by opening the message and viewing the seal and lock icons. o. Close the message and then close Outlook Web Access. p. Log off of VAN-CL1.

Implementing Messaging Security for Exchange Server Clients 11 Exercise 2 Customizing Outlook Security Settings Using the Outlook Security Template In this exercise, you will modify the default security settings for the Outlook 2003 client by using the Outlook Security template. Scenario Microsoft Office Outlook 2003 blocks the direct execution of attachments of many file types, based on the file extension of the attachment. To increase this default level of security you need to restrict Microsoft Word documents and ZIP files from being opened directly from within Outlook. You decide to configure.doc and.zip files as Level 2 File Extensions. This setting forces a recipient first to save Word documents and ZIP files to a local drive before being able to access the files. You also decide to block attachments with the.xls file extension. You will add the.xls extension as a Level 1 File Extension to restrict this type of file attachment from being opened from within Outlook. Note: This lab uses the following computers: VAN-DC1 and VAN-CL1. Note: Perform the following steps on the VAN-CL1 computer. 1. Extract the Outlook Administrator Pack to the C:\OutlookSecurity folder on VAN-CL1. The Outlook Administrator Pack is part of the Microsoft Office 2003 Resource Kit Tools. These tools have already been installed on VAN-CL1. The C:\OutlookSecurity folder has also been preconfigured on VAN-CL1. 2. Install and register the Trusted Code control. Installing the Trusted Code control will enable you to see all options available on the Outlook Security template. After you install a. Log on to VAN-CL1 as Administrator with the password P@ssw0rd. b. Click Start, point to All Programs, Accessories, and then click Windows Explorer. c. Browse to C:\Program Files\ORKTOOLS\ ORK11\TOOLS\Outlook Administrator Pack. d. Double-click ADMPACK. e. In the Microsoft Outlook E-mail Security Update dialog box, click Yes. f. Type C:\OutlookSecurity for the location to place the extracted files. Click OK. Replace any existing files as prompted. After a few moments a message displays stating that the installation is complete. g. Click OK. a. Browse to C:\OutlookSecurity. b. Copy hashctl.dll and comdlg32.ocx from the C:\OutlookSecurity folder to C:\Windows\System32. Replace any existing files as prompted. c. Close Windows Explorer. d. Click Start, Click Run, and then type CMD in the text box. Click OK.

12 Implementing Messaging Security for Exchange Server Clients the control, you must register it on the administrative computer. If you do not register the control, you will get an error when you try to view the Trusted Code tab on the template 3. Using Outlook 2003, create a public folder called Outlook Security Settings. 4. Configure permissions on the Outlook Security Settings public folder. Default: Clear Create Items Anonymous: Remove You must set the folder Access Control Lists (ACLs) so all users can read all items in the folder. However, only those users who you want to create or change security settings should have permission to create, edit, or delete items in the folder. 5. Open and link the Outlook Security Template to the Outlook Security Settings public folder. e. In the command prompt type regsvr32 hashctl.dll. Press ENTER. The regsvr32 command registers the dll file so that it can be used in Windows. f. In the RegSvr32 prompt, click OK. g. In the command prompt type regsvr32 comdlg32.ocx. Press ENTER. h. In the RegSvr32 prompt, click OK. i. Close the command prompt window. a. To start Microsoft Outlook 2003, click Start and click E-mail. b. In the left Mail pane, click the Folder List button at the bottom of the column. The Folder List button changes the view to show all of the Public Folders available on the Exchange Server. c. Expand Public Folders. d. Right-click All Public Folders and then click New Folder. e. In the Create New Folder dialog box, type Outlook Security Settings. The name of the public folder depends on which version of clients you support. Name the folder Outlook Security Settings to apply to most versions of Outlook. Name the folder Outlook 10 Security Settings to apply only to Outlook 2002 and 2003. f. Click OK. a. Right-click Outlook Security Settings. Click Properties. b. Click the Permissions tab. c. Remove Anonymous. d. For the Default name, clear the Create items check box. e. Click OK. a. In Outlook, click File, point to New, and then click Choose Form. b. In the Choose Form dialog box, click the menu next to Look In, and then click User Templates in File System. c. Click the Browse button. d. Browse to C:\OutlookSecurity and then click OK. The OutlookSecurity template displays. e. Click Open.

Implementing Messaging Security for Exchange Server Clients 13 f. In the Select Folder dialog box, expand Public Folders, All Public Folders, and then click Outlook Security Settings. Click OK. The Default Security Settings form opens. 6. Publish the Default Security Settings form. 7. Modify the default form used for the Outlook Security Settings public folder. 8. Configure Outlook Security settings to block.xls attachments and to prohibit.zip and.doc files from being opened from within Outlook, requiring those two file types to be saved on the workstation to be accessed. 9. Configure client computers to use the customized Outlook security settings. a. In the Tools menu, point to Forms, and then click Publish Form. b. Click the Browse button. c. Select the Outlook Security Settings folder. Click OK d. In the Display name box, type Outlook Security Form. e. Click Publish. f. Close the Default Security Settings form. Do not save when prompted. a. In the Outlook Folder List right-click the Outlook Security Settings public folder. b. Click Properties. c. On the General tab, next to When posting to this folder, use: select Outlook Security Form from the list. Click OK. a. In Outlook, in the Folder List click the Outlook Security Settings public folder. b. Click the New button. The Default Security Settings Outlook Security Form opens. c. Maximize the form window. d. Ensure that Default Security Settings for All Users is selected. e. Under the Level 1 File Extensions section, add XLS to restrict users from opening Microsoft Office Excel attachments. f. Under Level 2 File Extensions, add ZIP and DOC separated by a semicolon to require users to save the attachments to access them, thus preventing those file types from being opened directly in Outlook. g. Click the Close button and save changes when prompted. h. Close Outlook. a. On VAN-CL1, click Start and then click Run. b. In the Open text box type regedt32. Click OK. c. Browse to the following location: HKEY_CURRENT_USER\Software\Policies\Microsoft\. d. Right-click Microsoft and then click New, Key. e. Name the new key Security. f. Select the Security key and from the Edit menu, choose New, and click DWORD Value. Name the value CheckAdminSettings. g. Double-click CheckAdminSettings. Set the value data to 1. Click OK. The value of 1 tells an Outlook client to look for custom administrative settings in the Outlook Security Settings public folder. h. Close the Registry Editor.

14 Implementing Messaging Security for Exchange Server Clients 10. Test the attachment restrictions using Microsoft Outlook 2003. a. To start Microsoft Outlook 2003, click Start and click E-mail. b. To create a new message, make sure that the Inbox is selected and then click New. c. In the To box, type Administrator. d. In the Subject line, type Attachment Testing. e. Click the Insert menu and then click File. f. Browse to C:\OutlookSecurity. g. Select the following files: Test.doc, Test.xls, and Test.zip. If the extensions are not visible, select the Word icon, Excel icon, and zip folder icon; each named test. You can select all three by holding down the Ctrl key on the keyboard. h. Click Insert. The files are attached as shown in the attachment section of the e- mail message. i. Click Send. Notice the warning message stating that the e-mail message has potentially unsafe attachments. j. Click Yes. k. Click the Send/Receive button to send the message immediately. After a few moments, the message is displayed in the inbox. l. In the Inbox, double-click the Attachment Testing e-mail message. Notice that Test.xls file attachment has been blocked. m. Double-click Test.doc. Notice the Attachment Security Warning. Also note that you have only the option to save the attachment to disk. n. Click Cancel. o. Double-click Test.zip. Notice the Attachment Security Warning. Also note that you have only the option to save the attachment to disk. p. Click Cancel. q. Close the e-mail message and then close Outlook. r. Log off of VAN-CL1.

Implementing Messaging Security for Exchange Server Clients 15 Exercise 3 Securing Remote Outlook 2003 Connections Using RPC over HTTPS In this exercise, you want to provide remote Microsoft Outlook 2003 clients with the full functionality of Outlook when they connect to the Exchange server. To increase the functionality and security of your Outlook clients, you will also use ISA Server 2004 to publish the Exchange server for Outlook 2003 clients that can use RPC over HTTPS. Important This exercise requires the completion of Exercise 1. Scenario Some remote users at Northwind Traders require access to their Exchange Server mailboxes using their Outlook 2003 clients. For these clients, you need to implement RPC over HTTPS. Note: This lab uses the following computers: VAN-DC1, VAN-ISA1 and VAN-CL1. Note: Perform the following steps on the VAN-DC1 computer. 1. Install the RPC over HTTP Proxy network service on VAN- DC1. 2. In the IIS Manager console, examine the RPC Proxy Server extension. a. Log on to VAN-DC1 as Administrator with the password P@ssw0rd. b. Click Start, point to Control Panel, and then click Add or Remove Programs. c. In the Add or Remove Programs window, click Add/Remove Windows Components. d. On the Windows Components page, select the Networking Services component (do not select the check box), and then click Details. e. In the Networking Services dialog box, select the RPC over HTTP Proxy check box, and then click OK. f. On the Windows Components page, click Next. Wait while Setup installs the RPC over HTTP Proxy network service. g. On the Completing the Windows Components Wizard page, click Finish. h. Close the Add or Remove Programs window. a. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. b. In the IIS Manager console, expand VAN-DC1 (local computer), and then in the left pane, select Web Service Extensions. Notice in the details pane a Web Service Extension is installed called RPC Proxy Server Extension. The status of the extension is Allowed.

16 Implementing Messaging Security for Exchange Server Clients 3. Enroll for a Web server certificate to be used for SSL encryption. 4. Configure the /Rpc virtual directory. Anonymous access: No Authentication method: Basic authentication only Require SSL: Yes. a. In the left-hand pane, expand Web Sites. b. Right-Click Default Web Site and click Properties. The Default Web Site Properties dialog box opens. c. Click the Directory Security tab. d. In the Secure communications section, click the Server Certificate button. The Web Server Certificate Wizard is displayed. e. On the Welcome to the Web Server Certificate Wizard page, click Next. f. On the Server Certificate page, select Create a new certificate and then click Next. g. On the Delayed or Immediate Request page, click Send the request immediately to an online certification authority. Click Next. h. On the Name and Security Settings page, in the Name text box type VAN-DC1 Default Web Site. Click Next. i. On the Organization Information page, in the Organization box, type NWtraders.msft, in the Organizational Unit box, type Messaging, and then click Next. j. On the Your Site s Common Name page, in the Common Name box, type VAN-DC1.nwtraders.msft and then click Next. k. On the Geographical Information page, in the Country/Region box, click CA in the State/province box, type British Columbia, in the City/locality box, type Vancouver, and then click Next. l. On the SSL Port page, verify that the SSL port is 443 and then click Next. m. On the Choose a Certificate Authority page, verify that VAN- DC1.nwtraders.msft\Northwind Traders is selected and then click Next. n. On the Certificate Request Submission page, click Next. o. Click Finish. p. Click OK to close the Default Web Site Properties dialog box. a. In the IIS Manager console, expand Web Sites, expand Default Web Site, and then, in the left pane, select Rpc. b. Right-click Rpc, and then click Properties. c. In the Rpc Properties dialog box, on the Directory Security tab, in the Authentication and access control section, click Edit. d. In the Authentication Methods dialog box, enable Basic authentication. A warning is displayed that states that the authentication option you have selected results in passwords being transmitted over the network without data encryption. You will configure SSL later in this exercise which will address this issue. e. In the IIS Manager warning message box, click Yes to confirm that you want to continue. f. In the Authentication Methods dialog box, clear the option

Implementing Messaging Security for Exchange Server Clients 17 5. Configure VAN-DC1 as an RPC back-end server. 6. Configure the RPC Proxy network service to communicate with the Exchange server (VAN-DC1. nwtraders.msft) on the following ports: 6001, 6002, and 6004 Because we do have only one Exchange server rather than a front-end server and a back-end server, we must still edit the registry to configure the Exchange server to use the required ports. for Enable anonymous access, and then click OK. g. On the Directory Security tab, in the Secure communications section, click Edit. h. In the Secure Communications dialog box, enable Require secure channel (SSL), and then click OK. i. Click OK to close the Rpc Properties dialog box. j. Close the IIS Manager console. a. Click Start, point to All Programs, point to Microsoft Exchange, and then click System Manager. b. In Exchange System Manager, expand the Servers object, right-click VAN-DC1, and then click Properties. c. In the VAN-DC1 Properties dialog box, click the RPC-HTTP tab, and then select the option next to RPC-HTTP back-end server. A warning message displays stating that there is no RPC-HTTP front-end in your Exchange organization. d. In the Exchange System Manager warning message, click OK. e. Click OK in the VAN-DC1 Properties dialog box. A message is displayed indicating that VAN-DC1 does not have the correct ports configured for the services used by RPC-HTTP. If you click OK the ports will be configured automatically. f. Click OK to configure the required ports automatically. g. Click OK again at the reboot warning. h. Close Exchange System Manager. a. Open a Command Prompt window. b. At the command prompt, type cd c:\tools, and then press ENTER. c. Type rpccfg.exe /hd and then press ENTER The output of the command displays which ports on which computer the RPC Proxy service is allowed to create an RPC connection to. The default setting is: VAN-DC1 100-5000. d. Type rpccfg.exe /hr VAN-DC1 and then press ENTER. This removes the current port range settings for VAN-DC1. The next set of commands add the required port ranges for both the NetBIOS name and the fully qualified domain name (FQDN) of the (back-end) computer running Exchange Server and the Global Catalog server. The RPC connections to the computer running Exchange Server are made at ports 6001, 6002, and 6004. e. Type rpccfg.exe /ha VAN-DC1 6001-6002 6004 and then press ENTER. f. Type rpccfg.exe /ha VAN-DC1.Nwtraders.msft 6001-6002 6004 and then press ENTER. g. Type rpccfg.exe /hd and then press ENTER. Notice that VAN-DC1 is now configured to receive RPC connections at the 6001-6002 and 6004 port locations.

18 Implementing Messaging Security for Exchange Server Clients 7. Restart the computer. a. In the Command Prompt window, type net stop iisadmin. Press ENTER. b. Type Y to continue and then press ENTER. c. In the Command Prompt window, type net stop msexchangesa. Press ENTER. d. Type Y to continue and then press ENTER. Note: Perform the following steps on the VAN-ISA1 computer. These commands shut down most of the Exchange Server services, which will speed up the restart. e. Close the Command Prompt window. f. Click Start and then click Shut Down. In the next step, ensure that you restart VAN-DC1 instead of shutting down VAN-DC1. g. In the Shut Down Windows dialog box, complete the following information: What do you want the computer to do: Restart h. Click OK. The VAN-DC1 computer restarts. This will take a few minutes. You can continue with task 8 while VAN-DC1 restarts. 8. Configure ISA Server 2004 with a firewall policy to allow the request of an SSL certificate from the Certification Authority. a. Log on to VAN-ISA1 as Administrator with the password P@ssw0rd. b. Click Start, All Programs, Microsoft ISA Server, and then click ISA Server Management. c. In the ISA Server console, in the left pane, expand VAN-ISA1, and then select Firewall Policy. d. In the task pane, on the Toolbox tab, in the Network Objects section, right-click URL Sets, and then click New URL Set. e. In the New URL Set Rule Element dialog box, in the Name box, type VAN-DC1 CA, and then click New. f. In the new http://newsitename box, replace the text by typing http://van-dc1.nwtraders.msft/certsrv/*, and then press ENTER. g. Click OK to close the New URL Set Rule Element dialog box. h. In the task pane, on the tab, click Create New Access Rule. i. On the Welcome to the New Access Rule Wizard page, in the Access rule name text box, type Allow HTTP from firewall to VAN-DC1 CA, and then click Next. j. On the Rule Action page, select Allow, and then click Next. k. On the Protocols page, in the This rule applies to list box, select Selected protocols, and then click Add. l. In the Add Protocols dialog box, click Common Protocols, click HTTP, and click Add. Click Close to close the Add Protocols dialog box. m. On the Protocols page, click Next.

Implementing Messaging Security for Exchange Server Clients 19 9. Install the CA root certificate (RootCert.cer) into the Computer s Trusted Root Certification Authorities store. Note: Make sure that VAN-DC1 has restarted before continuing with this task. n. On the Access Rule Sources page, click Add. o. In the Add Network Entities dialog box, click Networks, click Local Host, and click Add. Click Close to close the Add Network Entities dialog box. p. On the Access Rule Sources page, click Next. q. On the Access Rule Destinations page, click Add. r. In the Add Network Entities dialog box, click URL Sets, click VAN- DC1 CA, and click Add. Click Close to close the Add Network Entities dialog box. s. On the Access Rule Destinations page, click Next. t. On the User Sets page, click Next. u. On the Completing the New Access Rule Wizard page, click Finish. If VAN-DC1 has not yet completed its reboot, you may get an operation failed message. The firewall policy will work fine once VAN-DC1 is started. v. Click Apply to apply the new rule, and then click OK. a. Click Start and then click Run. b. In the Open text box, type \\VAN-DC1\c$ and then press ENTER. c. Copy RootCert from VAN-DC1 to C:\ on VAN-ISA1. d. Close the VAN-DC1 window. e. Click Start and then click Run. f. In the Open text box, type mmc and then press ENTER. g. Click the File menu and then click Add/Remove Snap-in. h. In the Add/Remove Snap-in dialog box, click Add. i. In the Add Standalone Snap-ins dialog box, select the Certificates snap-in and then click Add. j. In the Certificates snap-in dialog box, select Computer account and then click Next. k. In the Select Computer dialog box, select Local computer and then click Finish. l. In the Add Standalone Snap-in dialog box, click Close. m. In the Add/Remove Snap-in dialog box, click OK. n. Expand Certificates (Local Computer) o. Right-click Trusted Root Certification Authorities, point to All and then click Import. p. On the Certificate Import Wizard welcome page, click Next. q. On the File to import page, click Browse. r. Browse to C:\ and select RootCert.cer and then click Open. s. On the File to import page, click Next. t. On the Certificate Store page, click Next. u. Click Finish and then click OK. v. Close the Certificates MMC and do not save console settings.

20 Implementing Messaging Security for Exchange Server Clients 10. Obtain an SSL certificate to provide secure access to the Exchange Server. 11. Configure a Web listener, which will listen for traffic destined to the RPC over HTTP service on the Exchange server. a. Click Start, point to All Programs and then click Internet Explorer. b. In the Address box, type http://van-dc1.nwtraders.msft/certsrv, and then press ENTER. c. In the Connect to VAN-DC1.nwtraders.msft dialog box, complete the following information: User name: Administrator Password: P@ssw0rd Remember my password: disable (default) d. Click OK. The Microsoft Certificate Services Northwind Traders CA Web page opens. e. On the Welcome page, click Request a certificate. f. On the Request a Certificate page, click advanced certificate request. g. On the Advanced Certificate Request page, click Create and submit a request to this CA. h. On the next Advanced Certificate Request page, complete the following information: Certificate Template: Web Server Name: mail.nwtraders.msft Store certificate in the local computer certificate store: enable Leave all other settings as default i. Click Submit. j. In the Potential Scripting Violation message box, click Yes to confirm that you want to request a certificate now. k. If a message box appears that warns you it might be possible for others to see the information when you send this to the Internet, click Yes to confirm that you want to continue. l. On the Certificate Issued page, click Install this certificate. m. In the Potential Scripting Violation message box, click Yes to confirm that you want to add the certificate. n. Close Internet Explorer. a. In the ISA Server Management console, in the left pane, select Firewall Policy. b. In the task pane, click the Toolbox tab. c. In the Network Objects section, right-click Web Listeners, and then click New Web Listener. d. On the Welcome to the New Web Listener Wizard page, in the Web listener name box, type SSL, and then click Next. e. On the IP Addresses page, select External, and then click Next. f. On the Port Specification page, complete the following information: Enable HTTP: disable Enable SSL: enable

Implementing Messaging Security for Exchange Server Clients 21 12. Configure the SSL Web listener to use Basic authentication. 13. Create a secure Web publishing rule. Name: RPC over HTTPS Web server: VAN- DC1.nwtraders.msft/rpc Send host headers: Yes Public name: mail.nwtraders.msft/rpc Web listener: External Web 443 Forward basic authentication: Yes SSL port: 443 (default) g. Click Select. h. In the Select Certificate dialog box, select the mail.nwtraders.msft certificate, and then click OK. i. On the Port Specification page, click Next. j. On the Completing the New Web Listener Wizard page, click Finish. A new Web listener (using the mail.nwtraders.msft certificate on SSL port 443, on the IP address on the adapter on the External network) with the name SSL is created. a. In the task pane, right-click SSL and click Properties. b. In the SSL Properties dialog box, on the Preferences tab, click Authentication. c. In the Authentication dialog box, in the Method list, enable Basic. A warning message box appears because basic authentication results in passwords being transmitted over the network without encryption if SSL is not used. d. In the warning message box, click Yes to confirm that you want to continue. e. Clear the Integrated check box. f. Click OK to close the Authentication dialog box. g. Click OK to close the SSL Properties dialog box. a. In the right pane, select the first rule to indicate where the new rule will be added to the rule list. b. In the task pane, on the tab, click Publish a Secure Web Server. c. In the New SSL Web Publishing Rule Wizard dialog box, in the SSL Web publishing rule name box, type RPC over HTTPS, and then click Next. d. On the Publishing Mode page, select SSL Bridging, and then click Next. e. On the Select Rule Action page, select Allow, and then click Next. f. On the Bridging Mode page, select Secure connection to clients and Web server, and then click Next. g. On the Define Website to Publish page, complete the following information and then click Next: Computer name or IP address: VAN-DC1.nwtraders.msft Forward the original host header: enable Path: rpc/* h. On the Public Name Details page, complete the following information and then click Next: Accept requests for: This domain name (type below): Public name: mail.nwtraders.msft Path: /rpc/* (default)

22 Implementing Messaging Security for Exchange Server Clients i. On the Select Web Listener page, in the Web listener list box, select SSL, and then click Next. j. On the User Sets page, click Next. Note: Perform the following steps on the VAN-CL1 computer. 14. Configure VAN-CL1 as a remote client. 15. Configure Microsoft Office Outlook to use RPC over HTTPS to connect to the Exchange Server. k. On the Completing the New Web Publishing Rule Wizard page, click Finish. A new secure Web publishing rule is created that publishes the Web site at VAN-DC1.nwtraders.msft/rpc as mail.nwtraders.msft/rpc on the external network. l. In the right pane, right-click the RPC over HTTPS firewall policy, and then click Properties. m. In the RPC over HTTPS Properties dialog box, on the Users tab, click the check box next to Forward Basic authentication credentials (Basic delegation), and then click OK. n. Click Apply to apply the new settings, and then click OK. a. Log on to VAN-CL1 as Don with the password of P@ssw0rd. b. On the desktop, double-click the ExternalClient batch file. This batch file changes VAN-CL1 s IP address to 131.107.0.10, removes the static internal Domain Name System (DNS) entry, and configures a host file for external name resolution. This allows the simulation of an Internet-based host. a. Click Start and right-click E-mail (Microsoft Office Outlook). b. Click Properties. c. In the Mail Setup - Outlook dialog box, click E-mail Accounts. d. In the E-mail Accounts dialog box, select View or change existing e- mail accounts, and then click Next. e. On the E-mail Accounts page, ensure that Microsoft Exchange Server is selected, and then click Change. f. On the Exchange Server Settings page, click More Settings. g. In the Microsoft Exchange Server dialog box, on the Connection tab, enable Connect to my Exchange mailbox using HTTP, and then click Exchange Proxy Settings. h. In the Exchange Proxy Settings dialog box, complete the following information: Use this URL (https://): mail.nwtraders.msft Connect using SSL only: enable (default) Mutually authenticate the session: enable Principal name for proxy server: msstd:mail.nwtraders.msft On fast networks, connect using HTTP first: enable On slow networks, connect using HTTP first: enable (default) Proxy authentication setting: Basic Authentication i. Click OK. The msstd form is Microsoft's standard to refer to RPC principal names. After connecting, Outlook verifies that it is connected to

Implementing Messaging Security for Exchange Server Clients 23 16. Verify that Outlook is connecting to the Exchange Server using RPC over HTTPS. the correct server, by using the msstd principal name. The distinction between a fast network and a slow network is determined by the speed that the network adapter reports. If it reports less than 128 Kbps, it is considered a slow network. If this option is enabled, Outlook attempts to connect by using HTTP (RPC over HTTP) first, and then by using TCP/IP (RPC). j. Click OK to close the Microsoft Exchange Server dialog box. k. The Connect to VAN-DC1.NWtraders.msft dialog box appears. Enter Nwtraders\don as the user name and P@ssw0rd as the password. Click OK. l. On the Exchange Server Settings page, click Next. m. On the E-mail Accounts page, click Finish. n. Click Close to close the Mail Setup - Outlook dialog box. a. To start Microsoft Outlook 2003, click Start and click E-mail. b. At the Connect to VAN-DC1.NWtraders.msft dialog box, type Nwtraders\don as the user name and P@ssw0rd as the Password. Click OK. c. Verify that the Outlook connection indicator states Connected. d. Hold down the CTRL key on your keyboard and then right-click the Outlook icon in the Windows XP notification area. e. Click Connection Status. Notice that the Connection shows that HTTPS is used for the connection to VAN-DC1.NWtraders.msft. f. Click Close. g. Close Microsoft Outlook.

24 Implementing Messaging Security for Exchange Server Clients Exercise 4 Securing Outlook Web Access Connections In this exercise, you will learn how to secure Outlook Web Access by using ISA Server 2004 to implement Forms-based authentication and SSL. You will also learn how to use the Outlook Web Access Administration Tool to configure security settings. Important This exercise requires the completion of Exercises 1 and 3. Scenario You want to provide the ability for Northwind Traders employees to manage their e-mail from the Internet Explorer Web browser using Outlook Web Access (OWA). To provide this functionality, you also decide to implement a number of security settings such as SSL and forms-based authentication. Since your organization uses ISA Server 2004, you will integrate secure-mail server publishing functionality from within ISA Server. You also want OWA users to follow the attachment security policy that you have implemented. The Outlook Web Access Administration Tool will assist in deploying the policy settings to your OWA clients. Note: This lab exercise uses the following computers: VAN-ISA1, VAN-DC1, and VAN-CL1. Note: Perform the following steps on the VAN-DC1 computer. 1. Configure the Outlook Web Access Web service to require SSL. Exchange: Require secure channel (SSL) ExchWeb: Require secure channel (SSL) Public: Require secure channel (SSL) Note: Perform the following steps on the VAN-ISA1 computer. a. Log on to VAN-DC1 as Administrator with the password P@ssw0rd. b. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. c. In the IIS Manager console, expand VAN-DC1, Web Sites, Default Web Site, and then, in the left pane, select Exchange. d. Right-click the Exchange folder and then click Properties. e. In the Exchange Properties dialog box, on the Directory Security tab, in the Secure communications section, click Edit. f. In the Secure Communications dialog box, enable Require secure channel (SSL), and then click OK. g. Click OK to close the Exchange Properties dialog box. h. Repeat steps c g for the ExchWeb and Public folders. i. Close the IIS Manager. 2. Configure ISA Server 2004 to provide secure access to Outlook Web Access. a. In the ISA Server Management console, in the left pane, select Firewall Policy. b. In the details pane, select the first rule to indicate where the new rule will be added to the rule list. c. In the task pane, on the tab, click Publish a Mail Server. d. In the New Mail Server Publishing Rule Wizard dialog box, in the Mail Server publishing rule name box, type Outlook Web Access, and then click Next.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback