How to Register Exchange Server Role SCW Extensions: Exchange 2007 Help

©2009 Microsoft Corporation. All rights reserved.

How to Register Exchange Server Role SCW Extensions

Applies to: Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007 Topic Last Modified: 2009-07-15

This topic explains how to register the Security Configuration Wizard (SCW) extension for an Exchange 2007 server role in Microsoft Exchange Server 2007. The
SCW is a tool that was introduced with Microsoft Windows Server 2003 Service Pack 1. The SCW automates security best practices to reduce the attack surface
for a server. The Exchange Server role extensions enable you to use the SCW to create a security policy that is specific to the functionality that is required for
each Microsoft Exchange server role. The extensions are provided with Exchange 2007 and must be registered before you can create a custom security policy.

You must perform the registration procedure on each Exchange 2007 server to which you want to apply an SCW security policy. Two different extension files are
required for the various Exchange 2007 server roles. For the Mailbox, Hub Transport, Unified Messaging, and Client Access server roles, register the
Exchange2007.xml extension file. For the Edge Transport server role, register the Exchange2007Edge.xml extension file. For detailed information, see the
procedures later in this topic.

Before You Begin

Before you begin, you must follow these steps:

● Install an Exchange server role. For more information, see Deploying Server Roles [ http://technet.microsoft.com/en-us/library/aa997610.aspx ] .
● Install the SCW. For more information, see How to Install the Security Configuration Wizard [ http://technet.microsoft.com/en-us/library/aa997701.
aspx ] .

To perform the following procedures, the account you use must be delegated the following:

● Exchange Server Administrator role and local Administrators group for the target server

To perform the following procedures on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member
of the local Administrators group on that computer.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations
[ http://technet.microsoft.com/en-us/library/aa996881.aspx ] .

Note:
The Exchange 2007 SCW extension files are located in the %Exchange%\Scripts directory. The default Exchange installation directory is Program Files\Microsoft\Exchange
Server. This directory location may be different if you selected a custom directory location during server installation.

Important:
If you have installed Exchange 2007 in a custom installation directory, SCW registration still works. However, to enable the SCW, you must perform manual workarounds to
recognize the custom installation directory. For more information, see Microsoft Knowledge Base article 896742, After you run the Security Configuration Wizard in Windows
Server 2003 SP1, Outlook users may not be able to connect to their accounts [ http://support.microsoft.com/default.aspx?kbid=896742 ] .

http://technet.microsoft.com/en-us/library/bb124977(printer).aspx (1 of 3)11/28/2009 3:48:39 PM

How to Register Exchange Server Role SCW Extensions: Exchange 2007 Help

Procedure

To register the Security Configuration Wizard extension on a Windows Server 2003-based or Windows Server 2003
R2-based computer that is running the Mailbox, Hub Transport, Unified Messaging, or Client Access server role

1. Open a Command Prompt window. Type the following command to use the SCW command-line tool to register the Exchange 2007 extension with
the local security configuration database:

Copy Code
scwcmd register /kbname:Ex2007KB /kbfile:"%programfiles%\Microsoft\Exchange Server\scripts\Exchange2007.xml"

2. To verify that the command has completed successfully, examine the SCWRegistrar_log.xml file that is located in the %windir%\Security\Msscw
\Logs directory.

To register the Security Configuration Wizard extension on a Windows Server 2003-based or Windows Server 2003
R2-based computer that is running the Edge Transport server role

1. Open a Command Prompt window. Type the following command to use the SCW command-line tool to register the Exchange 2007 extension with
the local security configuration database:

Copy Code
scwcmd register /kbname:Ex2007EdgeKB /kbfile:"%programfiles%\Microsoft\Exchange Server\scripts\Exchange2007Edge.xml"

2. To verify that the command has completed successfully, examine the SCWRegistrar_log.xml file that is located in the %windir%\Security\Msscw
\Logs directory.

To register the Security Configuration Wizard extension on a Windows Server 2008-based computer that is
running the Mailbox, Hub Transport, Unified Messaging, or Client Access server role

1. Open an administrative Command Prompt window. Type the following command to use the SCW command-line tool to register the Exchange 2007
extension with the local security configuration database:

Copy Code
scwcmd register /kbname:Ex2007KB /kbfile:"%programfiles%\Microsoft\Exchange Server\scripts\Exchange2007_WinSrv2008.xml"

2. To verify that the command has completed successfully, examine the SCWRegistrar_log.xml file that is located in the %windir%\Security\Msscw
\Logs directory.

To register the Security Configuration Wizard extension on a Windows Server 2008-based computer that is
running the Edge Transport server role
http://technet.microsoft.com/en-us/library/bb124977(printer).aspx (2 of 3)11/28/2009 3:48:39 PM
How to Register Exchange Server Role SCW Extensions: Exchange 2007 Help

1. Open an administrative Command Prompt window. Type the following command to use the SCW command-line tool to register the Exchange 2007
extension with the local security configuration database:

Copy Code
scwcmd register /kbname:Ex2007EdgeKB /kbfile:"%programfiles%\Microsoft\Exchange Server\scripts\Exchange2007Edge_WinSrv2008.
xml"

2. To verify that the command has completed successfully, examine the SCWRegistrar_log.xml file that is located in the %windir%\Security\Msscw
\Logs directory.

For More Information

For more information, see the following topics:

● Using the Security Configuration Wizard to Secure Windows for Exchange Server Roles [ http://technet.microsoft.com/en-us/library/aa998208.aspx ]
● How to Install the Security Configuration Wizard [ http://technet.microsoft.com/en-us/library/aa997701.aspx ]
● How to Create a New Exchange Server Role SCW Policy [ http://technet.microsoft.com/en-us/library/aa998855.aspx ]
● How to Apply an Existing SCW Policy to an Exchange Server Role [ http://technet.microsoft.com/en-us/library/aa998838.aspx ]

Tags:

Community Content

Server 2008 Information Last Edit 4:45 AM by YngDiego777

If you are running Windows Server 2008, be sure to use the XML files that have _WinSrv2008 in them, as the XML files specified in the
article above are for Windows Server 2003 only and will not properly register.

Tags: windows 2007 exchange 2008 scw

http://technet.microsoft.com/en-us/library/bb124977(printer).aspx (3 of 3)11/28/2009 3:48:39 PM