Title

ExAdmin is configured for Secure Channels and Encryption. (Cat III impact)

Discussion

ExAdmin Virtual Directory is used by the Exchange System Manager to access mailboxes and Public Folders. Users do not directly access the ExAdmin Virtual Directory. This feature controls the security setting used to determine whether client machines should be required to connect to this virtual directory using secure channels and encryption. The services that use the ExAdmin Virtual Directory do not support the use of secure channels. Secure channels should not be configured on this virtual directory, as it will effectively disable the Exchange Mail and Public Folder functionality.

Check Content

Ensure that ExAdmin Virtual Directory is using correct security. Procedure: IIS Manager>> [Server name]>>Web Sites>>Default Web Site >> ExAdmin >>Properties >> Directory Security Tab >> Secure Communications >> Edit Button All checkboxes should be cleared. Criteria: If all security checkboxes are cleared, this is not a finding.

Fix Text

Configure ExAdmin Security. Procedure: IIS Manager>> [Server name]>>Web Sites>>Default Web Site >> ExAdmin >>Properties >> Directory Security Tab >> Secure Communications >> Edit Button Clear all checkboxes.

Additional Identifiers

Rule ID: SV-20502r1_rule

Vulnerability ID: V-18788

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.