Title

The Exchange Public Store storage quota must be limited. (Cat III impact)

Discussion

This setting controls the maximum sizes of a public folder and the system’s response if these limits are exceeded. There are two available controls and the system response when the quota has been exceeded. The first control sends an email warning to Folder Owners roles, alerting them that the folder has exceeded its quota. The second level prevents posting any additional items to the folder. As a practical matter, Level 1 serves the purpose of prompting owners to manage their folders. Level 2 impedes users in their ability to work and is not required where folder use interruption is not acceptable. Public Folder Storage Quota Limitations are not a substitute for overall disk space monitoring.

Check Content

If public folders are not used, this check is not applicable. Review the Email Domain Security Plan (EDSP). Determine the value for ProhibitPostQuota. Open the Exchange Management Shell and enter the following command: Get-PublicFolderDatabase | Select Name, Identity, ProhibitPostQuota If the value of ProhibitPostQuota is not set to the ProhibitPostQuota values documented in the EDSP, this is a finding.

Fix Text

Update the EDSP. Open the Exchange Management Shell and enter the following command: Set-PublicFolderDatabase -Identity <'IdentityName'> -ProhibitPostQuota <'QuotaLimit'> Note: The <IdentityName> and <QuotaLimit> values must be in quotes.

Additional Identifiers

Rule ID: SV-207322r961422_rule

Vulnerability ID: V-207322

Group Title: SRG-APP-000367

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.