Mailboxes and messages are not retained until backups are complete.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18723	EMG2-340 Exch2K3	SV-20389r1_rule	ECSC-1	Medium

Description
Backup and recovery procedures are an important part of overall system availability and integrity. Complete backups reduce the chance of accidental deletion of important information, and ensure that complete recoveries are possible. It is not uncommon for users to receive and delete messages in the scope of a single backup cycle. This setting ensures that at least one backup has been run on the mailbox store before the message physically disappears. By enabling this setting, all messages written to recipients who have accounts on this store will reside in backups even if they have been deleted by the user before the backup has run.

Description

Backup and recovery procedures are an important part of overall system availability and integrity. Complete backups reduce the chance of accidental deletion of important information, and ensure that complete recoveries are possible. It is not uncommon for users to receive and delete messages in the scope of a single backup cycle. This setting ensures that at least one backup has been run on the mailbox store before the message physically disappears. By enabling this setting, all messages written to recipients who have accounts on this store will reside in backups even if they have been deleted by the user before the backup has run.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22444r1_chk )
Ensure that mailbox retention for backups are complete. Procedure: Exchange System Manager >>Administrative Groups >> [administrative group] >> Servers >> [server name]>> [storage group] >> Mailbox store [server name] >> Properties >> Limits tab >> Deletion settings The “Do not permanently delete mailboxes and items until the store has been backed up” should be selected. Criteria: If “Do not permanently delete mailboxes and items until the store has been backed up” is selected, this is not a finding.

Check Text ( C-22444r1_chk )

Ensure that mailbox retention for backups are complete.

Procedure: Exchange System Manager >>Administrative Groups >> [administrative group] >> Servers >> [server name]>> [storage group] >> Mailbox store [server name] >> Properties >> Limits tab >> Deletion settings

The “Do not permanently delete mailboxes and items until the store has been backed up” should be selected.

Criteria: If “Do not permanently delete mailboxes and items until the store has been backed up” is selected, this is not a finding.

Fix Text (F-19372r1_fix)
Configure messages and mailboxes for backups. Procedure: Exchange System manager >>Administrative Groups >> [administrative group] >> Servers >> [server name]>> [storage group] >> Mailbox store [server name] >> Properties >> Limits tab >> Deletion settings Select “Do not permanently delete mailboxes and items until the store has been backed up”.