ExAdmin does not have correct permissions in the ExAdmin Virtual Server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18807	EMG2-269 Exch2K3	SV-20536r1_rule	ECLP-1	Medium

Description
The principle of Least Privilege ordinarily requires analysis to ensure that users and processes are granted only as much privilege as is required to function effectively, but no additional privileges that could enable mischief, either accidental or intentional. The ExAdmin Virtual Directory enables web access to E-mail and public folder documents for the Exchange 2003 System Manager. No users access this part of the application. This control determines whether the ExAdmin user will have read, write, script source access, and/or directory browsing capabilities under this virtual server. ExAdmin requires read, write, script source access, and directory browsing permissions since these are required for all of Exchange Web access.

Description

The principle of Least Privilege ordinarily requires analysis to ensure that users and processes are granted only as much privilege as is required to function effectively, but no additional privileges that could enable mischief, either accidental or intentional. The ExAdmin Virtual Directory enables web access to E-mail and public folder documents for the Exchange 2003 System Manager. No users access this part of the application. This control determines whether the ExAdmin user will have read, write, script source access, and/or directory browsing capabilities under this virtual server. ExAdmin requires read, write, script source access, and directory browsing permissions since these are required for all of Exchange Web access.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22517r1_chk )
Validate that user permissions to ExAdmin are set correctly. Procedure: Exchange system Manager >>Administrative Groups>> [administrative group]>> Servers >> [server name] >> protocols >> HTTP >> Exchange Virtual Server >> ExAdmin >> Properties >> Access tab For Access Control, ‘Read, write, script source access, directory browsing’ should be selected. Criteria: If Access control is configured for ‘Read, write, script source access, directory browsing’ this is not a finding.

Check Text ( C-22517r1_chk )

Validate that user permissions to ExAdmin are set correctly.

Procedure: Exchange system Manager >>Administrative Groups>> [administrative group]>> Servers >> [server name] >> protocols >> HTTP >> Exchange Virtual Server >> ExAdmin >> Properties >> Access tab

For Access Control, ‘Read, write, script source access, directory browsing’ should be selected.

Criteria: If Access control is configured for ‘Read, write, script source access, directory browsing’ this is not a finding.

Fix Text (F-19467r1_fix)
Configure permissions in the ExAdmin virtual server. Exchange system Manager >>Administrative Groups>> [administrative group]>> Servers >> [server name] >> protocols >> HTTP >> Exchange Virtual Server >> ExAdmin >> Properties >> Access tab >> Access control Select ‘Read, write, script source access, directory browsing’.