Tech Tip: See how Exchange 2000 SP3 enhances security

Find out about Exchange Server 2000 Service Pack 3 security enhancements.

Exchange Server 2000 Service Pack 3 introduced some security enhancements designed to close vulnerabilities in the product. Specifically, SP3 removes Read access for the Everyone group from the Internet Information Services metabase and the Active Directory service.

Exchange 2000 SP3 also requires that the account utilized for upgrading stand-alone servers have Exchange Full Administrator rights to either the entire Exchange organization or at least to the server's administrative group.

How this affects your organization depends on what rights the account currently has, who assigns rights in your organization, and whether you're using Collaboration Data Objects (CDO) to send SMTP mail. If you already have Exchange Full Administrator rights in the organization or the administrative group, and you don't use CDO to send mail, the SP3 security enhancements won't prevent you from performing the upgrade, and they won't affect day-to-day operations.

However, if you don't have the necessary user account rights, you'll need to get them in order to upgrade your Exchange 2000 servers to SP3.

If you use CDO to send mail, you'll need to do some work to accommodate the new security context. Simply granting the Everyone group Read access again is not a recommended workaround because it reintroduces some of the security vulnerabilities that SP3 addresses.

For CDO workarounds and tips, check out Microsoft Knowledge Base article Q816789.

Editor's Picks

Free Newsletters, In your Inbox