Hardening Servers and Applications for Office Communications Server 2007 R2
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
You should harden your operating system and applications according to best practices for that specific component.
Securing Application Servers
For applications servers, the operating system and the application should be hardened. For example, a Windows Server 2003 computer dedicated to running Microsoft Internet Security and Acceleration (ISA) Server 2006 should be hardened from the operating system and from the application perspective. Minimizing the number of services running and provided by the server should be a primary goal.
Group Policy
In Windows Server 2003 and Windows Server 2008, Group Policy provides directory-based desktop configuration management. You can use Group Policy to implement security lockdowns by defining Computer and User settings within a Group Policy object (GPO) for the following:
Registry-based policies
Security
Software installation
Scripts
Folder redirection
Remote installation services
To provide a user interface for the administrator to configure these settings, administrative templates are shipped with operating system releases, service pack releases, and some applications, including Office Communications Server 2007 R2.
The Communicator.adm file is an administrative template that ships with Office Communications Server 2007 R2, is installed to the %windir%\inf\ directory, and provides an interface for RTC client API and Messenger Group Policy Settings. Each setting in Communicator.adm corresponds to a setting in the registry that affects application behavior.
The settings can be accessed from GPedit.dll, which is accessible from the Active Directory Users and Computers console and the Group Policy Management Console (GPMC).
Group Policy Security Settings
Group Policy contains security settings for a GPO under Computer Configuration/Windows Settings/Security Settings when accessed from GPedit.dll. You can import security templates to configure security settings for the GPO. The Windows Server 2003 Security Guide at https://go.microsoft.com/fwlink/?LinkId=145240 and the Windows Server 2008 Security Guide at https://go.microsoft.com/fwlink/?LinkId=145186 contain a number of sample templates that you can modify to meet your needs. For details about these templates, see the Additional Resources at the end of this document.
Best Practices
Harden all server operating systems and applications.
Use Group Policy to implement security lockdowns.