Udostępnij za pośrednictwem


Hardening Servers and Applications for Office Communications Server 2007 R2

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

You should harden your operating system and applications according to best practices for that specific component.

Securing Application Servers

For applications servers, the operating system and the application should be hardened. For example, a Windows Server 2003 computer dedicated to running Microsoft Internet Security and Acceleration (ISA) Server 2006 should be hardened from the operating system and from the application perspective. Minimizing the number of services running and provided by the server should be a primary goal.

Group Policy

In Windows Server 2003 and Windows Server 2008, Group Policy provides directory-based desktop configuration management. You can use Group Policy to implement security lockdowns by defining Computer and User settings within a Group Policy object (GPO) for the following:

  • Registry-based policies

  • Security

  • Software installation

  • Scripts

  • Folder redirection

  • Remote installation services

To provide a user interface for the administrator to configure these settings, administrative templates are shipped with operating system releases, service pack releases, and some applications, including Office Communications Server 2007 R2.

The Communicator.adm file is an administrative template that ships with Office Communications Server 2007 R2, is installed to the %windir%\inf\ directory, and provides an interface for RTC client API and Messenger Group Policy Settings. Each setting in Communicator.adm corresponds to a setting in the registry that affects application behavior.

The settings can be accessed from GPedit.dll, which is accessible from the Active Directory Users and Computers console and the Group Policy Management Console (GPMC).

Group Policy Security Settings

Group Policy contains security settings for a GPO under Computer Configuration/Windows Settings/Security Settings when accessed from GPedit.dll. You can import security templates to configure security settings for the GPO. The Windows Server 2003 Security Guide at https://go.microsoft.com/fwlink/?LinkId=145240 and the Windows Server 2008 Security Guide at https://go.microsoft.com/fwlink/?LinkId=145186 contain a number of sample templates that you can modify to meet your needs. For details about these templates, see the Additional Resources at the end of this document.

Best Practices

  • Harden all server operating systems and applications.

  • Use Group Policy to implement security lockdowns.