Hello, We are being asked to make sure that our exchange 2007 mailbox server are locked down. We noticed that there are some shares called address and are open as a read to everyone. Are ther needed for exchange 2007? What is their pupose? If yes, can they be hidden shares and locked down evn more without affecting anythis else like?

Please don't mess with default shares; you'll just break things. You are welcome to run the Exchange Security Configuration Wizard (SCW) as described here: http://technet.microsoft.com/en-us/library/aa998208(EXCHG.80).aspx You can learn more about securing Exchange 2007 by reading the Exchange 2007 Security Guide, here: http://technet.microsoft.com/en-us/library/bb691338(EXCHG.80).aspxEd Crowley MVP "There are seldom good technological solutions to behavioral problems."

Those are created during the install. Old article: http://support.microsoft.com/kb/147376 I dont see any reason to mess with them.

I’ve taken a bit of time researching this and also only found the links above. From what I can tell the shares aren’t used under normal conditions, but since I’m not sure I’d leave them alone too. But it does make you wonder what they are for. RUS is gone (one of the references to the share) and another reference was for a notes connector, which is also not likely used. Anyone know what this share does in Exchange 2010? Mike Crowley Check out My Blog!

I understand we are not supposed to mess with things but that's not an answer people (management in this case) would like to hear. I need to let them know exactly why we should leave that share alone even though it's not being used in exchange 2007. Or is it? If it's there in a pure exchange 2007 enevironment then it must be shared for a reason? the question is what? Is the proxy address generator using it in exchange 2007? if yes, can soneone elaborate?

Agreed. This essentially is my question as well. Ed and Andy, perhaps you could use your MVP powers to look at some internal stuff and figure out what these do? :) I can't find anything online with a current justification in the 2007+ world. Mike Crowley Check out My Blog!

Those dlls are shared so that 3rd party apps can generate addresses. Anything that isnt SMTP based is considered Custom and will need the appropriate dll to generate the address. Those need to match up with what is set for the Addressing types in AD ( Under the Config container Exchange Objects So, that is why they still exist in 2007/2010. Sharing those directories allows for remote apps to generate the address by using the shared dlls. Note that they are localized versions of those files if you install the 2010 Complete Language. Hence the warning about letting them be. :) Described here in more detail: http://technet.microsoft.com/en-us/library/bb232171.aspx In Exchange, all non-SMTP e-mail addresses are considered custom addresses. Exchange doesn't provide unique dialog boxes or property pages for X.400, GroupWise, or Lotus Notes e-mail address types. If you add a non-SMTP custom e-mail address, you must have the appropriate dynamic-link library (DLL) files. If you don't provide the appropriate DLL files, you won't be able to create a customized e-mail address policy. The following error will be logged in Event Viewer: "The e-mail address description object in the Microsoft Exchange directory for the 'SADF' address type on 'i386' machines are missing

Thank you for the explanation. I would have loved to see an option during the setup which asks if you will be using any third party apps. If yes then you know that you will be sharing those directories (at your own risk :) ), if not then they will not be shared and everybody is happy...Maybe something for SP2???

The permissions are read-only for authenticated users, so I dont think there is any security issues.

Thanks Andy! I was looking for articles with the shared path in them, but that note was a good find. An article discussing all data shares and their purposes (not just presence) would be a good idea! Mike Crowley Check out My Blog!

On Mon, 20 Sep 2010 17:40:08 +0000, AndyD_ wrote: > > >The permissions are read-only for authenticated users, so I dont think there is any security issues. IIRC, the contents of the "address" directory/share are replicated between the servers. Adding a new address type, or updating an existing one, is only necessary on one server -- the others will receive the addition/update too. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP