Exchange management policies?

Exchange management policies?

Post by wayn » Thu, 06 Dec 2001 22:54:42

I'm looking for some info on policies being applied to management of
Exchange environments, especially wrt storage and retention policies (sort
of moving towards information management).

I have seen some customers who make significant efforts to limit maximum
storage per account e.g. 50Mb or 100Mb limits. These folks also tend to have
pretty tight control on record destruction -messages over some age e.g. 6 or
12 months are purged. They also tend to minimise use of public folders.

Though I haven't seen a policy-free environment there's clearly a position
that could be adopted at the other end of the scale where storage management
and destruction policies are soft or absent, there's widespread use of
public folders etc. -in effect encouraging users to "live in Exchange".

So I'm seeking some examples of policy frameworks to develop options for
deployment. One specific target I have is deployment in a rather
laissez-faire environment where there is limited desire to minimise storage
size but there is a need to a) introduce clear record destruction policies
and b) secure selected message content for long term archiving.

So, sorry it's soft and woolly but any offers of info or pointers to case
studies etc. would be gratefully received.



1. Key Management Server, Certificate Server and the Exchange Server Policy module


I'm trying to set up a decent PKI at my organization using Microsoft's tools
and I've run into a roadblock. When I'm installing the requisite software
for the Exchange KM server I keep reading about making sure that the
Microsoft Exchange Server policy module is installed in the Certificate

Now the Certificate Server is installed OK- I can generate certificates with
it just fine. When I install the KM server on exchange I keep waiting for it
to ask me about the CA [at which point I'll direct it to Certificate
Server], but it never happens.

The KM also installs, but I don't think it has anything to do with the
Certificate Server CA. The CA is called "CA" and not "OrganizationCA". So I
think I'm just duplicating infrastructure here when I'd really like to use
just 1 CA for the entire PKI.

In the public certificates directory there is a file called
MACHINE_OrganizationCA_Exchange.crt [names have been made generic]. It seems
a lot like the MACHINE_OrganizationCA.crt file that I used to initialize the
root authority. But whenever I try to use it I get an invalid certificate
notice. Is this the certificate I should use as the root Certificate for my

I've searched everything I can think of for some clue on where to find this
module and come up empty handed.

Has anyone done this and made it work? Any help appreciated.


2. Problem with delivery to mailbox

3. Policy Management

4. problems with character sets - trying again

5. Default Mailbox store policy vs Individual Mailbox Store Policy

6. articles Q176771 and Q181420

7. Recipient policies based on group policy

8. Public Folder

9. Default Policy In Recipients Policy

10. Domain Security Policy / Domain Controller security Policy

11. Clearing Automatically Update email policies based on recipient policies in code

12. Key Management Server, Certificate Server and Exchange Policy Module???