28 Security Operations for Microsoft Exchange 2000 Server Exchange Server Policies It is possible to define a large number of security settings in Windows 2000, includ- ing auditing, security options, registry settings, file permissions and services. In Security Operations for Microsoft Windows 2000 Server we make suggestions for many of these settings and these recommendations do not need to be changed for Ex- change 2000. The main area where additional settings are applied is for services, although we also make some file permission changes. As they reside in OUs below the Member Servers OU, the Exchange servers inherit settings defined in the Member Server Baseline Policy. The Exchange policies modify those settings in two ways. First, some services that are not required for basic Windows 2000 functionality are needed for successful Exchange 2000 opera- tions. Second, Exchange 2000 introduces a number of extra services, not all of which are required to allow the Exchange servers to function in their particular roles. Note: Although not explicitly mentioned in the Exchange incremental policies, Network News Transfer Protocol (NNTP) is disabled by the Windows 2000 Member Server Baseline Policy. This service is required to install Exchange, but it is not needed for Exchange operations unless you require newsgroup functionality.