MailEnable Support Hotfix
=========================
Version: ME-10031
Release: 2 April 2007

Note: Server Security Hardening Patch for Professional and Enterprise versions (prior to Version 2.4).

MODULE PATCH

This patch hardens the MailEnable installation to minimize the risk of exploitation of MailEnable Services. 
The patch creates a new user called IME_SYSTEM that is responsible for running MailEnable protocol services.
The IME_SYSTEM account has significantly lower priviledges to the LOCALSYSTEM user (which is the default account used to run MailEnable Services).
The installation also creates a new group called the IME_STORE_USERS group.
This group is granted full control to the MailEnable Message Store, and IME_SYSTEM is a member of that group.
The process of granting the IME_STORE_USERS group full control of the message store can be very time consuming because it needs to reset the ACLs on all objects int he message store.
It is advisable to perform this operation off-peak.

Installation:
-------------
1. To install this update, you can simply run the update executable by double clicking on it.

Notes:
------
If you wish to re-run the hardening process, you can do so with the following command:

MEInstaller.exe {Password} HARDEN IME_SYSTEM

The above command is also useful to reset the password for IME_SYSTEM should you wish to have a common IME_SYSTEM password among cluster members.


Roll Back Procedure:
-------------------

If you should experience problems with this update, you can run the MEInstaller.exe application in your MailEnable BIN directory and select 
the option to "Remove Strict Server Security Policy" (Option 10 from the menu).

Ideally you should reboot your server after the update has been made.
You should restart all MailEnable Services having changed the security policy of the server.