<div>
Al 3 comments agree on same, the longer it takes the better explanation.
</div>


Al 3 comments agree on same, the longer it takes the better explanation.

<div>
<div class="content wysiwyg-content">
Does Exchange 2007 require &nbsp;the configure the Global .NET Trust Level at &nbsp;&quot;FULL&quot;.<br />
STIG for Exchange 2007 notes it as a finding if it at &nbsp;&quot;FULL&quot;<br />
<br />
The production web-site must configure the Global .NET Trust Level.<br />
<br />
An application's trust level determines the permissions granted by the ASP.NET Code Access Security (CAS) policy. An application with full trust permissions may access all resource types on a server
</div>
</div>


Does Exchange 2007 require  the configure the Global .NET Trust Level at  "FULL".
STIG for Exchange 2007 notes it as a finding if it at  "FULL"

The production web-site must configure the Global .NET Trust Level.

An application's trust level determines the permissions granted by the ASP.NET Code Access Security (CAS) policy. An application with full trust permissions may access all resource types on a server

EXCHANGE 2007 sp3 ru17 Security Finding

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.