Does Exchange 2007 require the configure the Global .NET Trust Level at "FULL".
STIG for Exchange 2007 notes it as a finding if it at "FULL"
The production web-site must configure the Global .NET Trust Level.
An application's trust level determines the permissions granted by the ASP.NET Code Access Security (CAS) policy. An application with full trust permissions may access all resource types on a server