Hi Tom, Thanks for the rapid response. Could you elaborate on how enabling the Server Service increases the attack surface of the bastion host? (you may respond to my email, ranjit@xxxxxxxxxxx, if you prefer). I'm guessing that it opens up RPC on the external interface more than the Exchange RPC filter does. Do you think the registry could be modified to prevent this (e.g. limiting RPC access on the external interface)? I'd also like to extend my thanks to you and prolific posters like Jim Harrison (no offense to any other unmentioned helpful poster) on increasing transparency on these relatively opaque Microsoft products. Ya'll really help us workhorse implementers meet the demands of Management (a strange preference for M$ over open-source solutions). Thank You. Peace. Ranjit