I've poked around for a solid ansewr for this, but it seems that ISA server keeps popping up for the resolution which we don't have and won't be installing in the near future. Our current environment is Exchange 2003, and we will soon be migrating to Exchange 2010. Basically RPC over HTTP needs to be disabled per our security policy (whether we're running Exch2k3/2k10). Is there a central change that can be made to the back-end Exchange servers that will disable RPC over HTTP? Have any of you had to do this before? If so, what did you do? I'm just looking for ideas really, I'm sure our network team can disable RPC but will that break other functionality? Thanks!

Just disabling it period? Uninstall the rpc over http component.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

If you don't want use EPC\HTTP in 2003 or OA in 2010 then ensure RPC\HTTP is not enabled on 2003 servers. Do not enable Outlook Anyhere in 2010. RPC\HTTP component is installed before enabling on 2003 or 2010. Don't install the component

Very cool, thanks a bunch to both of you!