Howto: Restrict W2k3 Fax service to a specific security group

[Rob]

It appears I can not use normal ACLs to restrict the ability to fax through
a W2k3 fax (member)server. Previously tried and was unsuccessful.

I did try the below and now everyone can fax, but this is not the desired
outcome.

try enabling the Security Option (from "Local Security
Settings") for (Security Options) -> "Network Access: Let Everyone
Permissions apply to anonymous users". The reason I suggest this is because
with the default security settings, even if you have faxing permissions for
everyone, that permission won't apply for anonymous users. This setting
enables that. However, note that you will be changing a security setting for
the system - anonymous users will be always treated as part of everyone for
your system. So, be careful before you change this setting.

I want to restrict this ability to a single security group on my domain. Is
this possible and what have I missed?

Thanks,

Rob

 

[Ananda Sarkar [MSFT]]

Open Fax Service Manager (Start | Run | Fxsadmin.msc), right click on Fax
(Local), click on properties, go to the Security Tab and set the ACLs there.
Note that if you remove EveryOne:Fax from this list, WS2k3 Fax won't work
unless you explicitly add NetworkService:Fax to the list. So, basically, you
need permissions for NetworkService. By default Everyone includes
NetworkService, hence the default setting won't explicitly add
NetworkService to the list.

All other group settings will work fine.

Thanks,
Anand

--
Ananda Sarkar
Microsoft Printing, Imaging and Fax Team

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.