Re: Howto: Restrict W2k3 Fax service to a specific security group

From: Ananda Sarkar [MSFT] (anandsar_at_online.microsoft.com)
Date: 12/30/04 

Date: Thu, 30 Dec 2004 14:14:13 +0530

Open Fax Service Manager (Start | Run | Fxsadmin.msc), right click on Fax
(Local), click on properties, go to the Security Tab and set the ACLs there.
Note that if you remove EveryOne:Fax from this list, WS2k3 Fax won't work
unless you explicitly add NetworkService:Fax to the list. So, basically, you
need permissions for NetworkService. By default Everyone includes
NetworkService, hence the default setting won't explicitly add
NetworkService to the list.

All other group settings will work fine.

Thanks,
Anand 

-- 
Ananda Sarkar
Microsoft Printing, Imaging and Fax Team
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Rob" <rjohn@sw.rr.com> wrote in message
news:Oo5$J%23M3EHA.824@TK2MSFTNGP11.phx.gbl...
> It appears I can not use normal ACLs to restrict the ability to fax
through
> a W2k3 fax (member)server.  Previously tried and was unsuccessful.
>
> I did try the below and now everyone can fax, but this is not the desired
> outcome.
>
> try enabling the Security Option (from "Local Security
> Settings") for (Security Options) -> "Network Access: Let Everyone
> Permissions apply to anonymous users". The reason I suggest this is
because
> with the default security settings, even if you have faxing permissions
for
> everyone, that permission won't apply for anonymous users. This setting
> enables that. However, note that you will be changing a security setting
for
> the system - anonymous users will be always treated as part of everyone
for
> your system. So, be careful before you change this setting.
>
> I want to restrict this ability to a single security group on my domain.
Is
> this possible and what have I missed?
>
> Thanks,
>
> Rob
>
>

Relevant Pages

  • Re: about common group & user ID space (PR kern/14584)
    ... most security "extensions" I've seen contain relatively ... many applications exist that make strong ... permissions: uid 0 and the uid used to represent NOVAL in vop_setattr ... I should take a moment also to respond to your comments on ACLs. ...
    (FreeBSD-Security)
  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
    (Focus-Microsoft)
  • Re: Restricted User Group
    ... When you use runas the restricted identity is added to your security token. ... permissions in case you do not as the account you are logged on with. ... > entity in many of the registry ACLs. ...
    (microsoft.public.windows.server.security)
  • Re: [Python-Dev] Re: rexec.py unuseable
    ... > In designing a security policy for file systems, ... NT file system access permissions also ... they also have "change security descriptor" as a permission. ... > ACLs are a good match for these design specs. ...
    (comp.lang.python)
  • Re: Windows Firewall Wont Stay On
    ... I have come up with a solution that does not disable Security Center, ... By changing the Permissions of that key, ... settings from being changed again. ... the firewall alert settings in Security Center get ...
    (microsoft.public.windowsxp.help_and_support)