Configuring Fax Security

Applies To: Windows Server 2008

After you install the Fax Server role, the Fax service runs using the Network Service account.

During setup, the following folders are created at <systemdrive>\ProgramData\Microsoft\Windows NT\MSFax:

  • ActivityLog

  • Common Coverpages

  • Inbox

  • Queue

  • SentItems

  • VirtualInbox

You can use the Properties dialog box of the folder to restrict access to or to restrict permissions for these folders, and you can transfer ownership of the folders or objects. You can also change the location for these folders as long as the permissions for the folders in the new location are the same as the permissions in the default location—full security permissions for the local Administrators account and the Network Service account are needed.

In addition, you can use Fax Service Manager to configure permissions for users who you have you have given access to the fax server, and you can enable and configure security auditing.

Additional considerations

To configure fax components, you must be a member of the Administrators group or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

Additional references