HOW TO: Setup the Exchange email Gateway with enhanced security
This Zetafax technical note applies to:
Zetafax 8.0.1 includes a new feature called 'Enhanced Security' which allows System Administrators to apply security to their Zetafax Installations automatically. The applied security does not however fully cover the Email Gateway part of the Zetafax system; so this will require manual intervention by the System Administrator.
One component of the Email Gateway includes the Connector, which is installed on the Exchange server. The server communicates with the Zetafax Server by exchanging files that are copied to and read from the Connector's 'In' and 'Out' folders.
In order to complete the application of security some level of security will need to be applied to these folders, however for the Zetafax Connector to function correctly the account that the Zetafax connector service is running as will still need to have access to these folders (this will be a service running on the Microsoft Exchange server system).
Typically the Zetafax Server will be running as a Global NT Account, in which case a Global 'Zetafax Admins' NT Group will have been created as part of the Enhanced Security. This group should be given "Full Control" level access to both these folders.
If the Connector is also running as a Global NT Account then this account could be added to 'Zetafax Admins' Group, if however the account is a local user then it will have to given 'Full control" on these folders explicitly.
Note: that if the Zetafax Server Service has been configured to run as LocalSystem (on the Zetafax Server) account and security has been applied, then the Zetafax Admins Group will be a Local Group on the Zetafax Server System. In this case it is advisable to create a global Zetafax user and reconfigure the Zetafax Server Service to run as this user.
Finally do not change the account the connector service is running as, because this is normally the same as the other Microsoft Exchange services so that it can function correctly.
In general no other NT Accounts or Groups should be given any level of access to these folders.
Last verified: 15 December 2005 (MS)
First Published: 7 August 2003 (GES/SV)