<< Click to Display Table of Contents >>
To make your fax transmissions secure, you can set up Zetafax so that users need to log on to access sent and received faxes. Once you do so, users can only access their own faxes after supplying the correct logon credentials. Security is set up in the Server settings section of the Zetafax Configuration program. Please read below for an explanation of how to set up user permissions.
The operation of the Zetafax Server is heavily based on files stored within the Zetafax Server folder structure. Protecting the integrity of Zetafax user data is therefore largely a matter of applying the appropriate permissions to folders within this file structure.
Folder and file security requires the NTFS file system. As a consequence, enhanced security is only available on NT-family operating systems (Windows 8, Windows 7, Windows Vista, Windows XP, Windows 2003 Server, etc.). In addition, all the relevant Zetafax folders must be on NTFS-formatted partitions.
The Zetafax Server service
In order to run with enhanced security, the Zetafax Server must be configured to run as a service. This ensures that the Zetafax Server always runs as the account set in the service properties. This account will be given the necessary rights over the Zetafax Server folder structure. Note that the service cannot be set to run as 'LocalSystem' if enhanced security is to be used.
The Zetafax Admin's group
When enhanced security is applied, a new NT Group, the Zetafax Admin's group, is created. If the Zetafax Server Service account is local to the host computer, this group will be a local group, otherwise this group is a global group. The Zetafax Server service account is added to the group, as is the account of the logged in user — this is assumed to be the appropriate administrator account for the Zetafax Server. Users should ensure that the account they are logged in as is one they would be happy to have added to the Zetafax Admin's group. Note also that if the service account is global but the user is logged in with a local account, the creation of the Zetafax Admin's group will fail as local accounts cannot be added to global groups.
The Zetafax Admin's group will be given wide-ranging rights over the Zetafax Server folder structure. This is necessary for the Zetafax Server to function and for the administrator to continue to perform tasks such as configuring the Zetafax Server, adding users, etc. It also means that anyone logged in with an account that is a member of the Zetafax Admin's group could access confidential information from Zetafax user accounts, so appropriate precautions need to be taken (e.g. only authorized people are given the relevant administrator and service account passwords).
In general, all Zetafax user accounts should be associated with an NT user account. This NT account is then given Full Control over that Zetafax user's folder. No other user (aside from members of the Zetafax Admin's Group) has any access to these folders. Note however that if the Zetafax account is not associated with an NT account, no security is applied to this account.
When a Zetafax Group is created, no security is applied to its folders. The first time a Zetafax user is added to the group, security is applied so that only that user and the Zetafax Admin's Group have access to the group's folders. When subsequent Zetafax users are added to the group, they also get access to the group folders. This access is removed if the Zetafax user is removed from the group. Note that the above only applies when the Zetafax users are associated with NT accounts. If a Zetafax group includes no Zetafax user associated with an NT account, then no security is applied to the group folders.
The Email Gateway
In general the security of the Email Gateway will depend on the email system concerned. With the Microsoft Exchange Email Gateway there is one extra issue administrators should be aware of. Two folders are created for temporary files used for communication between the Zetafax Exchange Connector and the Zetafax Server. Because these temporary files could contain sensitive information, administrators should set appropriate permissions on these folders. The Zetafax Admin's group and the account the Zetafax Exchange Connector run as should both have full access to these folders.
Auto submit, archiving and LCR
It is possible for administrators to specify folders for these features which will contain information from users' fax messages (although these will be only temporary for LCR and Auto submit). If these folders are within the Zetafax file system under the 'Server' folder (as they are by default), the enhanced security will be applied to these folders. If these folders are locate elsewhere, the administrator will need to apply security manually to these folders. Note that the Zetafax Admin's group will need full access to these folders.