Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 2000 group policy affecting MS Fax on Windows 2003

Status
Not open for further replies.
CatchTwentyTwo

CatchTwentyTwo

Technical User
Mar 27, 2006
18
Our network/domain is running off of Windows 2000 Servers, one of which is used for Group Policy administration. Recently, we’ve added a Windows 2003 Server member server to our domain. The primary function of this Windows 2003 server is to run a specialized software program that runs with our ERP. We are not planning on promoting it to a domain controller at this time.

The issue I’m having is with MS Fax on the Windows 2003 server. It is installed, the fax service is started and running, and I have a Fax printer setup and shared. The Administrator, network service, local service, and everyone accounts have full permissions assigned to the fax. However, I cannot access any of the configuration files for the fax. For example, in trying to open the Fax Service Manager, I get the message “Could not open a connection to the fax service. The fax service might not be started, or the computer name might be incorrect”. (I have verified that the fax service is started and the computer name is correct). I am getting other error messages as well (security permissions, access denied, connection to fax server cannot be made, etc.), which are described in the KB article 842207. This same article suggests adding the Network Service Account and Local Service Account to certain policy settings on the DC. However, these accounts do not exist in Windows 2000.

I made these changes in the Local Security Policy on the Windows 2003 Server (all except “Adjust memory quotas for a process” and “Generate security audits” – all the buttons (Add/Remove) are greyed out when opening these policies; however, the Administrator account is listed in this area).

On the Windows 2000 DC, in the domain group policy, there is no “Adjust memory quotas for a process”, “Generate security audits” includes the Administrator accounts, and “Log on as a service”/”Replace a process level token”/”Log on as a batch job” policies are “not defined”.

I have a feeling that the W2K group policy for our domain is affecting the W2K3 fax administration capabilities. Does anyone have any ideas on what needs to be changed or done with this scenario so I can administer the fax entities on my W2K3 server?

Any help or suggestions are greatly appreciated…been working on this one awhile…
 
Sort by date Sort by votes
have you checked
User Configuration > Administrative Templates > Windows Components > Microsoft Management Console > Restricted/Permitted snap-ins::FAX Service

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Upvote 0 Downvote
Thank you for your response! I have not tried that. Where is the User Configuration located, and do I look for it on the Windows 2000 Domain Controller or the Windows 2003 Member Server? Thanks!!
 
Upvote 0 Downvote
OK, I've found the Restricted/Permitted Snap-ins and enabled the FAX Service Policy (it was not configured). Is there something more I need to configure? I don't have a lot of experience with Group Policy, so I'm not sure what to do next.

Thanks!
 
Upvote 0 Downvote
Thats all you need to do to "enable the MMC snap in for FAX configuration", however I can not promise that this will fix your problem, to be honest, I've never even used a FAX (through computer), so wouldn't really know about troubleshooting them, cause i've never tried to configure it.

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Upvote 0 Downvote
Thanks for the info. It's gotten me a little further in the troubleshooting process. Unfortunately, just enabling it didn't solve the problem; I'm still getting all the access denied, etc. error messages on my W2K3 server. Thanks for the input, though, it is appreciated!
 
Upvote 0 Downvote
I solved the issue if anyone's interested:

On the W2K DC Group policy, I added the NETWORK, SERVICE, and ADMINISTRATOR accounts to GENERATE SECURITY AUDITS, LOG ON AS BATCH JOB, LOG ON AS A SERVICE, and REPLACE PROCESS LEVEL TOKEN.

Also, on the W2K3 server, right-click the FAX service, click the LOG ON tab, select THIS ACCOUNT, and enter NTAUTHORITY\NETWORK SERVICE as the account, and leave the password blank. APPLY, OK, restart service.

I now have all the access I need to my fax server.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
268
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
317
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
225
antonio_dsanchez
antonio_dsanchez
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
402
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
277
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top