Safeguard your files
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Safeguard your files
To avoid phone book synchronization problems and to prevent unauthorized personnel from changing files and posting to the host server, you should secure the Phone Book Administrator (PBA) and Phone Book Service (PBS) folders.
Avoid synchronization and version problems during remote administration
For each phone book server, you must have only one PBA folder, which must reside on your primary PBA computer. One administration tool can post multiple phone books, each to a different server, but each phone book should be administered with only one PBA computer.
You can administer phone books from the primary PBA computer or from a remote computer. A remote computer could be a portable computer or other computer that you plan to use when you cannot administer from your primary PBA computer. For example, you might be traveling and need to administer from a laptop computer, or you may want to administer from one of several workstations located in your office. You can install PBA on any remote computer, but after installing PBA you must delete the PBA folder from the remote computer to avoid synchronization and version problems.
Deleting only the PBA folder prevents an accidental start of PBA from the remote computer, but it leaves the necessary system files intact.
Limit access to the PBS and PBA directories
Connection Point Services setup configures the PBS folder with default permissions. For added security, you should limit access to the PBS folder to specific users.
If you want only certain people to post phone books to the server, make sure that the primary PBA computer is secure by protecting the PBA folder.
For more information on securing your PBS and PBA directories, see Set Permissions.
If your primary PBA computer is used by several people, users who do not have access to the PBA folder still have a link to Phone Book Administrator on the Start menu. If these users click that link, a message box gives them a choice between deleting the link, fixing it, or canceling out of the message box. They must click Cancel. Do not allow them to delete or fix it. Deleting this link could delete it for everyone.