Modify Settings for a Scan Server
Applies To: Windows Server 2008 R2
From a computer running Windows Server 2008 R2, you can modify the configuration settings for a scan server using the Scan Server Configuration Wizard.
To modify settings for a scan server
Open Server Manager.
In the left pane, click Roles and then click Print and Document Services.
In the right pane, click Scan Server Configuration Wizard.
Follow the instructions in the Scan Server Configuration Wizard to change the scan server service account, scanned document settings, document delivery used, server authentication certificate, and user security settings.
To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
You can also run the Scan Server Configuration Wizard on the local server from the command line. Click Start, click Run, and then type:
Use Remote Desktop to run the Scan Server Configuration Wizard on a remote server.
The scan server service account is created with more permissions than are required to run scan processes. Only Write and List permissions are needed in order to run scan processes. You should consider removing unneeded permissions from the service account.
You can update the settings for Active Directory objects by using the Security tab, which is accessed from Active Directory Users and Computers (click View, and then click Advanced Features). As a best practice, a member of the Domain Admins security group should create a group for creating scan processes (for example, a group called Scan Process Admins). We recommend that you grant the following permissions for the PSP container:
Domain Admins: Full control (inherited by child objects)
Scan Process Admins: Full control (inherited by child objects)
Account under which DSM is running: Read (inherited by child objects)
Authenticated Users: Read (not inherited by child objects)
You should always select a certificate issued by a certification authority (CA) that is trusted by clients and devices connecting to the scan server. The subject name of the certificate must match the fully qualified domain name (FQDN) of the scan server.