In order to secure your system, GlobalSCAPE recommends that you create an NT user account for the server and grant restrictive permissions to that user account. When you are assigning permissions to individual folders or directories in Windows NT, you may want to reference the following three rules. These rules differ somewhat from the VFS rules that govern CuteFTP Server permissions.
Three rules determine the permissions that are ultimately granted to a user in Windows NT:
Explicit denial: All users or groups assigned "No Access" have no access
If the user, or a group that the user is in, has been assigned "No Access", that user is explicitly prohibited from using the file, folder or drive. No other permissions will change this.
Cumulative permissions: Permissions are combined when a user is not explicitly denied access
If the user is not explicitly denied access, the user's permissions will be combined. For example, if user Cal is given read and write permissions for Folder1, and Cal is also in a group that is given execute permissions for that folder, then Cal will be able to read, write and execute files in Folder1.
Implicit denial: A user or group that has never been granted any access at all will not be given access
If the user, or a group containing the user, is not granted any permissions, that user or group will be denied access. Access must be specifically granted.