After you have created a new Windows user account for EFT Server, use Windows' permissions to set the permissions for folders, files, or drives for the account. Permissions should be as restrictive as possible while still allowing EFT Server enough permissions to run.
After it is installed, EFT Server has access to local folders and files. To run it as a service with permissions to the network and mapped drives, you must create an NT account for EFT Server, assign the GlobalSCAPE EFT Server service to the account, and log EFT Server on as a service. Using Windows NT’s permissions, set the permissions for files or drives of this user to be as restrictive as possible, while still allowing EFT Server to run. After carefully determining which files and network folders your users will need to access, gradually increase the permissions.
|
|
Using NT Authentication, user permissions override EFT Server's permissions. For example, if EFT Server has read-only access to folder1, but user John Doe has read and write permissions to folder1, John Doe has those same permissions when he accesses folder1 through EFT Server. |
Windows NT permissions can be edited through the Security tab in the Properties of a file or folder. On the Security tab, select Permissions to display and edit the permissions for the object. The appearance of this dialog box is slightly different for files and directories, but in both cases, the following permissions can be granted to users or groups:
R (Read)
W (Write)
D (Delete)
P (Edit permissions)
O (Take ownership)
Keep in mind that you have the option to grant or withhold read and write permissions. Read-only permissions are the most secure, because they allow users to access a file, but not to change it. For example, most users will need limited read access to the Windows folders (C, WinNT); however, most FTP Servers will not need any access to these directories at all.
In addition to the individual permissions, Windows NT permissions also provide access levels that are simply pre-built sets of the existing permissions. Typically, you assign an access level to a user rather than granting individual permissions. One such access level is called "No Access," which does not contain any permissions.
T o view and edit the permissions for a folder or file
In Windows Explorer, right-click the file or folder, then click Properties.
On the Security tab, click Permissions. The appearance of this dialog box is slightly different for files and directories and for different versions of Windows (W2K, XP, etc.).
For more information about setting permissions to folders and files, refer to the Windows Help documentation for your specific operating system. (e.g., click Start > Help and Support, then search on keyword permission.)
