Certain security features in the HS-PCI module (e.g., administrator password expiration and forced reset) are not compatible with the Secure Ad Hoc Transfer Module. If you are using the HS-PCI module and the SAT module with EFT Server, you should create a separate, non-PCI DSS Site that is used only for the Secure Ad Hoc Transfer module. Alternately, you can disable the features that are not compatible, but that would take the Site out of compliance with the PCI DSS.
Administrator password expiration and forced reset are features that help your Site remain in compliance with the PCI DSS; however, those same features can cause problems with the SAT module. If the administrator password expires or changes, the value stored in the SAT module's configuration file is no longer valid. Since the value stored in the configuration file is not plaintext, you cannot change it by typing the new password in the file. (Refer to The Secure Ad Hoc Transfer Module help for the procedure for encoding the password, which you can then paste into the configuration file.)
The SAT module uses a temporary user account to upload files from the IIS computer to the temporary user's home directory on EFT Server. If the useProtocolForUpload value in the configuration file is set to anything other than -1 (file copy), the file cannot be uploaded to the temporary user account, because the password has not been reset on first logon, as required for PCI DSS compliance. When useProtocolForUpload is set to anything other than -1 (the default is 5), the force reset password feature should be disabled.
The "force users to reset their password on initial login" option can be enabled on an HS-PCI-enabled Site, if the useProtocolForUpload setting in the configuration file is set to -1 (which means File Copy). Since this is not the default option, an EFT Server administrator must edit the file. Also, setting useProtocolForUpload to -1 (File Copy) is only a viable option if both EFT Server and IIS are installed on the same computer or the EFTRootFolderUNCPath value in the configuration file, which is blank by default, specifies a remote path on which the IIS computer can access the EFT Server root folder. The available settings for the useProtocolForUpload value are:
-1 = File copy
0 = FTP
1 = FTPS_IMPLICIT
2 = FTPS_EXPLICIT
3 = SFTP2
4 = HTTP
5 = HTTPS
6 = SOCKS4
7 = SOCKS5
8 = FTPS_AUTH_TLS
The recommended configuration is to create a non-PCI Site for exclusive use by the SAT module and disable the password expiration and forced reset options. As always, if you have any questions or concerns regarding installing and configuring EFT Server for use with any of the modules, contact GlobalSCAPE Technical Support.