Certain security features in the HSM (e.g., password expiration and forced reset) are not compatible with the Secure Ad Hoc Transfer (SAT) module. If you are using the HSM and the SAT module with EFT Server, do one of the following:
Create a separate, non-PCI DSS Site that is used only for the Secure Ad Hoc Transfer module.
Create a Site with strict security settings for PCI DSS, but disable the features that are not compatible (which would take the Site out of compliance with the PCI DSS) and document any compensating controls.
Password expiration and forced password reset on initial login are features that help your Site remain in compliance with the PCI DSS; however, those same features can cause problems with the SAT module. If the administrator password expires or changes, the value stored in the SAT module's configuration file is no longer valid. Because the value stored in the configuration file is not plaintext, you cannot change it by typing the new password in the file.
The SAT module uses a temporary user account to upload files from the IIS computer to the temporary user's home directory on EFT Server. With a PCI DSS Site, a file cannot be uploaded using the temporary user account, because the password has not been reset on first logon, as required for PCI DSS compliance.
The recommended configuration is to create a non-PCI Site for exclusive use by the SAT module and disable the password expiration and forced reset options for the SAT administrator account. As always, if you have any questions or concerns regarding installing and configuring EFT Server for use with any of the modules, contact GlobalSCAPE Technical Support.