Set Windows NT Permissions for EFT
After you have created a new Windows user account for EFT, use Windows' permissions to set the permissions for folders, files, or drives for the account. Permissions should be as restrictive as possible while still allowing EFT enough permission to run.
Using Windows NT’s permissions, set the permissions for files or drives of this user to be as restrictive as possible, while still allowing EFT to run. After carefully determining which files and network folders your users will need to access, gradually increase the permissions.
Make sure that full permissions are granted to the EFT service domain user account for the following locations:
-
Installation folder
-
Application data folder
-
Windows Temp folder
-
Any shared drive paths required by EFT
-
Any output directories that EFT may need to read/write files to
-
The Windows Registry
If you run into permissions issues, run Process Monitor or similar tools and isolate non-success results caused by cftpsai.exe, cftpstes.exe, gsawe.exe, and any other EFT-related processes.
Using NT Authentication, user permissions override EFT's permissions. For example, if EFT has read-only access to folder1, but user John Doe has read and write permission to folder1, John Doe has the same permission when he accesses folder1 through EFT.
Windows NT permissions can be edited through the Security tab in the Properties of a file or folder. On the Security tab, select Permissions to display and edit the permissions for the object. The appearance of this dialog box is slightly different for files and directories, but in both cases, the following permissions can be granted to users or groups:
-
R (Read)
-
W (Write)
-
D (Delete)
-
P (Edit permissions)
-
O (Take ownership)
Keep in mind that you have the option to grant or withhold read and write permissions. Read-only permissions are the most secure, because they allow users to access a file, but not to change it. For example, most users will need limited read access to the Windows folders (C, WinNT); however, most FTP Servers will not need any access to these directories at all.
In addition to the individual permissions, Windows NT permissions also provide access levels that are pre-built sets of the existing permissions. Typically, you assign an access level to a user rather than granting individual permissions. One such access level is called "No Access," which does not contain any permissions.
To view and edit the permissions for a folder or file
-
In Windows File Explorer, right-click the file or folder, then click Properties.
-
On the Security tab, click Permissions. The appearance of this dialog box is slightly different for files and directories and for different versions of Windows (W2K, XP, etc.).
Ensure that the child folders and files in EFT's \InetPub\ (C:\InetPub\) directory have the correct permissions.
-
In Windows File Explorer, right-click the EFT user home folders directory (for example, C:\InetPub\), then click Properties.
-
In the Properties dialog box, click the Security tab, then click Advanced. The Advanced Security Settings dialog box appears.
-
On the Permissions tab, click Change permissions. The dialog box will refresh.
-
At the bottom of this tab, select the Replace all child object permissions entries with inheritable permission entries from this object check box. This will ensure that child objects will inherit the permissions of the selected object.
For more information about setting permissions to folders and files, refer to the Windows Help documentation for your specific operating system.