Windows Account for the EFT Server Service

The EFT Server service must have full administrative rights to the folder in which you install EFT Server and to the location in which the users' home folders are stored. The EFT Server service must also have administrative rights to map a virtual folder to a network drive. With administrative rights, the service can save all of your settings. If the service does not have administrative rights, you will lose settings and user accounts whenever you restart the EFT Server service, and you will need to reset permissions on the computer on which the EFT Server service is running. After it is installed, EFT Server has access to local folders and files. To run EFT Server as a service with permissions to the network and mapped drives, you must create an NT account for EFT Server, assign the Globalscape EFT Server service to the account, and log EFT Server on as a service. Security policies should allow for user accounts to log in locally.

If you are using AD Authentication, refer to Local Security Policy Setting when Using Active Directory Authentication for more information about configuring EFT Server on an AD network. Consult with your AD network administrator for assistance, if necessary.

After you have installed EFT Server, created a Windows account for EFT Server, and assigned permissions to the account, you should edit the service itself so that it will not run as a "System Account" (the default account choice). Running the service as System Account poses the potential hazard of giving users complete access to your system.

Creating a Windows User Account for EFT Server

To create a user account in Windows

  1. After you install EFT Server, open the Computer Management console.

  2. Expand the Local users and Groups node, right-click Users, then click New User. The New User dialog box appears.

  3. Create a user account for EFT Server (e.g., EFTUser), clear the User must change password at next logon check box, then click Create, then click Close.

  4. Close the Computer Management console.

  5. In Administrative Tools, click Local Security Policy. The Local Security Policy dialog box appears.

  6. Expand the Local Policies node, then click User Rights Assignment.

  7. In the right pane, in the Policy column, double-click Act as part of the operating system. The Properties dialog box appears.

  8. Click Add user or Group. The Select Users or Groups dialog box appears.

  9. Select the new user you just added (e.g., EFTServer), click Add, then click OK.

  10. If necessary, assign permissions for this user account in Windows.

  11. Assign EFT Server to the new user account and log EFT Server on as a service.

Set Windows NT Permissions for EFT Server

After you have created a new Windows user account for EFT Server, use Windows' permissions to set the permissions for folders, files, or drives for the account. Permissions should be as restrictive as possible while still allowing EFT Server enough permission to run.

Using Windows NT’s permissions, set the permissions for files or drives of this user to be as restrictive as possible, while still allowing EFT Server to run. After carefully determining which files and network folders your users will need to access, gradually increase the permissions.

Using NT Authentication, user permissions override EFT Server's permissions. For example, if EFT Server has read-only access to folder1, but user John Doe has read and write permission to folder1, John Doe has the same permission when he accesses folder1 through EFT Server.

Windows NT permissions can be edited through the Security tab in the Properties of a file or folder. On the Security tab, select Permissions to display and edit the permissions for the object. The appearance of this dialog box is slightly different for files and directories, but in both cases, the following permissions can be granted to users or groups:

Keep in mind that you have the option to grant or withhold read and write permissions. Read-only permissions are the most secure, because they allow users to access a file, but not to change it. For example, most users will need limited read access to the Windows folders (C, WinNT); however, most FTP Servers will not need any access to these directories at all.

In addition to the individual permissions, Windows NT permissions also provide access levels that are simply pre-built sets of the existing permissions. Typically, you assign an access level to a user rather than granting individual permissions. One such access level is called "No Access," which does not contain any permissions.

To view and edit the permissions for a folder or file

  1. In Windows Explorer, right-click the file or folder, then click Properties.

  2. On the Security tab, click Permissions. The appearance of this dialog box is slightly different for files and directories and for different versions of Windows (W2K, XP, etc.).

For more information about setting permissions to folders and files, refer to the Windows Help documentation for your specific operating system. (e.g., click Start > Help and Support, then search on keyword permission.)

Assigning the Service to a Windows User Account

To assign the service to a Windows user account

  1. Click Start > Run, type services.msc, then press ENTER.

  2. Right-click EFT Server or EFT Server Enterprise, then click Properties.  

  3. Follow the Windows Operating System procedures for selecting an account under which the service will run.