THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT v6.x and later
DISCUSSION
For best security, you should set the least permissions necessary to run EFT on Windows Server 2008 and Windows Server 2012. Instructions are provided below.
Service account permissions for EFT to run on a Windows Server 2008/2012
·Directories (Paths listed are default. Your directories may differ.): | |||
oInstallation Directory (FULL Permissions) | |||
§C:\Program Files (x86)\GlobalSCAPE\EFT Server | |||
§C:\Program Files (x86)\GlobalSCAPE\EFT Server Enterprise | |||
oConfiguration Directory (FULL Permissions) | |||
§C:\ProgramData\GlobalSCAPE\EFT Server | |||
§C:\ProgramData\GlobalSCAPE\EFT Server Enterprise | |||
oWindows Temp Directory (FULL Permissions): | |||
§C:\Windows\Temp | |||
oEFT Site Root directories (FULL Permissions): | |||
§C:\inetpub\EFTRoot (default) | |||
·Registry Entries | |||
oFULL Permissions | |||
32-bit systems: | |||
§HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE | |||
§HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc. | |||
§HKEY_LOCAL_MACHINE\SOFTWARE\Network Automation | |||
64-bit systems: | |||
§HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE | |||
§HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc. | |||
§HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Automation | |||
oREAD permissions | |||
§HKEY_CLASSES_ROOT | |||
§HKEY_USERS | |||
·COM Permissions (dcomcnfg.exe). Set the following permissions | |||
oGSPGP | |||
§Allow Local Launch | |||
§Allow Local Activation | |||
§Allow Local Access | |||
§Allow Read Configuration | |||
oGSAWE | |||
§Allow Local Launch | |||
§Allow Local Activation | |||
§Allow Local Access | |||
§Allow Read Configuration | |||
oGSAWE_CLASS_INTERPRETOR | |||
§Allow Local Launch | |||
§Allow Local Activation | |||
§Allow Local Access | |||
§Allow Read Configuration | |||
Also refer to Security Best Practices in the EFT help.