THE INFORMATION IN THIS ARTICLE APPLIES TO:
Using EFT's COM API to enforce specific settings inside of EFT so that they are enforced at all times
Often changing a setting in EFT is forgotten after it is saved and done. Wouldn’t it be helpful to enforce settings at all times to prevent security issues with folders or home folders?
Configure COM API
COM API is required for the any type of script to run and affect settings in EFT.
- Remote Admin must be enabled on the EFT server.
- Either the EFT administration interface must be installed or the DLLs must be on the system where the script is being run: C:\Program Files (x86)\Common Files\Globalscape\SFTPCOMInterface\
- User ID can be either a GS administrator account or AD auth can be used (if you have HSM module).
So how do we use the script to enforce settings?
Let’s start by breaking down the script.
Connecting to EFT:
CRLF = (Chr(13)& Chr(10))
txtServer = "localhost"
txtPort = "1100"
txtAdminUserName = "test"
txtPassword = "test"
txtSiteName = "EFT FTP"
txtSettingsLevel = "Default Settings"
Modify Security Settings:
In this case, let’s modify the 2 settings that need to be enforced.
oUser.SetHomeDir(-2) 'use home folder from Settings Template
oUser.SetHomeDirIsRoot(-2) 'use Treat home folder from Settings Template
*Note: it is very important to identify the Settings template that will be enforced. It is possible to enforce other templates using copies of the script.
From the above, the Home Directory and the Root Directory are being affected. A setting of -2 usually corresponds with the following behavior:
abFalse = 0
abInherited = -2
abTrue = 1
This means that both settings will be pulled from the PARENT, which is the Settings Template called “Default Settings.”
Why do you need to do this?
In all honesty, this isn’t required, however, it is recommended. This helps ENFORCE settings even if an admin "breaks" security by changing a setting. Using a PowerShell (not included) or a VB script like the one offered in this article allows you to create a very specific group policy for EFT. It is possible to enforce these settings with GS Auth, AD Auth/LDAP Auth, or even ODBC auth.
Please see the following link for more areas that can be enforced via COM API: