Search

GlobalSCAPE Knowledge Base

Enforcing Settings in EFT Like Group Policy Does for AD

Karla Marsh
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v6 and later

Using EFT's COM API to enforce specific settings inside of EFT so that they are enforced at all times

DISCUSSION

Often changing a setting in EFT is forgotten after it is saved and done. Wouldn’t it be helpful to enforce settings at all times to prevent security issues with folders or home folders?

Configure COM API

COM API is required for the any type of script to run and affect settings in EFT.

  1. Remote Admin must be enabled on the EFT server.
  2. Either the EFT administration interface must be installed or the DLLs must be on the system where the script is being run: C:\Program Files (x86)\Common Files\Globalscape\SFTPCOMInterface\
  3. User ID can be either a GS administrator account or AD auth can be used (if you have HSM module).

So how do we use the script to enforce settings?

Let’s start by breaking down the script.

Connecting to EFT:

CRLF = (Chr(13)& Chr(10))

txtServer = "localhost"

txtPort = "1100"

txtAdminUserName = "test"

txtPassword = "test"

txtSiteName = "EFT FTP"

txtSettingsLevel = "Default Settings"

Modify Security Settings:

In this case, let’s modify the 2 settings that need to be enforced.

oUser.SetHomeDir(-2) 'use home folder from Settings Template

oUser.SetHomeDirIsRoot(-2) 'use Treat home folder from Settings Template

*Note: it is very important to identify the Settings template that will be enforced. It is possible to enforce other templates using copies of the script.

From the above, the Home Directory and the Root Directory are being affected. A setting of -2 usually corresponds with the following behavior:

abFalse = 0

abInherited = -2

abTrue = 1

This means that both settings will be pulled from the PARENT, which is the Settings Template called “Default Settings.”

Why do you need to do this?

In all honesty, this isn’t required, however, it is recommended. This helps ENFORCE settings even if an admin "breaks" security by changing a setting. Using a PowerShell (not included) or a VB script like the one offered in this article allows you to create a very specific group policy for EFT. It is possible to enforce these settings with GS Auth, AD Auth/LDAP Auth, or even ODBC auth.

Please see the following link for more areas that can be enforced via COM API:

http://help.globalscape.com/help/gs_com_api/com_iciclientsettingsinterface.htm

Details
Last Modified: 3 Years Ago
Last Modified By: kmarsh
Type: HOWTO
Article not rated yet.
Article has been viewed 13K times.
Options
Also In This Category