Secure Account Permissions for EFT


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v6.x and later

DISCUSSION

For best security, you should set the least permissions necessary to run EFT on Windows Server 2008 and Windows Server 2012. Instructions are provided below.

Service account permissions for EFT to run on a Windows Server 2008/2012

·         Directories (Paths listed are default. Your directories may differ.):

 

o  Installation Directory (FULL Permissions)

   

§   C:\Program Files (x86)\GlobalSCAPE\EFT Server

   

§   C:\Program Files (x86)\GlobalSCAPE\EFT Server Enterprise

 

o  Configuration Directory (FULL Permissions)

   

§   C:\ProgramData\GlobalSCAPE\EFT Server

   

§   C:\ProgramData\GlobalSCAPE\EFT Server Enterprise

 

o  Windows Temp Directory (FULL Permissions):

   

§   C:\Windows\Temp

 

o  EFT Site Root directories (FULL Permissions):

   

§   C:\inetpub\EFTRoot (default)

·         Registry Entries

 

o  FULL Permissions

 

32-bit systems:

   

§   HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE

   

§   HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.

   

§   HKEY_LOCAL_MACHINE\SOFTWARE\Network Automation

 

64-bit systems:

   

§   HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE

   

§   HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.

   

§   HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Automation

 

o  READ permissions

   

§   HKEY_CLASSES_ROOT

   

§   HKEY_USERS

·         COM Permissions (dcomcnfg.exe)Set the following permissions

 

o  GSPGP

   

§   Allow Local Launch

   

§   Allow Local Activation

   

§   Allow Local Access

   

§   Allow Read Configuration

 

o  GSAWE

   

§   Allow Local Launch

   

§   Allow Local Activation

   

§   Allow Local Access

   

§   Allow Read Configuration

 

o  GSAWE_CLASS_INTERPRETOR

   

§   Allow Local Launch

   

§   Allow Local Activation

   

§   Allow Local Access

   

§   Allow Read Configuration

Also refer to Security Best Practices.