Securing your Windows Service installation
From FileZilla Wiki
Jump to navigationJump to search
User accounts concepts
Configuration
Troubleshooting
Tips & Tricks
- You can script setting up permissions using CACLS, XCACLS or SetACL into the bat file.
- With Secondary Logon (Run As...) service you can execute commands as administrator even from LUA account.
- You can use suDown to achieve LUA with Administrator account.
- Windows XP Home, "Security" tab cannot be enabled by default, but you can install update to enable it.
Conclusion
Advantages of this solution are obvious. Should there be vulnerability in FZS, only those files and folders can be manipulated to which FZS has write/delete rights. Rest of the computer is shielded from damage. To limit Denial Of Service attacks by filling disk where writable folders are, you can setup disk Quotas in Windows XP Pro and Windows 2003 Server. Moreover you will learn more about multi-user security principles.