Editing Securing your Windows Service installation
From FileZilla Wiki
Jump to navigationJump to searchWarning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 14: | Line 14: | ||
== Configuration == | == Configuration == | ||
+ | |||
To secure your Filezilla server we will assume you wish to run the Filezilla server program as a user with limited permissions on the Windows system. This will limit the potential damage that could be caused by someone compromising the Filezilla server program or a mistake made to file system permissions in parts of the system used by Filezilla. | To secure your Filezilla server we will assume you wish to run the Filezilla server program as a user with limited permissions on the Windows system. This will limit the potential damage that could be caused by someone compromising the Filezilla server program or a mistake made to file system permissions in parts of the system used by Filezilla. | ||
Line 19: | Line 20: | ||
You will then need to configure your Filezilla Server FTP server service to use the new user level account you have created. To do this you will to go into the Services control panel and locate the service named "Filezilla Server FTP server". Edit the service properties and go the Log On tab. On this tab you change from the Log on as option from Local System account (the default) to "This account". You will then select the user level account you have created and enter the password you assigned to the account twice. Once you click OK you may be notified that this account has been granted "Logon as a service" rights. This is expected and required for the account to work properly. | You will then need to configure your Filezilla Server FTP server service to use the new user level account you have created. To do this you will to go into the Services control panel and locate the service named "Filezilla Server FTP server". Edit the service properties and go the Log On tab. On this tab you change from the Log on as option from Local System account (the default) to "This account". You will then select the user level account you have created and enter the password you assigned to the account twice. Once you click OK you may be notified that this account has been granted "Logon as a service" rights. This is expected and required for the account to work properly. | ||
+ | |||
+ | |||
Make sure you are logged in as '''Administrator'''. | Make sure you are logged in as '''Administrator'''. | ||
Line 57: | Line 60: | ||
Or, '''alternatively''', in any Windows Edition | Or, '''alternatively''', in any Windows Edition | ||
− | don't do what follows, if you have already created a "filezilla" user with one of the procedures above. You may choose the following procedure as an alternative of the two previous, because it is safer: putting "filezilla" user in its' own group, is way better than adding it into the "Users" group. | + | '''PLEASE NOTICE''': don't do what follows, if you have already created a "filezilla" user with one of the procedures above. You may choose the following procedure as an alternative of the two previous, because it is safer: putting "filezilla" user in its' own group, is way better than adding it into the "Users" group. |
#Copy and paste one by one the following commands, in a "CMD" window run as Administrator: | #Copy and paste one by one the following commands, in a "CMD" window run as Administrator: | ||
− | #* | + | #*net user filezilla * /add (creates "filezilla" user in the "Users" group) |
#*when prompted, type a password for "filezilla" user (this is required) | #*when prompted, type a password for "filezilla" user (this is required) | ||
− | #* | + | #*net localgroup filezilla-users /add (creates a new group called "filezilla-users") |
− | #* | + | #*net localgroup filezilla-users filezilla /add (adds "filezilla" user to "filezilla-users" group) |
− | #* | + | #*net localgroup users filezilla /delete (deletes "filezilla" user from "Users" group) |
− | |||
− | |||
− | |||
− | |||
=== Change FileZilla Server Service logon === | === Change FileZilla Server Service logon === |