Using Windows NT Security

Reference:        Overview of Beyond FTP 

Beyond FTP now supports two different security schemes for managing access to local resources.  The first is the Beyond FTP security overlay which is administered using the Beyond FTP Security Program.  This is the traditional mechanism that applies additional limitations to those already in place due to the local user account under which Beyond FTP is running.  You must create accounts for each group or user that requires access to local resources.  These accounts are separate from the NT/2000/XP security accounts.  The advantages of this approach are:

1.   Local and network resources accessible to the Beyond FTP services are also potentially accessible to remote users.

2.   The FTP server is not limited to a single root drive and directory.  Different users may have entirely different FTP server roots.

3.   Beyond FTP provides superior flexibility and ease of use.

The major disadvantages are that you must create a new set of user accounts, and accounts cannot be limited according to time and day.  These disadvantages are overcome by engaging Windows NT/2000/XP security.  All user/password combinations are checked against the NT security system, and access to resources is limited by the configuration in the NT security administrator.   The advantages are:

1.   A single security system for all uses.

2.   Control over the users schedule as well as access.

The major disadvantage is that access is limited to local resources ONLY.  Remote users cannot access network resources even though the Beyond FTP services have mapped those resources.  In addition, Beyond FTP must run in the Local System Account.  Finally, the FTP server can have only one root drive and directory.

Beyond FTP does not check NT accounts for administrative rights.  If you would perform remote administration, you must create a Beyond FTP system administrator account that has the same user name and password as an NT account that allows local access to the Beyond FTP path.  This does NOT have to be (and probably should not be) an NT administrator account.  For example, to remotely administer a Beyond FTP installation on C:\BFTP, you might create a local user BFTPAdmin/sysadmin that provides write access to C:\BFTP and then a Beyond FTP user with the same BFTPAdmin/sysadmin user and password information and a security level of Administrator.

Previous Topic
Next Topic