Does anyone have best practices on using a domain account to run the Tectia SFTP Server as Domain Account instead of the Local System account in Windows 2008r2? I would like to set it up to run with the least amount of permissions as possible but still have 100% functionality. Thanks, Scott. . |
As a side note I already know that the tectia service will run just fine as a local admin of the server but I am looking is a set of permission restrictions that will remove most of this service accounts access but still remain 100% functional. Thanks, Scott. . |
The server may run fine after setting the account properly. But as far as I know, ssh.com (Tectia) does not test server in such setting and therefore cannot help. I checked this briefly, and it seems to me that the server processes need to have "SeTcbPrivilege" in order to authenticate any user into system. There may be other requirements. If you are able to test it yourself and make it work then it would be nice if you would share it here with others. Tectia will only do official support for something like this if some key paying customer demands this for their business. We are quite limited in resources. On the other hand, it should not be necessary to do such restrictions. The server is designed to be secure and, after all, "Local System" account is also a domain account if the computer is part of a domain. What is exactly the purpose you are doing this for? Regards, Martin |