login about faq

Does anyone have best practices on using a domain account to run the Tectia SFTP Server as Domain Account instead of the Local System account in Windows 2008r2?

I would like to set it up to run with the least amount of permissions as possible but still have 100% functionality.

Thanks,

Scott. .

asked Jan 19 '12 at 02:15

ScottN's gravatar image

ScottN
1112

edited Jan 19 '12 at 02:16


As a side note I already know that the tectia service will run just fine as a local admin of the server but I am looking is a set of permission restrictions that will remove most of this service accounts access but still remain 100% functional.

Thanks,

Scott. .

link

answered Jan 20 '12 at 16:23

ScottN's gravatar image

ScottN
1112

The server may run fine after setting the account properly. But as far as I know, ssh.com (Tectia) does not test server in such setting and therefore cannot help.

I checked this briefly, and it seems to me that the server processes need to have "SeTcbPrivilege" in order to authenticate any user into system. There may be other requirements. If you are able to test it yourself and make it work then it would be nice if you would share it here with others.

Tectia will only do official support for something like this if some key paying customer demands this for their business. We are quite limited in resources.

On the other hand, it should not be necessary to do such restrictions. The server is designed to be secure and, after all, "Local System" account is also a domain account if the computer is part of a domain. What is exactly the purpose you are doing this for?

Regards,

Martin

link

answered Jan 22 '12 at 23:24

Martin%20Dobsik's gravatar image

Martin Dobsik ♦
599126

edited Jan 22 '12 at 23:24

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×63
×12

Asked: Jan 19 '12 at 02:15

Seen: 4,282 times

Last updated: Jan 22 '12 at 23:24

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.