Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

245 lines
12 KiB

  1. This file details the registry structure & specific values used by the
  2. FTP Server service.
  3. All FTP Server parameters "live" under the following key:
  4. HKEY_LOCAL_MACHINE
  5. System
  6. CurrentControlSet
  7. Services
  8. FtpSvc
  9. Parameters
  10. The following values may exist under the Parameters key:
  11. Name: AllowAnonymous
  12. Type: REG_DWORD
  13. Meaning: If this value is non-zero, then anonymous logons are allowed.
  14. Otherwise (value IS zero) anonymous logons are not allowed.
  15. Default: 1 (allow anonymous logons)
  16. Name: AllowGuestAccess
  17. Type: REG_DWORD
  18. Meaning: If this value is non-zero, then guest-access logons are
  19. allowed. Otherwise (value IS zero) guest-access logons
  20. are not allowed. (Note that guest-access has nothing to
  21. do with the "Guest" account; guest-access is granted if
  22. the local machine's user rights policy states that
  23. "Everyone" may access the machine from the network. Any
  24. user that tries to logon with an unknown account will be
  25. granted guest-access.)
  26. Default: 1 (allow guest-access)
  27. Name: AnnotateDirectories
  28. Type: REG_DWORD
  29. Meaning: If this value is non-zero, then everytime a user changes
  30. directories (sends the server a CWD command) an attempt is
  31. made to open a file called "~FTPSVC~.CKM" in the new
  32. directory. If this file is found, its contents are sent
  33. to the user as part of the successful reply to the CWD
  34. command. This may be used to attach "annotations" to
  35. specific directories.
  36. This value is used as a default for new users. Users can
  37. toggle their own personal "annotate directories" flag with
  38. the site-specific CKM command (SITE CKM).
  39. Default: 0 (don't annotate directories)
  40. Name: AnonymousOnly
  41. Type: REG_DWORD
  42. Meaning: If this value is non-zero, then only anonymous logons are
  43. allowed. Otherwise (value IS zero) then non-anonymous
  44. logons are allowed as well.
  45. Default: 0 (non-anonymous logons allowed).
  46. Name: AnonymousUserName
  47. Type: REG_SZ
  48. Meaning: Anonymous logon alias. When a user attempts an anonymous
  49. logon, the username specified ("anonymous") is mapped to
  50. this registry value for the purposes off authentication
  51. and impersonation. The password for this account is stored
  52. in an LSA secret object named "FTPD_ANONYMOUS_DATA".
  53. Default: "Guest"
  54. Name: ConnectionTimeout
  55. Type: REG_DWORD
  56. Meaning: The time (in seconds) to allow clients to remain idle before
  57. forcibly disconnecting them. This prevents idle clients
  58. from consuming server resources indefinitely.
  59. This value may be set to zero if timeouts are not to be
  60. enforced. If set to zero, idle clients *can* remain connected
  61. indefinitely.
  62. Default: 600 (10 minutes)
  63. Name: DebugFlags
  64. Type: REG_DWORD
  65. Meaning: This value is used only by the debugging (checked) builds of
  66. the FTP Server. It controls the output of various debugging
  67. information. This value is unused by retail builds.
  68. Default: 0 (no debug output)
  69. Name: DefaultLogonDomain
  70. Type: REG_SZ
  71. Meaning: The domain name to use when validating user logon requests
  72. if the user did not specify a domain. If this value does
  73. not exist in the registry, then the FTP Server will use the
  74. local machine's primary logon domain instead.
  75. Default: NULL (use the local machine's primary logon domain)
  76. Name: DisableExtendedCharFilenames
  77. Type: REG_DWORD
  78. Meaning: RFC 0959 says only 7bi ASCII characters can be used to specify
  79. file names in FTP commands. DeFacto, 8bit chars are being used
  80. to specify extended char names and DBCS encoding. If this value
  81. does not exists, or if it exists but set to 0, extended chars
  82. are being accepted. If the value is 1, extended char file names
  83. are rejected.
  84. Default: Not created. (extended chars enabled)
  85. Name: ExitMessage
  86. Type: REG_SZ
  87. Meaning: This is the signoff message sent to a client upon receipt
  88. of a QUIT command.
  89. Default: "Goodbye."
  90. Name: GreetingMessage
  91. Type: REG_MULTI_SZ
  92. Meaning: This message (if it exists in the registry) is sent to new
  93. clients after their account has been validated. In accordance
  94. with "de facto" Internet behaviour, if a client logs on as
  95. anonymous and specifies an identity starting with '-' (minus),
  96. then this greeting message is NOT sent.
  97. Default: NULL (no special greeting)
  98. Name: BannerMessage
  99. Type: REG_MULTI_SZ
  100. Meaning: This message (if it exists in the registry) is sent to new
  101. clients when they connect, right after the service name.
  102. Default: NULL (no special greeting)
  103. Name: HomeDirectory
  104. Type: REG_EXPAND_SZ
  105. Meaning: This is the initial "home" directory for new clients. After
  106. a new client is validated, an attempt is made to CHDIR to
  107. this directory. If this directory is inaccessible, the client
  108. is refused FTP services. If the CHDIR is successful, then
  109. an attempt is made to CHDIR to a directory with the same name
  110. as the client's username. If this fails, an attempt is made
  111. to CHDIR to a directory called "Default". If this fails,
  112. the current directory is left at "home".
  113. If a user finds that the home directory is inaccessible,
  114. then an event is written to the event log indiciating such.
  115. Default: "C:\"
  116. Name: ListenBacklog
  117. Type: REG_DWORD
  118. Meaning: This is the "backlog" parameter passed into the listen()
  119. API. This sets the maximum number of unaccepted connections
  120. that can be queued against the socket that listens on the
  121. main FTP port.
  122. Default: 5
  123. Name: LogAnonymous
  124. Type: REG_DWORD
  125. Meaning: If this value is non-zero, then all successful anonymous
  126. logons are logged in the system event log. Otherwise
  127. (value IS zero) successful anonymous logons are not logged.
  128. Default: 0 (don't log successful anonymous logons)
  129. Name: LogFileAccess
  130. Type: REG_DWORD
  131. Meaning: This value controls the logging of file accesses. This value
  132. can be one of the following:
  133. 0 = Don't log file accesses
  134. 1 = Log file accesses to FTPSVC.LOG
  135. 2 = Log file accesses to FTyymmdd.LOG, where yy
  136. is the year, mm is the month, and dd is
  137. the day. A new log file will be opened
  138. every day as necessary.
  139. Default: 0 (don't log file accesses)
  140. Name: LogFileDirectory
  141. Type: REG_SZ
  142. Meaning: This value specifies the target directory for log files.
  143. This value is only used if LogFileAccess is !0.
  144. Default: %SystemRoot%\System32
  145. Name: LogNonAnonymous
  146. Type: REG_DWORD
  147. Meaning: If this value is non-zero, then all successful nonanonymous
  148. logons are logged in the system event log. Otherwise
  149. (value IS zero) successful nonanonymous logons are not logged.
  150. Default: 0 (don't log successful nonanonymous logons)
  151. Name: LowercaseFiles
  152. Type: REG_DWORD
  153. Meaning: If this value is non-zero, then all file names returned by
  154. LIST and NLST commands for non-case-preserving filesystems
  155. will be mapped to lowercase. If this value is zero, then
  156. all file names will be unaltered.
  157. Default: 0 (don't map filenames to lowercase)
  158. Name: MaxClientsMessage
  159. Type: REG_SZ
  160. Meaning: This message (if it exists) is sent to a client if the maximum
  161. number of clients has been reached/exceeded. This indicates
  162. that the server is currently servicing the maximum number of
  163. simultaneous clients and is refusing addtional clients.
  164. Default: "Maximum clients reached, service unavailable."
  165. Name: MaxConnections
  166. Type: REG_DWORD
  167. Meaning: This is the maximum number of simultaneous clients the server
  168. will service.
  169. This value may be set to zero if there is to be no limit on
  170. simultaneous clients.
  171. Default: 20
  172. Name: MsdosDirOutput
  173. Type: REG_DWORD
  174. Meaning: If this value is non-zero, then the output of the LIST
  175. command (usually sent as a result of a DIR from the client)
  176. will look like the output of the MS-DOS DIR command.
  177. Otherwise (value IS zero) then the output of the LIST command
  178. will look like the output of the UNIX LS command.
  179. This value also controls "slash flipping" in the path
  180. sent by the PWD command. If this value is non-zero, the path
  181. will contain backward "\" slashes. If this value IS zero, the
  182. path will contain forward "/" slashes.
  183. Default: 1 (directory listings like MS-DOS)
  184. Name: ReadAccessMask
  185. Type: REG_DWORD
  186. Meaning: This value is a bitmask and controls the "readability" of
  187. the various disk volumes in the system. Drive A: corresponds
  188. to bit zero, drive B: is bit 1, drive C: is bit 2, etc. A
  189. user may only read from a specific volume if the corresponding
  190. bit is set.
  191. Default: 0 (all read access denied)
  192. Name: WriteAccessMask
  193. Type: REG_DWORD
  194. Meaning: This value is a bitmask and controls the "writability" of
  195. the various disk volumes in the system. Drive A: corresponds
  196. to bit zero, drive B: is bit 1, drive C: is bit 2, etc. A
  197. user may only write to a specific volume if the corresponding
  198. bit is set.
  199. Default: 0 (all write access denied)
  200. There is an additional (optional) key that may exist under the Parameters
  201. key. After a user's account/password has been validated and the server is
  202. impersonating that user, an attempt is made to open a key named "AccessCheck".
  203. If this key exists, and the user cannot open it, then the user is denied
  204. access to the FTP Server. If this key exists, and the user can only open it
  205. for read access, then the user is given read-only access to the FTP Server.
  206. This way, an administrator can create this "AccessCheck" key and attach
  207. specific ACLs to the key. These ACLs will then control access to the FTP
  208. Server.