|
|
This file details the registry structure & specific values used by theFTP Server service.
All FTP Server parameters "live" under the following key:
HKEY_LOCAL_MACHINE System CurrentControlSet Services FtpSvc Parameters
The following values may exist under the Parameters key:
Name: AllowAnonymous Type: REG_DWORD Meaning: If this value is non-zero, then anonymous logons are allowed. Otherwise (value IS zero) anonymous logons are not allowed. Default: 1 (allow anonymous logons)
Name: AllowGuestAccess Type: REG_DWORD Meaning: If this value is non-zero, then guest-access logons are allowed. Otherwise (value IS zero) guest-access logons are not allowed. (Note that guest-access has nothing to do with the "Guest" account; guest-access is granted if the local machine's user rights policy states that "Everyone" may access the machine from the network. Any user that tries to logon with an unknown account will be granted guest-access.) Default: 1 (allow guest-access)
Name: AnnotateDirectories Type: REG_DWORD Meaning: If this value is non-zero, then everytime a user changes directories (sends the server a CWD command) an attempt is made to open a file called "~FTPSVC~.CKM" in the new directory. If this file is found, its contents are sent to the user as part of the successful reply to the CWD command. This may be used to attach "annotations" to specific directories.
This value is used as a default for new users. Users can toggle their own personal "annotate directories" flag with the site-specific CKM command (SITE CKM). Default: 0 (don't annotate directories)
Name: AnonymousOnly Type: REG_DWORD Meaning: If this value is non-zero, then only anonymous logons are allowed. Otherwise (value IS zero) then non-anonymous logons are allowed as well. Default: 0 (non-anonymous logons allowed).
Name: AnonymousUserName Type: REG_SZ Meaning: Anonymous logon alias. When a user attempts an anonymous logon, the username specified ("anonymous") is mapped to this registry value for the purposes off authentication and impersonation. The password for this account is stored in an LSA secret object named "FTPD_ANONYMOUS_DATA". Default: "Guest"
Name: ConnectionTimeout Type: REG_DWORD Meaning: The time (in seconds) to allow clients to remain idle before forcibly disconnecting them. This prevents idle clients from consuming server resources indefinitely.
This value may be set to zero if timeouts are not to be enforced. If set to zero, idle clients *can* remain connected indefinitely. Default: 600 (10 minutes)
Name: DebugFlags Type: REG_DWORD Meaning: This value is used only by the debugging (checked) builds of the FTP Server. It controls the output of various debugging information. This value is unused by retail builds. Default: 0 (no debug output)
Name: DefaultLogonDomain Type: REG_SZ Meaning: The domain name to use when validating user logon requests if the user did not specify a domain. If this value does not exist in the registry, then the FTP Server will use the local machine's primary logon domain instead. Default: NULL (use the local machine's primary logon domain)
Name: DisableExtendedCharFilenames Type: REG_DWORD Meaning: RFC 0959 says only 7bi ASCII characters can be used to specify file names in FTP commands. DeFacto, 8bit chars are being used to specify extended char names and DBCS encoding. If this value does not exists, or if it exists but set to 0, extended chars are being accepted. If the value is 1, extended char file names are rejected. Default: Not created. (extended chars enabled)
Name: ExitMessage Type: REG_SZ Meaning: This is the signoff message sent to a client upon receipt of a QUIT command. Default: "Goodbye."
Name: GreetingMessage Type: REG_MULTI_SZ Meaning: This message (if it exists in the registry) is sent to new clients after their account has been validated. In accordance with "de facto" Internet behaviour, if a client logs on as anonymous and specifies an identity starting with '-' (minus), then this greeting message is NOT sent. Default: NULL (no special greeting)
Name: BannerMessage Type: REG_MULTI_SZ Meaning: This message (if it exists in the registry) is sent to new clients when they connect, right after the service name. Default: NULL (no special greeting)
Name: HomeDirectory Type: REG_EXPAND_SZ Meaning: This is the initial "home" directory for new clients. After a new client is validated, an attempt is made to CHDIR to this directory. If this directory is inaccessible, the client is refused FTP services. If the CHDIR is successful, then an attempt is made to CHDIR to a directory with the same name as the client's username. If this fails, an attempt is made to CHDIR to a directory called "Default". If this fails, the current directory is left at "home".
If a user finds that the home directory is inaccessible, then an event is written to the event log indiciating such. Default: "C:\"
Name: ListenBacklog Type: REG_DWORD Meaning: This is the "backlog" parameter passed into the listen() API. This sets the maximum number of unaccepted connections that can be queued against the socket that listens on the main FTP port. Default: 5
Name: LogAnonymous Type: REG_DWORD Meaning: If this value is non-zero, then all successful anonymous logons are logged in the system event log. Otherwise (value IS zero) successful anonymous logons are not logged. Default: 0 (don't log successful anonymous logons)
Name: LogFileAccess Type: REG_DWORD Meaning: This value controls the logging of file accesses. This value can be one of the following:
0 = Don't log file accesses 1 = Log file accesses to FTPSVC.LOG 2 = Log file accesses to FTyymmdd.LOG, where yy is the year, mm is the month, and dd is the day. A new log file will be opened every day as necessary. Default: 0 (don't log file accesses)
Name: LogFileDirectory Type: REG_SZ Meaning: This value specifies the target directory for log files. This value is only used if LogFileAccess is !0. Default: %SystemRoot%\System32
Name: LogNonAnonymous Type: REG_DWORD Meaning: If this value is non-zero, then all successful nonanonymous logons are logged in the system event log. Otherwise (value IS zero) successful nonanonymous logons are not logged. Default: 0 (don't log successful nonanonymous logons)
Name: LowercaseFiles Type: REG_DWORD Meaning: If this value is non-zero, then all file names returned by LIST and NLST commands for non-case-preserving filesystems will be mapped to lowercase. If this value is zero, then all file names will be unaltered. Default: 0 (don't map filenames to lowercase)
Name: MaxClientsMessage Type: REG_SZ Meaning: This message (if it exists) is sent to a client if the maximum number of clients has been reached/exceeded. This indicates that the server is currently servicing the maximum number of simultaneous clients and is refusing addtional clients. Default: "Maximum clients reached, service unavailable."
Name: MaxConnections Type: REG_DWORD Meaning: This is the maximum number of simultaneous clients the server will service.
This value may be set to zero if there is to be no limit on simultaneous clients. Default: 20
Name: MsdosDirOutput Type: REG_DWORD Meaning: If this value is non-zero, then the output of the LIST command (usually sent as a result of a DIR from the client) will look like the output of the MS-DOS DIR command. Otherwise (value IS zero) then the output of the LIST command will look like the output of the UNIX LS command.
This value also controls "slash flipping" in the path sent by the PWD command. If this value is non-zero, the path will contain backward "\" slashes. If this value IS zero, the path will contain forward "/" slashes. Default: 1 (directory listings like MS-DOS)
Name: ReadAccessMask Type: REG_DWORD Meaning: This value is a bitmask and controls the "readability" of the various disk volumes in the system. Drive A: corresponds to bit zero, drive B: is bit 1, drive C: is bit 2, etc. A user may only read from a specific volume if the corresponding bit is set. Default: 0 (all read access denied)
Name: WriteAccessMask Type: REG_DWORD Meaning: This value is a bitmask and controls the "writability" of the various disk volumes in the system. Drive A: corresponds to bit zero, drive B: is bit 1, drive C: is bit 2, etc. A user may only write to a specific volume if the corresponding bit is set. Default: 0 (all write access denied)
There is an additional (optional) key that may exist under the Parameterskey. After a user's account/password has been validated and the server isimpersonating that user, an attempt is made to open a key named "AccessCheck".If this key exists, and the user cannot open it, then the user is deniedaccess to the FTP Server. If this key exists, and the user can only open itfor read access, then the user is given read-only access to the FTP Server.This way, an administrator can create this "AccessCheck" key and attachspecific ACLs to the key. These ACLs will then control access to the FTPServer.
|
