windows-nt/Source/XPSP1/NT/inetsrv/iis/svcs/ftp/server/registry.txt

246 lines
11 KiB
Plaintext
Raw Normal View History

2020-09-26 03:20:57 -05:00
This file details the registry structure & specific values used by the
FTP Server service.
All FTP Server parameters "live" under the following key:
HKEY_LOCAL_MACHINE
System
CurrentControlSet
Services
FtpSvc
Parameters
The following values may exist under the Parameters key:
Name: AllowAnonymous
Type: REG_DWORD
Meaning: If this value is non-zero, then anonymous logons are allowed.
Otherwise (value IS zero) anonymous logons are not allowed.
Default: 1 (allow anonymous logons)
Name: AllowGuestAccess
Type: REG_DWORD
Meaning: If this value is non-zero, then guest-access logons are
allowed. Otherwise (value IS zero) guest-access logons
are not allowed. (Note that guest-access has nothing to
do with the "Guest" account; guest-access is granted if
the local machine's user rights policy states that
"Everyone" may access the machine from the network. Any
user that tries to logon with an unknown account will be
granted guest-access.)
Default: 1 (allow guest-access)
Name: AnnotateDirectories
Type: REG_DWORD
Meaning: If this value is non-zero, then everytime a user changes
directories (sends the server a CWD command) an attempt is
made to open a file called "~FTPSVC~.CKM" in the new
directory. If this file is found, its contents are sent
to the user as part of the successful reply to the CWD
command. This may be used to attach "annotations" to
specific directories.
This value is used as a default for new users. Users can
toggle their own personal "annotate directories" flag with
the site-specific CKM command (SITE CKM).
Default: 0 (don't annotate directories)
Name: AnonymousOnly
Type: REG_DWORD
Meaning: If this value is non-zero, then only anonymous logons are
allowed. Otherwise (value IS zero) then non-anonymous
logons are allowed as well.
Default: 0 (non-anonymous logons allowed).
Name: AnonymousUserName
Type: REG_SZ
Meaning: Anonymous logon alias. When a user attempts an anonymous
logon, the username specified ("anonymous") is mapped to
this registry value for the purposes off authentication
and impersonation. The password for this account is stored
in an LSA secret object named "FTPD_ANONYMOUS_DATA".
Default: "Guest"
Name: ConnectionTimeout
Type: REG_DWORD
Meaning: The time (in seconds) to allow clients to remain idle before
forcibly disconnecting them. This prevents idle clients
from consuming server resources indefinitely.
This value may be set to zero if timeouts are not to be
enforced. If set to zero, idle clients *can* remain connected
indefinitely.
Default: 600 (10 minutes)
Name: DebugFlags
Type: REG_DWORD
Meaning: This value is used only by the debugging (checked) builds of
the FTP Server. It controls the output of various debugging
information. This value is unused by retail builds.
Default: 0 (no debug output)
Name: DefaultLogonDomain
Type: REG_SZ
Meaning: The domain name to use when validating user logon requests
if the user did not specify a domain. If this value does
not exist in the registry, then the FTP Server will use the
local machine's primary logon domain instead.
Default: NULL (use the local machine's primary logon domain)
Name: DisableExtendedCharFilenames
Type: REG_DWORD
Meaning: RFC 0959 says only 7bi ASCII characters can be used to specify
file names in FTP commands. DeFacto, 8bit chars are being used
to specify extended char names and DBCS encoding. If this value
does not exists, or if it exists but set to 0, extended chars
are being accepted. If the value is 1, extended char file names
are rejected.
Default: Not created. (extended chars enabled)
Name: ExitMessage
Type: REG_SZ
Meaning: This is the signoff message sent to a client upon receipt
of a QUIT command.
Default: "Goodbye."
Name: GreetingMessage
Type: REG_MULTI_SZ
Meaning: This message (if it exists in the registry) is sent to new
clients after their account has been validated. In accordance
with "de facto" Internet behaviour, if a client logs on as
anonymous and specifies an identity starting with '-' (minus),
then this greeting message is NOT sent.
Default: NULL (no special greeting)
Name: BannerMessage
Type: REG_MULTI_SZ
Meaning: This message (if it exists in the registry) is sent to new
clients when they connect, right after the service name.
Default: NULL (no special greeting)
Name: HomeDirectory
Type: REG_EXPAND_SZ
Meaning: This is the initial "home" directory for new clients. After
a new client is validated, an attempt is made to CHDIR to
this directory. If this directory is inaccessible, the client
is refused FTP services. If the CHDIR is successful, then
an attempt is made to CHDIR to a directory with the same name
as the client's username. If this fails, an attempt is made
to CHDIR to a directory called "Default". If this fails,
the current directory is left at "home".
If a user finds that the home directory is inaccessible,
then an event is written to the event log indiciating such.
Default: "C:\"
Name: ListenBacklog
Type: REG_DWORD
Meaning: This is the "backlog" parameter passed into the listen()
API. This sets the maximum number of unaccepted connections
that can be queued against the socket that listens on the
main FTP port.
Default: 5
Name: LogAnonymous
Type: REG_DWORD
Meaning: If this value is non-zero, then all successful anonymous
logons are logged in the system event log. Otherwise
(value IS zero) successful anonymous logons are not logged.
Default: 0 (don't log successful anonymous logons)
Name: LogFileAccess
Type: REG_DWORD
Meaning: This value controls the logging of file accesses. This value
can be one of the following:
0 = Don't log file accesses
1 = Log file accesses to FTPSVC.LOG
2 = Log file accesses to FTyymmdd.LOG, where yy
is the year, mm is the month, and dd is
the day. A new log file will be opened
every day as necessary.
Default: 0 (don't log file accesses)
Name: LogFileDirectory
Type: REG_SZ
Meaning: This value specifies the target directory for log files.
This value is only used if LogFileAccess is !0.
Default: %SystemRoot%\System32
Name: LogNonAnonymous
Type: REG_DWORD
Meaning: If this value is non-zero, then all successful nonanonymous
logons are logged in the system event log. Otherwise
(value IS zero) successful nonanonymous logons are not logged.
Default: 0 (don't log successful nonanonymous logons)
Name: LowercaseFiles
Type: REG_DWORD
Meaning: If this value is non-zero, then all file names returned by
LIST and NLST commands for non-case-preserving filesystems
will be mapped to lowercase. If this value is zero, then
all file names will be unaltered.
Default: 0 (don't map filenames to lowercase)
Name: MaxClientsMessage
Type: REG_SZ
Meaning: This message (if it exists) is sent to a client if the maximum
number of clients has been reached/exceeded. This indicates
that the server is currently servicing the maximum number of
simultaneous clients and is refusing addtional clients.
Default: "Maximum clients reached, service unavailable."
Name: MaxConnections
Type: REG_DWORD
Meaning: This is the maximum number of simultaneous clients the server
will service.
This value may be set to zero if there is to be no limit on
simultaneous clients.
Default: 20
Name: MsdosDirOutput
Type: REG_DWORD
Meaning: If this value is non-zero, then the output of the LIST
command (usually sent as a result of a DIR from the client)
will look like the output of the MS-DOS DIR command.
Otherwise (value IS zero) then the output of the LIST command
will look like the output of the UNIX LS command.
This value also controls "slash flipping" in the path
sent by the PWD command. If this value is non-zero, the path
will contain backward "\" slashes. If this value IS zero, the
path will contain forward "/" slashes.
Default: 1 (directory listings like MS-DOS)
Name: ReadAccessMask
Type: REG_DWORD
Meaning: This value is a bitmask and controls the "readability" of
the various disk volumes in the system. Drive A: corresponds
to bit zero, drive B: is bit 1, drive C: is bit 2, etc. A
user may only read from a specific volume if the corresponding
bit is set.
Default: 0 (all read access denied)
Name: WriteAccessMask
Type: REG_DWORD
Meaning: This value is a bitmask and controls the "writability" of
the various disk volumes in the system. Drive A: corresponds
to bit zero, drive B: is bit 1, drive C: is bit 2, etc. A
user may only write to a specific volume if the corresponding
bit is set.
Default: 0 (all write access denied)
There is an additional (optional) key that may exist under the Parameters
key. After a user's account/password has been validated and the server is
impersonating that user, an attempt is made to open a key named "AccessCheck".
If this key exists, and the user cannot open it, then the user is denied
access to the FTP Server. If this key exists, and the user can only open it
for read access, then the user is given read-only access to the FTP Server.
This way, an administrator can create this "AccessCheck" key and attach
specific ACLs to the key. These ACLs will then control access to the FTP
Server.