246 lines
11 KiB
Plaintext
246 lines
11 KiB
Plaintext
This file details the registry structure & specific values used by the
|
|
FTP Server service.
|
|
|
|
|
|
All FTP Server parameters "live" under the following key:
|
|
|
|
HKEY_LOCAL_MACHINE
|
|
System
|
|
CurrentControlSet
|
|
Services
|
|
FtpSvc
|
|
Parameters
|
|
|
|
The following values may exist under the Parameters key:
|
|
|
|
Name: AllowAnonymous
|
|
Type: REG_DWORD
|
|
Meaning: If this value is non-zero, then anonymous logons are allowed.
|
|
Otherwise (value IS zero) anonymous logons are not allowed.
|
|
Default: 1 (allow anonymous logons)
|
|
|
|
Name: AllowGuestAccess
|
|
Type: REG_DWORD
|
|
Meaning: If this value is non-zero, then guest-access logons are
|
|
allowed. Otherwise (value IS zero) guest-access logons
|
|
are not allowed. (Note that guest-access has nothing to
|
|
do with the "Guest" account; guest-access is granted if
|
|
the local machine's user rights policy states that
|
|
"Everyone" may access the machine from the network. Any
|
|
user that tries to logon with an unknown account will be
|
|
granted guest-access.)
|
|
Default: 1 (allow guest-access)
|
|
|
|
Name: AnnotateDirectories
|
|
Type: REG_DWORD
|
|
Meaning: If this value is non-zero, then everytime a user changes
|
|
directories (sends the server a CWD command) an attempt is
|
|
made to open a file called "~FTPSVC~.CKM" in the new
|
|
directory. If this file is found, its contents are sent
|
|
to the user as part of the successful reply to the CWD
|
|
command. This may be used to attach "annotations" to
|
|
specific directories.
|
|
|
|
This value is used as a default for new users. Users can
|
|
toggle their own personal "annotate directories" flag with
|
|
the site-specific CKM command (SITE CKM).
|
|
Default: 0 (don't annotate directories)
|
|
|
|
Name: AnonymousOnly
|
|
Type: REG_DWORD
|
|
Meaning: If this value is non-zero, then only anonymous logons are
|
|
allowed. Otherwise (value IS zero) then non-anonymous
|
|
logons are allowed as well.
|
|
Default: 0 (non-anonymous logons allowed).
|
|
|
|
Name: AnonymousUserName
|
|
Type: REG_SZ
|
|
Meaning: Anonymous logon alias. When a user attempts an anonymous
|
|
logon, the username specified ("anonymous") is mapped to
|
|
this registry value for the purposes off authentication
|
|
and impersonation. The password for this account is stored
|
|
in an LSA secret object named "FTPD_ANONYMOUS_DATA".
|
|
Default: "Guest"
|
|
|
|
Name: ConnectionTimeout
|
|
Type: REG_DWORD
|
|
Meaning: The time (in seconds) to allow clients to remain idle before
|
|
forcibly disconnecting them. This prevents idle clients
|
|
from consuming server resources indefinitely.
|
|
|
|
This value may be set to zero if timeouts are not to be
|
|
enforced. If set to zero, idle clients *can* remain connected
|
|
indefinitely.
|
|
Default: 600 (10 minutes)
|
|
|
|
Name: DebugFlags
|
|
Type: REG_DWORD
|
|
Meaning: This value is used only by the debugging (checked) builds of
|
|
the FTP Server. It controls the output of various debugging
|
|
information. This value is unused by retail builds.
|
|
Default: 0 (no debug output)
|
|
|
|
Name: DefaultLogonDomain
|
|
Type: REG_SZ
|
|
Meaning: The domain name to use when validating user logon requests
|
|
if the user did not specify a domain. If this value does
|
|
not exist in the registry, then the FTP Server will use the
|
|
local machine's primary logon domain instead.
|
|
Default: NULL (use the local machine's primary logon domain)
|
|
|
|
Name: DisableExtendedCharFilenames
|
|
Type: REG_DWORD
|
|
Meaning: RFC 0959 says only 7bi ASCII characters can be used to specify
|
|
file names in FTP commands. DeFacto, 8bit chars are being used
|
|
to specify extended char names and DBCS encoding. If this value
|
|
does not exists, or if it exists but set to 0, extended chars
|
|
are being accepted. If the value is 1, extended char file names
|
|
are rejected.
|
|
Default: Not created. (extended chars enabled)
|
|
|
|
Name: ExitMessage
|
|
Type: REG_SZ
|
|
Meaning: This is the signoff message sent to a client upon receipt
|
|
of a QUIT command.
|
|
Default: "Goodbye."
|
|
|
|
Name: GreetingMessage
|
|
Type: REG_MULTI_SZ
|
|
Meaning: This message (if it exists in the registry) is sent to new
|
|
clients after their account has been validated. In accordance
|
|
with "de facto" Internet behaviour, if a client logs on as
|
|
anonymous and specifies an identity starting with '-' (minus),
|
|
then this greeting message is NOT sent.
|
|
Default: NULL (no special greeting)
|
|
|
|
Name: BannerMessage
|
|
Type: REG_MULTI_SZ
|
|
Meaning: This message (if it exists in the registry) is sent to new
|
|
clients when they connect, right after the service name.
|
|
Default: NULL (no special greeting)
|
|
|
|
Name: HomeDirectory
|
|
Type: REG_EXPAND_SZ
|
|
Meaning: This is the initial "home" directory for new clients. After
|
|
a new client is validated, an attempt is made to CHDIR to
|
|
this directory. If this directory is inaccessible, the client
|
|
is refused FTP services. If the CHDIR is successful, then
|
|
an attempt is made to CHDIR to a directory with the same name
|
|
as the client's username. If this fails, an attempt is made
|
|
to CHDIR to a directory called "Default". If this fails,
|
|
the current directory is left at "home".
|
|
|
|
If a user finds that the home directory is inaccessible,
|
|
then an event is written to the event log indiciating such.
|
|
Default: "C:\"
|
|
|
|
Name: ListenBacklog
|
|
Type: REG_DWORD
|
|
Meaning: This is the "backlog" parameter passed into the listen()
|
|
API. This sets the maximum number of unaccepted connections
|
|
that can be queued against the socket that listens on the
|
|
main FTP port.
|
|
Default: 5
|
|
|
|
Name: LogAnonymous
|
|
Type: REG_DWORD
|
|
Meaning: If this value is non-zero, then all successful anonymous
|
|
logons are logged in the system event log. Otherwise
|
|
(value IS zero) successful anonymous logons are not logged.
|
|
Default: 0 (don't log successful anonymous logons)
|
|
|
|
Name: LogFileAccess
|
|
Type: REG_DWORD
|
|
Meaning: This value controls the logging of file accesses. This value
|
|
can be one of the following:
|
|
|
|
0 = Don't log file accesses
|
|
1 = Log file accesses to FTPSVC.LOG
|
|
2 = Log file accesses to FTyymmdd.LOG, where yy
|
|
is the year, mm is the month, and dd is
|
|
the day. A new log file will be opened
|
|
every day as necessary.
|
|
Default: 0 (don't log file accesses)
|
|
|
|
Name: LogFileDirectory
|
|
Type: REG_SZ
|
|
Meaning: This value specifies the target directory for log files.
|
|
This value is only used if LogFileAccess is !0.
|
|
Default: %SystemRoot%\System32
|
|
|
|
Name: LogNonAnonymous
|
|
Type: REG_DWORD
|
|
Meaning: If this value is non-zero, then all successful nonanonymous
|
|
logons are logged in the system event log. Otherwise
|
|
(value IS zero) successful nonanonymous logons are not logged.
|
|
Default: 0 (don't log successful nonanonymous logons)
|
|
|
|
Name: LowercaseFiles
|
|
Type: REG_DWORD
|
|
Meaning: If this value is non-zero, then all file names returned by
|
|
LIST and NLST commands for non-case-preserving filesystems
|
|
will be mapped to lowercase. If this value is zero, then
|
|
all file names will be unaltered.
|
|
Default: 0 (don't map filenames to lowercase)
|
|
|
|
Name: MaxClientsMessage
|
|
Type: REG_SZ
|
|
Meaning: This message (if it exists) is sent to a client if the maximum
|
|
number of clients has been reached/exceeded. This indicates
|
|
that the server is currently servicing the maximum number of
|
|
simultaneous clients and is refusing addtional clients.
|
|
Default: "Maximum clients reached, service unavailable."
|
|
|
|
Name: MaxConnections
|
|
Type: REG_DWORD
|
|
Meaning: This is the maximum number of simultaneous clients the server
|
|
will service.
|
|
|
|
This value may be set to zero if there is to be no limit on
|
|
simultaneous clients.
|
|
Default: 20
|
|
|
|
Name: MsdosDirOutput
|
|
Type: REG_DWORD
|
|
Meaning: If this value is non-zero, then the output of the LIST
|
|
command (usually sent as a result of a DIR from the client)
|
|
will look like the output of the MS-DOS DIR command.
|
|
Otherwise (value IS zero) then the output of the LIST command
|
|
will look like the output of the UNIX LS command.
|
|
|
|
This value also controls "slash flipping" in the path
|
|
sent by the PWD command. If this value is non-zero, the path
|
|
will contain backward "\" slashes. If this value IS zero, the
|
|
path will contain forward "/" slashes.
|
|
Default: 1 (directory listings like MS-DOS)
|
|
|
|
Name: ReadAccessMask
|
|
Type: REG_DWORD
|
|
Meaning: This value is a bitmask and controls the "readability" of
|
|
the various disk volumes in the system. Drive A: corresponds
|
|
to bit zero, drive B: is bit 1, drive C: is bit 2, etc. A
|
|
user may only read from a specific volume if the corresponding
|
|
bit is set.
|
|
Default: 0 (all read access denied)
|
|
|
|
Name: WriteAccessMask
|
|
Type: REG_DWORD
|
|
Meaning: This value is a bitmask and controls the "writability" of
|
|
the various disk volumes in the system. Drive A: corresponds
|
|
to bit zero, drive B: is bit 1, drive C: is bit 2, etc. A
|
|
user may only write to a specific volume if the corresponding
|
|
bit is set.
|
|
Default: 0 (all write access denied)
|
|
|
|
|
|
There is an additional (optional) key that may exist under the Parameters
|
|
key. After a user's account/password has been validated and the server is
|
|
impersonating that user, an attempt is made to open a key named "AccessCheck".
|
|
If this key exists, and the user cannot open it, then the user is denied
|
|
access to the FTP Server. If this key exists, and the user can only open it
|
|
for read access, then the user is given read-only access to the FTP Server.
|
|
This way, an administrator can create this "AccessCheck" key and attach
|
|
specific ACLs to the key. These ACLs will then control access to the FTP
|
|
Server.
|
|
|