Permissions Pane
From the server console, click Configuration > Permissions
Note
- Changes you make on this pane do not affect permissions for existing client connections. You can restart the server to enforce these settings for all connections.
- Items on this pane can be configured globally or as part of a subconfiguration.
Caution
To ensure that the server launches the correct program for Terminal provider and Exec request prefix , use a fully-qualified path name and enclose any path name that includes spaces in double quotation marks. (If the executable or path name has a space in it, because of the way the Windows API function used by the server parses spaces, there is a risk that a different executable could be run. For details, see "Security Remarks" in the MSDN article at http://msdn.microsoft.com/en-us/library/ms682429.)
Permission settings
| Setting | Description |
|---|---|
| Deny all logins | Select to configure the server to deny all new client connections. : This setting does not affect existing client sessions. , This setting is not available for subconfigurations. Use Access Control to control access by host, group, and/or user. , . |
| Allow terminal shell | Specifies whether to allow client users access to a command window. You may also need to edit your operating system security settings to allow users access to a terminal shell. For more information, see Command Shell Access. |
| Terminal provider | Specifies which program to launch when a client connects to the server and Allow terminal shell is enabled. The program must be a text-based command-line utility. The default setting is cmd.exe, which launches a standard Windows command window. |
| Terminal default directory | Specifies the login directory for terminal shell sessions. You can specify any physical directory, or use one of the supported pattern strings to specify user-specific directories. The default (%D) specifies the Windows user profile folder. |
| Allow exec requests | Specifies whether to allow the client to execute commands on the server. |
| Exec request prefix | This setting is available only when Allow exec requests is enabled. Use it to specify text to prepend to a command sent by the client. |
| Allow non-interactive users to log on | Clear this setting to prevent non-interactive users from being able to connect to the server. Non-interactive users are those who do not have the right to "Allow log on locally" (or "Log on locally") as configured in the local computer Security Policy. |
File transfer
| Option | Description |
|---|---|
| Allow SCP1 | Clear to disable transfers using the SCP1 protocol. This protocol is used for scpcommands from OpenSSH clients. The SCP1 protocol doesn't use the SFTP subsystem; it executes an rcp command through the secure channel. When Allow exec requests is enabled, SCP1 transfers are still possible, even if you have cleared this check box. |
| Use SFTP accessible directory settings for SCP1 | Select to apply SFTP Directories pane settings to scp transfers from OpenSSH clients. |
| Allow SFTP/SCP2 | Clear to disable transfers using SFTP and SCP2 (which use the SFTP subsystem). |
| Allow smart copy & resume | Clear this setting to disable Smart Copy and Checkpoint Resume. Disabling these features means that existing files are always overwritten and file transfer always starts over after an interruption. Disabling smart copy and checkpoint resume is product-dependent; it affects transfers to and from current versions of all Reflection for Secure IT clients, but does not affect the behavior of all SSH clients. |
| Automatically delete failed transfer | When enabled, if an upload transfer fails, for reasons other than a user cancelling the transfer, the incomplete file will be deleted automatically. NOTE: Enabling this feature automatically disables the Allow smart copy & resume. Both settings cannot be enabled simultaneously. |
Tunneling
| Option | Description |
|---|---|
| Allow client to server (local) port forwarding | Clear to disable local port forwarding requests made by the client. |
| Allow server to client (remote) port forwarding | Clear to disable remote port forwarding requests made by the client. |
More information