This section contains best practice recommendations for NTFS permissions on Windows folders on a MOVEit Transfer system.
To make the configuration of permissions easier, create a new MOVEit System group to hold all the users under which the MOVEit Transfer application runs. Add the following users to the group. After creating this group and applying permissions as described below, reboot your machine so that these permissions take effect, because some of these users only sign on during a reboot.
User/Group |
Description |
System |
Built-in LocalSystem account (used by MOVEit scheduled tasks) |
IUSR_... |
Built-in anonymous web access account (used by online application) |
IWAM_... |
Built-in anonymous web access account (used by online application) |
ASPNET |
Built-in ASP.NET account (used by online application) |
NETWORK SERVICE |
(Windows 2003 Only!) Built-in group for network services (used by online application) |
The following table shows the permissions to assign to the MOVEit System group and the Administrators group. (Administrators need access to install/update the application.)
Recommended: First install MOVEit Transfer a minimum of one time before applying these permissions. (MOVEit Transfer will set up the directory structure.) Read permissions are assigned by default, and include list and execute permissions.
Windows Folder |
Administrators |
MOVEit System |
(isapiroot) |
Full |
Read/Execute/List |
(mysqlroot) |
Full |
Full |
(nonwebroot) |
Full |
Read/Execute/List |
(nonwebroot)\certs |
Full |
Full |
(nonwebroot)\com |
(Inherit) |
|
(nonwebroot)\files |
Full |
Full |
(nonwebroot)\installscripts |
Full |
(None) |
(nonwebroot)\logs |
Full |
Full |
(nonwebroot)\messagefiles |
(Inherit) |
|
(nonwebroot)\scheduler |
Full |
Full |
(nonwebroot)\util |
Full |
(None) |
(program files)\moveit |
Full |
Read/Execute/List |
(webroot) |
Full |
Read/Execute/List |
(webroot)\bin |
(Inherit) |
|
(webroot)\COM |
(Inherit) |
|
(webroot)\doc |
(Inherit) |
|
(webroot)\images |
(Inherit) |
|
(webroot)\images\bullets |
(Inherit) |
|
(webroot)\images\customscheme |
(Inherit) |
|
(webroot)\images\instlogos |
Full |
Full |
(webroot)\templates |
Full |
Full |
If more stringent NTFS control is desired, the following changes are recommended: