Secure Ad Hoc Transfer Module, v3 User Guide. for EFT Server v6.3 and later

Secure Ad Hc Transfer Mdule, v3 User Guide fr EFT Server v6.3 and later

GlbalSCAPE, Inc. (GSB) Address: 4500 Lckhill-Selma Rad, Suite 150 San Antni, TX (USA) 78249 Sales: (210) 308-8267 Sales (Tll Free): (800) 290-5054 Technical Supprt: (210) 366-3993 Web Supprt: http://www.glbalscape.cm/supprt/ 2007-2012 GlbalSCAPE, Inc. All Rights Reserved Last Updated: April 23, 2012

Table f Cntents Intrductin t Secure Ad Hc Transfer... 5 What's New in the Secure Ad Hc Transfer Mdule... 5 Installing Secure Ad Hc Transfer... 7 Secure Ad Hc Transfer Mdule System Requirements and Installatin Prerequisites... 7 Secure Ad Hc Transfer Deplyment Methds... 8 BEFORE Installing the SAT Mdule with IIS 7.0... 9 Installing Secure Ad Hc Transfer... 10 Activating Secure Ad Hc Transfer... 17 Upgrading Secure Ad Hc Transfer... 18 Errr message: "Unable t retrieve yur e-mail address frm the Active Directry server r e-mail address is invalid"... 20 SAT Event Rules... 21 AdHcRunCmmand Custm Cmmand... 22 Uninstalling Secure Ad Hc Transfer... 23 Cnfiguring SAT... 25 The Secure Ad Hc Transfer Mdule Administratin... 25 The SAT Administratin Interface... 26 Custmizing the Secure Ad Hc Transfer Web Interface... 29 Backgrund Clr... 30 Header Image Dimensins... 30 Banner Backgrund Style... 30 Banner Image... 31 Custmizing the Ntificatin E-Mail... 31 Cnfiguring Temprary-User Accunt Plicy... 32 Adding Blacklist and Whitelist Dmains... 33 Recipient Authenticatin Optins... 33 Specifying HTML r Plain Text E-Mail Frmat... 34 Using SAT with Active Directry... 34 Default Template Lcatins... 35 Enfrcing Cmplex Passwrds fr Temprary Users... 35 Using the High Security Mdule (HSM) with the Secure Ad Hc Transfer Mdule... 35 Specifying Virtual Flders fr SAT Users... 37 Using the SAT Mdule... 39 Sending Files... 39 Picking Up Files... 40 iii

Secure Ad Hc Transfer Mdule v3 User Guide Viewing Reprts f SAT Activity... 41 Trubleshting Errrs in the SAT Mdule... 43 Failed t Cnnect t EFT Server... 43 Applicatin Errr: Unable t retrieve e-mail address frm AD... 43 SAT Mdule Applicatin Errr Cdes... 43 Index... 45 iv

Intrductin t Secure Ad Hc Transfer EFT Server's Secure Ad Hc Transfer (SAT) mdule allws yur internal users t send and receive large e-mail file attachments t recipients utside f yur rganizatin quickly, reliably, and securely, all withut having t manually create r maintain FTP accunts n EFT Server. Belw is a brief verview f what takes place behind the scenes when users send a file. 1. A user sends an e-mail with an attachment using the SAT send mail page. 2. SAT creates a new temprary accunt n EFT Server. This temprary accunt is assigned a randm username and passwrd, and expires in seven days. 3. A temprary flder is created and assciated with the temprary accunt. An e-mail is sent t the recipient with a secure hyperlink (HTTPS), and a list f files available fr dwnlad. 4. The recipient f the e-mail fllws the HTTPS link (with embedded lgin credentials) and cnnects t the default HTTPS "plaint text" interface r the Web Transfer Client. 5. The recipient can nw dwnlad the files. 6. The recipient can als uplad files if this ptin is enabled by the sender. When files are upladed, the sender is ntified that the upladed files can be picked up using the recipient's lgin credentials. After seven days, the temprary accunt is remved frm EFT Server's file system. 7. If Auditing and Reprting is enabled n EFT Server, all f the transactins assciated with the Ad Hc accunt are lgged. What's New in the Secure Ad Hc Transfer Mdule In versin 3 f the Secure Ad Hc Transfer mdule, the cnfiguratin was mved frm the web.cnfig file t an XML-based cnfiguratin file, accessible frm a web brwser-based interface, prvided fr viewing and mdifying the cnfiguratin. Varius default values and the settings that are cnfigured during the installatin (e.g., EFT Server IP address) are ppulated in the web interface autmatically. Als added in versin 3 are sme default Event Rules in EFT Server t autmatically send uplad ntificatins, delete expired temprary users, and ntify senders f uplad(s) received frm temprary users. The 2GB file limit was als remved. Fr a cmplete versin histry, refer t the EFT Server release ntes nline at http://www.glbalscape.cm/eft/histry.aspx. 5

Secure Ad Hc Transfer Mdule v3 User Guide 6

Installing Secure Ad Hc Transfer The tpics belw prvide infrmatin regarding installing the Secure Ad Hc Transfer (SAT) mdule. Secure Ad Hc Transfer Mdule System Requirements and Installatin Prerequisites The Secure Ad Hc Transfer (SAT) mdule versin 3 has been tested n Windws XP Prfessinal, Windws Server 2003, Windws Server 2008 (Standard, Enterprise, and Datacenter editins) x86-64, and Windws 7 and requires the fllwing: Cnnectin t a cmputer running EFT Server v6.3 r later If SAT is installed n a separate cmputer frm EFT Server, EFT Server must be cnfigured fr remte administratin. Micrsft Internet Infrmatin Services (IIS) Web Server versin 6 r 7. (Ideally, yu shuld install IIS first, then.net, then EFT Server, then SAT.) T use SAT with IIS7, yu must cnfigure several ptins BEFORE yu install the sftware. On perating systems ther than Windws 2008, yu will need t install.net Framewrk AFTER these features are enabled..net Framewrk Runtime versin 4 r later. (Install.NET befre installing SAT.) An available cnnectin t an SMTP mail server. Als refer t the fllwing tpics, if necessary: Allwing applicatin servers t relay ff Exchange Server 2007 (Micrsft Exchange Team Blg) Hw t trublesht mail relay issues in Exchange Server 2003 and in Exchange 2000 Server (Micrsft KB article ID 895853) Java JRE 1.6 r later running n the client (sender/user) system that will be accessing the SAT Send Mail page. (In EFT Server v6.4.0, SAT's transfer engine was updated t use Java SE Runtime v6u26 and JFileUplad versin 2.9C.) A web brwser; SAT was tested n current (as f this release) versins Internet Explrer, Firefx, Safari (Windws and Mac OS), and Chrme brwsers. Befre installing the SAT mdule, the fllwing tasks must be cmpleted: Bth EFT Server and IIS must be installed, cnfigured, and running befre installing the SAT mdule. (The installer detects which versin f IIS is installed.) If EFT Server and IIS are nt running n the same cmputer, yu must ensure that IIS can reach EFT Server via the EFT Server administratin prt. By default, the administratin prt is set t 1100. IIS and.net Framewrk versin 4 must be installed, cnfigured, and running befre installing the SAT mdule. Befre installing the SAT mdule, yu shuld have the fllwing infrmatin available: The EFT Server "server rle" administratr accunt user name and passwrd The EFT Server IP address and administratin prt number. (By default, the administratin prt is set t 1100.) The SMTP server IP address and prt number and authenticatin credentials, if required A SAT Mdule activatin serial number (unless installing as a trial) 7

Secure Ad Hc Transfer Mdule v3 User Guide The fllwing settings shuld be cnfigured in EFT Server befre installing the SAT mdule: T test the cnnectin Define a Site that uses GlbalSCAPE authenticatin r ODBC authenticatin. If SAT is using an AD r LDAP Site, it cannt create temprary users. Enable Remte Administratin in EFT Server. Enable the HTTPS prtcl in EFT Server at the Site level. Temprarily disable passwrd cmplexity fr administratr accunts during the SAT installatin. After SAT installatin is cmplete, generate a new passwrd fr SAT, then update the passwrd via the SAT administratin page. If yu are using the HS mdule and the SAT mdule with EFT Server, yu shuld create a separate, nn-pci DSS Site that is used nly fr the SAT mdule. Or yu can disable the features n the PCI DSS Site that are nt cmpatible (e.g., administratr passwrd expiratin and frced reset), but that wuld take the Site ut f cmpliance with the PCI DSS. 1. On the IIS server, pen a cmmand prmpt. 2. Type telnet <IP_address> <prt_number> then press ENTER. Fr example type: telnet 192.168.20.123 1100 If EFT Server is nt reachable, the Telnet respnse is Cnnect failed. Secure Ad Hc Transfer Deplyment Methds The Secure Ad Hc Transfer (SAT) Mdule is installed n the IIS server cmputer. The IIS server cmputer can be n the same server cmputer where EFT Server is running, r n a separate cmputer. Cmmn Deplyment Methds Place IIS with SAT inside yur netwrk. Access t the SAT interface is limited t internal users wh can exchange files with external users. Place IIS with SAT in the DMZ. Access t the SAT Web interface is available t external users wh can exchange files with internal users r ther external users. GlbalSCAPE recmmends against placing the IIS server with SAT in the DMZ t prevent pssible misuse f the SAT mdule as a mail relay. The architectural diagram belw demnstrates this setup with EFT Server and IIS bth n separate bxes. It als assumes the use f the DMZ Gateway; withut it, yu wuld need t cnfigure the slutin differently, s that recipients can reach EFT Server. 1. The sender, inside yur netwrk, cnnects t the web page prvided by IIS running the Secure Ad Hc Transfer mdule page. 2. Secure Ad Hc Transfer n IIS then fflads the file t EFT Server, creates a ntificatin message, and sends that directly t the recipient thrugh yur SMTP server. 3. The recipient cnnects using the link-back https hyperlink t EFT Server t dwnlad the available files and, if applicable, uplads files back t EFT Server fr later pick-up by the riginatr (sender). 8

Installing Secure Ad Hc Transfer BEFORE Installing the SAT Mdule with IIS 7.0 In rder t install SAT crrectly with IIS 7.0 yu will need t enable (select) several IIS features. Mst f the features that must be turned n fr SAT are n by default; use the prcedure belw t verify these settings. (Refer t http://technet.micrsft.cm/en-us/library/cc753473.aspx fr mre infrmatin abut these features.) On perating systems ther than Windws 2008, yu will need t install.net Framewrk AFTER these features are enabled. Refer als t article #10510 in the GlbalSCAPE Knwledgebase. If EFT Server and IIS are NOT running n the same cmputer, cpy EFT Server's settings.cnfig file int the SATScripts flder after installing EFT Server and SAT. T enable features necessary fr the SAT mdule t run prperly 1. Open the Prgrams and Features cntrl panel and click the Turn Windws features n r ff link n the left. 2. In the Windws Features dialg bx, expand the Internet Infrmatin Services nde. 3. Expand the Web Management Tls nde, and the IIS 6 Management Cmpatibility nde and select the fllwing check bxes: IIS Metabase and IIS6 cnfiguratin cmpatibility IIS 6 Management Cnsle 4. Expand the Wrld Wide Web Services nde and the Applicatin Develpment Features nde, and select the fllwing check bxes:.net Extensibility ASP.NET ISAPI Extensins ISAPI Filters 5. Expand the Cmmn Http Features nde and select the fllwing check bxes: Default Dcument HTTP Errrs Static Cntent 6. Expand the Security nde and select the fllwing check bxes: Request Filtering Windws Authenticatin 9

Secure Ad Hc Transfer Mdule v3 User Guide The illustratin belw shws the necessary features enabled: Installing Secure Ad Hc Transfer Befre installing the applicatin, review the System Requirements, decide n a Deplyment Methd, review the Installatin Prerequisites, then read the entire prcedure belw. Install EFT Server befre installing the SAT mdule, and make nte f the EFT Server name, IP address, username, and passwrd, because yu will need t prvide this infrmatin in the SAT installer. If yu are nt installing SAT n the same cmputer as EFT Server: Prvide IIS a direct rute and IP address t EFT Server. 10

Installing Secure Ad Hc Transfer Enable Remte Administratin in EFT Server s that the installer can remtely cnfigure EFT Server t use SAT. HTTPS must be enabled at the Site level s that the SAT scripts running n IIS can cmmunicate with EFT Server. Als see Next steps after installatin belw the prcedure fr steps t fllw after installatin is cmplete. Befre installing the SAT mdule, perfrm the steps belw in the rder listed. If yu d nt fllw each f the steps belw in the rder listed, the SAT mdule might nt functin as yu intend: 1. Review the system requirements, installatin prerequisites, and decide n a deplyment methd. 2. On perating systems ther than Windws 2008, ensure IIS is installed BEFORE.NET is installed. 3. If yu are installing SAT with IIS7, cnfigure IIS using the instructins in BEFORE Installing the SAT Mdule with IIS7. T install Secure Ad Hc Transfer 1. Cpy the installer t the cmputer n which IIS and.net are installed. (If they are nt installed, install them befre cntinuing. Refer t Secure Ad Hc Transfer System Requirements fr versin details.) 2. Install EFT Server, create the Server bject and at least ne Site, and leave the EFT Server service running. 3. Duble-click the installer. The installer wizard appears. 4. Click the drp-dwn menu, and then click Secure Ad Hc Transfer Mdule. 5. Click Next. The Welcme page appears. 6. Click Next. The Requirements Infrmatin page appears. 7. Scrll thrugh and read the requirements t ensure yu have cmpleted all requirements have gathered the necessary system infrmatin befre cntinuing with the installatin, then click Next. The License Agreement appears. 11

Secure Ad Hc Transfer Mdule v3 User Guide 8. Read the license agreement and accept it by clicking I Agree. (If yu d nt accept the license agreement, the installer exits.) The Install Trial r Full page appears. 9. D ne f the fllwing, then click Next: If yu are evaluating the SAT Mdule prir t purchase, click Trial Versin. Any time during the Trial r after it expires, yu can activate the SAT mdule. The trial versin f SAT is nt time limited; hwever, it is limited t ten e-mails with ne attachment each, per IIS sessin. If yu have purchased the SAT Mdule, click Full Versin. The Serial number page appears. Cmplete the activatin infrmatin (t avid errrs, yu can cpy and paste the serial number frm yur invice), then click Next. 12

Installing Secure Ad Hc Transfer 10. If a message appears stating that the installer did nt detect the crrect versin f the Micrsft.NET Framewrk, click Yes t exit the installer and install the crrect versin f.net Framewrk. If yu knw that the crrect versin is installed, yu can click N t cntinue with the installatin, then reslve the errr later. 11. Click Next. The Cnfigure IIS page appears. 12. Specify a website and the Virtual Flder name (the default is EFTAdHc) t use fr the SAT cmpnents, then click Next. The Chse Install Lcatin page appears. 13

Secure Ad Hc Transfer Mdule v3 User Guide 13. Specify the flder in which t install the SAT mdule (e.g., C:\Inetpub\wwwrt\EFTAdHc), then click Next. The cnfiguratin parameters page appears. 14. Prvide the EFT Server name/ip address, Server Prt (1100 by default), and EFT Server Administratr User Name and Passwrd, then click Next. The Site Cnfiguratin Parameters page appears. 15. If yu have mre than ne Site defined in EFT Server, specify the EFT Server Site Name under which yu want t install the SAT temprary users' Settings Template. Specify a Site that uses GlbalSCAPE authenticatin r ODBC authenticatin. If SAT is using an AD r LDAP Site, it cannt create temprary users. 16. Prvide a new, unique Settings Template name that will be used nly fr SAT (the default is EFTAdHc). 14

Installing Secure Ad Hc Transfer 17. Prvide the External Dmain Name fr EFT Server. This is the external server address used t access EFT Server. Because e-mail recipients can be n an external netwrk, yu shuld use a DNS instead f the actual IP address. Fr example, type myfileserver.cm (which might map t https://10.0.0.100:444). IMPORTANT: If yu are als using DMZ Gateway, then use the address f DMZ Gateway instead. 18. Click Next t cntinue. The SMTP Mail Server Parameters page appears: 19. Even if yu are installing the trial, prvide the server parameters as if it were a Full installatin. Type the SMTP Server Name/IP address, Server Prt, and Default Sender Address (e-mail). If mail server authenticatin is required, click Server Requires Authenticatin, then type the Administratr User Name and Administratr Passwrd used t cnnect t the mail server. If yu want t test the SMTP mail server cnfiguratin settings, yu can select the Test check bx t send an e-mail t an accessible accunt. 20. Click Next. Prvide the e-mail address fr the test e-mail, click Test, then click OK after the "email has been sent" message appears. 15

Secure Ad Hc Transfer Mdule v3 User Guide 21. Click Next. The SAT mdule is installed, and then a message appears telling yu that the installer has created an EFT Server administratr accunt with minimal privileges fr management f ad hc accunts. This least-privileged accunt is necessary fr IIS t cmmunicate with EFT Server; IIS will nt use yur EFT Server "server rle" admin accunt. 22. Click OK t dismiss the message. (Refer t the EFT Server help tpic Adding Server Administratrs fr details f viewing r editing the accunt.) 23. A prmpt appears telling yu t refer t the help fr additinal cnfiguratin ptins. Click OK. 24. Click Next. The final screen appears. 16

Installing Secure Ad Hc Transfer 25. If want t pen the SAT administratin interface, verify that the Launch Administratin Page check bx is selected, then click Finish. Next Steps after installatin: A few additinal steps may be necessary: The installer creates three SAT-specific Event Rules and a custm Cmmand in EFT Server. The Event Rules and Cmmand may need t be updated t reflect yur system's paths. If EFT Server and IIS are NOT running n the same cmputer, cpy EFT Server's settings.cnfig file int the SATScripts flder after installing EFT Server and SAT. Activating Secure Ad Hc Transfer When yu first install the Secure Ad Hc Transfer mdule, yu are given the chice f installing a Full r Trial versin. The trial versin is nt time limited, but file sender peratins are limited t ten per IIS sessin and a single file at a time. When yu are ready t activate the SAT mdule, yu have t reexecute the installer and click Register. T activate the full versin 1. Execute the installer and accept the license agreement. 17

Secure Ad Hc Transfer Mdule v3 User Guide 2. Click Register, then click Next. 3. Prvide yur Secure Ad Hc Transfer mdule serial number (n yur invice), then click Next. The full versin f Secure Ad Hc Transfer installs. Upgrading Secure Ad Hc Transfer When yu upgrade t a newer versin f the Secure Ad Hc Transfer (SAT) mdule, yu shuld first upgrade EFT Server. It is very imprtant that SAT have the same versin f SFTPCOMInterface.dll that the EFT Server t which SAT is cnnecting is using. Upgrading EFT Server might require als updating the SFTPCOMInterface.dll fr the SAT mdule. By default, SFTPCOMInterface.dll is stred in the EFT Server installatin directry and in C:\Inetpub\EFTAdHc fr the SAT mdule. 18

Installing Secure Ad Hc Transfer If EFT Server and SAT are n the same cmputer, then the upgrade prcess fr EFT Server will register the new.dll n the cmputer and will be used by SAT; hwever, in this case the IIS service must be restarted. This is imprtant s that ASP.NET (hsted by the "aspnet_wp.exe" prcess) will release any references t the existing COM bject and relad the new ne. If Repair is selected, the SAT installer merges the values lcated in the cnfiguratin file in the previus versin with the crrespnding variables in the new cnfiguratin file. The SAT installer creates a backup f all prir SAT files befre installing the new files (in case f custmizatins). The SAT installer des NOT cnfigure IWA when perfrming an upgrade. Upgraded SAT installatins retain their prir annymus authenticatin methd. SAT versin 3 allws Active Directry (AD) authenticatin fr the sender by default (new installs). Optinally, yu can turn ff sender authenticatin (allw annymus send) in the SAT Administratin pages. Refer t the AD Extensins sectin f the web interface fr details f turning n r ff sender authenticatin. After upgrading frm versin 2.x t versin 3.x, if yu enable sender authenticatin ("Ppulate "Frm" e-mail address using Active Directry"), end users will receive an errr regarding retrieving e-mail addresses frm Active Directry. Refer t Errr Message belw fr instructins n hw t address this issue. T upgrade Secure Ad Hc Transfer 1. Run the installer fr the new versin. Refer t Installing Secure Ad Hc Transfer fr details, if necessary. 2. Click n f the fllwing ptins, then click Next: Register- Click Register if yu have installed this versin as a Trial and nw want t upgrade t the Full versin. Repair - Click Repair if yu are upgrading frm a previus versin. 3. Fllw the prmpts t cmplete installatin. T restart IIS 1. Click Start > Run. 2. In the Run dialg bx, type iisreset, then press ENTER. A cmmand prmpt appears, IIS is reset, and then the screen clses. 19

Secure Ad Hc Transfer Mdule v3 User Guide Errr message: "Unable t retrieve yur e-mail address frm the Active Directry server r e-mail address is invalid" An errr message stating that SAT is "Unable t retrieve yur e-mail address frm the Active Directry server r e-mail address is invalid" after upgrading frm SAT versin 2 t versin 3, is caused by the fact that SAT retains the previus versin's authenticatin settings when upgrading. If yu want t use Integrated Windws Authenticatin (IWA), perfrm the prcedure belw. T use IWA with an upgraded SAT installatin 1. Disable Annymus Authenticatin and enable Windws Authenticatin in the fllwing dialg bx in the IIS manager: 2. In SAT's web.cnfig file (by default, C:\Inetpub\wwwrt\EFTAdhc\web.cnfig): a. Change authenticatin mde t Windws: b. Add the fllwing text t the <bindings> sectin f the file: 20

Installing Secure Ad Hc Transfer SAT Event Rules When yu install versin 3 f the Secure Ad Hc Transfer (SAT) mdule, sme "default" Event Rules are created by the installer. If yu are using a 64-bit system, the Event Rules and Cmmand need t be updated t reflect the 64-bit paths. (Refer t the EFT Server dcumentatin fr details f Event Rules and Cmmands.) If EFT Server and IIS are NOT running n the same cmputer: Cpy the setting.cnfig file frm C:\inetpub\wwwrt\EFTAdhc\cnfig\ t C:\Prgram Files (x86)\glbalscape\eft Server Enterprise\SATScripts\. Cpy the templates frm C:\inetpub\wwwrt\EFTAdhc\Templates\ t C:\Prgram Files (x86)\glbalscape\eft Server Enterprise\SATScripts\. See belw fr a descriptin f the AdHcRunCmmand Custm Cmmand. SAT - Capture Uplads fr Subsequent Ntify If the Settings Template is "EFTAdhc" and if the remte IP address des nt match *.*.*.* (All Incming), execute the AdHcRunCmmand custm Cmmand in C:\Prgram Files\GlbalSCAPE\EFT Server Enterprise\SATScripts t runs the SendUpladNtificatin.wsf script. The Rule abve wrks best with the Plain-Text Client. If end users are uplading with the Web Transfer Client, add a secnd Rule using the "Verified Uplad Succeeded" Event and add the Cnditin "If Using Web Transfer client des equal t Yes." Als add the "If Using Web Transfer client des equal t N" Cnditin t the Rule abve. SAT - Delete Expired Users Every day, execute the AdHcRunCmmand custm Cmmand in C:\Prgram Files\GlbalSCAPE\EFT Server Enterprise\SATScripts t run the EFTDeleteExpiredUsers.wsf script. 21

Secure Ad Hc Transfer Mdule v3 User Guide SAT - Ntify Sender f Uplad(s) Received Each minute, execute the AdHcRunCmmand custm Cmmand in C:\Prgram Files\GlbalSCAPE\EFT Server Enterprise\SATScripts t run the SendUpladNtificatin.wsf script. These Event Rules autmatically perfrm tasks that yu had t cnfigure manually in previus versins f SAT. The SAT Event Rules are enabled by default. Yu can edit the rules and disable them as needed. Refer t the "Event Rules" sectin f the EFT Server help fr details f managing Event Rules. AdHcRunCmmand Custm Cmmand The AdHcRunCmmand Custm Cmmand is created in EFT Server the when the SAT mdule is installed. AdHcRunCmmand executes C:\windws\system32\cscript.exe (r C:\windws\sysww64\cscript.exe n 64-bit systems) and includes sme custm Cmmand parameters fr executing the SAT scripts in the default SAT Event Rules. In the SAT - Ntify Sender f Uplad(s) Received Event Rule, AdHcRunCmmand includes SendUpladNtificatin.wsf //JOB:ON_TIMER in the Cmmand parameters bx. In the SAT - Delete Expired Users Event Rule, AdHcRunCmmand includes EFTDeleteExpiredUsers.wsf //JOB:DELETE_USERS in the Cmmand parameters bx. If yu edit the custm Cmmand, yu might intrduce errrs, causing the script t nt execute as designed. Instead, yu shuld create a separate cmmand, if necessary, and then yu can add it as a subsequent Actin t the Rule. 22

Installing Secure Ad Hc Transfer Uninstalling Secure Ad Hc Transfer If yu are upgrading frm versin 1.x f the SAT mdule, yu must uninstall it befre yu can install the new versin. Yu can use the Windws Prgrams and Features Uninstall tl r the prcedure belw. T uninstall Secure Ad Hc Transfer 1. Run the installer fr the new versin. Refer t Installing Secure Ad Hc Transfer fr details, if necessary. 2. Click Remve, then click Next: 3. Fllw the prmpts t remve the sftware. 23

Secure Ad Hc Transfer Mdule v3 User Guide 24

Cnfiguring SAT After installatin f the Secure Ad Hc Transfer (SAT) mdule is cmplete, the help file and yur default web brwser appear. If yur web brwser des nt display the SAT e-mail page, refer t Trubleshting Errrs in the Secure Ad Hc Transfer Mdule. A few cnfiguratin ptins yu may want t cnsider: A few cnfiguratin ptins yu may want t cnsider: The Secure Ad Hc Transfer Mdule Administratin Cnfiguratin is set during installatin, but yu can edit settings in the admin interface. Custmizing the Secure Ad Hc Transfer Web Interface Custmizing the Ntificatin E-Mail Cnfiguring Temprary-User Accunt Plicy Adding Blacklist and Whitelist Destinatin Dmains Recipient Authenticatin Optins Specifying HTML r Plain Text E-Mail Frmat Using SAT with Active Directry Default Template Lcatins Enfrcing Strng (Cmplex) Passwrds Using SAT with the HSM Specifying Virtual Flders fr SAT Users Fr advanced cnfiguratin ptins, please refer t the GlbalSCAPE Knwledgebase. GlbalSCAPE Prfessinal Services prvides custm integratin and branding services. The Secure Ad Hc Transfer Mdule Administratin Hsted alngside the Secure Ad Hc Transfer (SAT) mdule, a series f web pages is prvided in which yu can view and mdify settings stred in the cnfiguratin file. The settings in the interface are ppulated with the values yu prvided when yu installed the SAT mdule. It is nt necessary t edit the cnfiguratin t start using SAT t send e-mails. Starting in SAT v3.1, yu can als access the Send Mail Page frm within the administratin interface. Yu can access the administratin interface by ding ne f the fllwing: Enter its address in yur web brwser (e.g., http://lcalhst/eftadhc/admin/). Open it frm the Start menu (Start > Prgrams > GlbalSCAPE > Secure Ad Hc Transfer Mdule > Secure Ad Hc Administratin). Click the Secure Ad Hc Send Page icn n the desktp. If yu are unable t cnnect t the Secure Ad Hc Administratin pages, ensure that the settings in the cnfiguratin file in the SAT installatin flder are crrect (by default, C:\Inetpub\wwwrt\EFTAdhc\cnfig\settings.cnfig). Cnsideratins fr SAT administratin: In Windws 2003, make sure the administratr user has membership in the "Administratrs" grup. 25

Secure Ad Hc Transfer Mdule v3 User Guide In Windws 2008, each administratr user needs t be added individually t the administratin flder. Fr example, using an administratr-elevated cmmand windw, the fllwing cmmand line shuld grant the currently lgged in user permissin t the directry: icacls admin /T /C /grant %USERDOMAIN%\%USERNAME%:(OI)(CI)(F) In Windws 2008, the user that installs SAT will autmatically be added t the list f users allwed t access the administratin interface. It is a Windws standard t NOT allw lgins fr user accunts that d nt have a passwrd. Even if yu have access t the flder, yu will be denied access t SAT if yu are attempting t lgin in with an accunt that des nt have a passwrd. The SAT Administratin Interface The SAT administratin interface cntains fur pages with standard text bxes, check bxes, radi buttns, and drp-dwn list bxes. Each editable field has cntext-sensitive help prvided in the interface. Be sure t click Save befre navigating away frm a page in which yu changed settings. General Settings On the General Settings page, yu can set r change EFT Server cnnectin settings, SMTP server cnnectin settings, and SAT lg (auditing) settings. 26

Cnfiguring SAT Advanced Settings On the Advanced Settings page, yu can set r change EFT Server address:prt at which the SAT client applicatin will uplad files fr retrieval by recipients, SAT hst address fr picking up files, and specify the frmat in which the e-mails are sent. Security Plicy Settings On the Security Plicy Settings page, yu can set r change recipient passwrd prvisining, specify dmains t which yu allw r deny e-mails t be sent, specify recipient flder uplad-dwnlad permissins, and temprary accunt expiratin and name length. AD Extensins On the AD Extensins page, yu can set r change whether SAT will try t btain the currently lgged n user's e-mail address frm Active Directry t ppulate the Frm field, specify whether the Frm field is editable, and specify AD query attributes, search filter, and scpe. 27

Secure Ad Hc Transfer Mdule v3 User Guide In SAT v3.1 and later, yu can click the Send Mail Page link t pen the send mail page and verify yur settings. 28

Cnfiguring SAT Custmizing the Secure Ad Hc Transfer Web Interface The Web e-mail interface, the SendMail page, is designed with default clrs, backgrund, and banner image. Yu can easily brand the SendMail frm with yur cmpany lg and/r clrs. GlbalSCAPE's Prfessinal Services can custmize the interface based n yur requirements. The picture belw shws the default appearance, with Add Attachments and Shw Cc & Bcc buttns selected. T custmize the lk and feel, yu must edit the CSS files lcated in the Secure Ad Hc Transfer mdule installatin flder (by default, C:\inetpub\EFTAdHc\App_Themes). Yu shuld make a backup cpy f the style sheets (CSS), skin, templates (TLT), and cnfiguratin files befre yu edit them. The prcedures belw describe hw t edit elements in Main.css and default.skin. The fllwing files are used t define the lk and feel f Secure Ad Hc Transfer: AddressBk.css address bk mdal ppup default.skin.net theme file. Can be mdified t change buttn and banner images Errr.css errr mdal ppup style 29

Secure Ad Hc Transfer Mdule v3 User Guide Main.css main script cntent Menu.css used fr the navigatin menu thickbx.css used fr ppup effects Backgrund Clr The default clr behind the SendMail page is light gray. Yu can change the backgrund clr, which is defined in Main.css. T change the backgrund clr In Main.css, mdify the bdy style. Fr example, change: T.Backgrund {backgrund-clr: #F7F7F7;} /* light gray */.Backgrund {backgrund-clr: #FFFFFF;} /* white */ Header Image Dimensins The space in which the banner image appears is called the header. Yu can change the dimensins f the header, which are 320 pixels by 63 pixels, in main.css t suit the size f yur banner image. T change the size f the header image In Main.css, mdify Header_LgStyle. Fr example, change: T.Header_LgStyle { width: 320px; height: 63px; } /* glbalscape lg image size */.Header_LgStyle { width: 200px; height: 50px; } /* yur lg image size */ Banner Backgrund Style The banner backgrund, defined in Main.css, is a 1 pixel wide and 63 pixels tall blue gradient that is an expandable backgrund fr the banner image, banner-adhc.png. (See Banner Image, belw. T mdify the banner backgrund style In Main.css, mdify HeaderLg_BackgrundStyle. Fr example, change T.HeaderLg_BackgrundStyle { backgrund-clr: #6AA6E3; backgrund-image: url(images/banner-backgrund.png);.headerlg_backgrundstyle { backgrund-clr: #000000; } /* slid black clr backgrund */ 30

Cnfiguring SAT Banner Image The GlbalSCAPE banner image is defined in default.skin. Yu can replace the default banner image with yur wn. T mdify the banner image In default.skin, mdify the header lg image. Fr example, change: T <asp:image SkinID="Header_Lg" runat="server" ImageUrl="~/App_Themes/DarkGray/images/banneradhc.png" CssClass="Header_LgStyle" /> <asp:image SkinID="Header_Lg" runat="server" ImageUrl="~/App_Themes/DarkGray/images/yur-imagehere.jpg" CssClass="Header_LgStyle" /> Custmizing the Ntificatin E-Mail Yu can custmize the lg used fr ntificatin e-mails. That is, yu can remve the lg frm the e-mail r replace it with yur wn. GlbalSCAPE's Prfessinal Services can prvide ther custmizatins based n yur requirements. On the Advanced page f the SAT administratin interface, yu can set r change Ad Hc message cmpsitin and send ptins. 31

Secure Ad Hc Transfer Mdule v3 User Guide T remve the GlbalSCAPE lg frm e-mails On the Advanced Settings page f the SAT administratin interface, clear the Include GlbalSCAPE's lg in e-mail check bx, the click Save. T change this lg image 1. Cpy the new lg image int the \EFTAdhc\Templates flder (e.g., C:\inetpub\wwwrt\eftadhc\templates). 2. In SAT's /cnfig/ directry, pen the settings.cnfig file in a text editr (e.g., C:\Inetpub\wwwrt\EFTAdhc\cnfig\settings.cnfig), mdify the variable ImageLgFileName with the new file name. Fr example, change: T <add key="imagelgfilename" value="email_lg.gif" /> <add key="imagelgfilename" value="yur-image-here.jpg" /> Cnfiguring Temprary-User Accunt Plicy Temprary-user accunts are created when yu send a file t a recipient that is nt defined in EFT Server. On the Security Plicy page f the SAT administratin interface, yu can cnfigure the temprary-user accunt plicy. T change temprary-user accunt plicy 1. Lg in t the SAT administratin interface (e.g., Start > Prgrams > GlbalSCAPE > Secure Ad Hc Transfer Mdule > Secure Ad Hc Cnfiguratin). 2. In the left navigatin page, click Security Plicy. The Security Plicy page appears. 3. Edit the settings as needed: Cnfiguring temprary-user accunt expiratin By default, the accunt expires after 7 days. Yu can cnfigure the number f days after which the accunt is t expire r cnfigure the accunt t nt expire. T change the expiratin perid, change Remve temprary accunt after: [ N ] (days) t the number f days after which yu want the accunt t expire r 0 (zer) if yu d nt want the accunt t expire. Cnfiguring temprary user accunt name length By default, the name length is 10 characters. T change the accunt name length, change Temprary accunt name length [N] characters t the number f characters yu want. Cnfiguring temprary-user accunt permissin EFT Server administratrs can cntrl which permissins are set when a SAT user tggles Allw Uplad when sending an e-mail by editing the permissins in the Resurces Cntrl Plicy area. 4. Click Save t save yur changes n the Server. 32

Cnfiguring SAT Adding Blacklist and Whitelist Dmains Yu can cnfigure Secure Ad Hc Transfer t blck (Blacklist) r allw (Whitelist) nly specific dmains. That is, if yu d nt want users t send files t r frm certain e-mail accunts, yu wuld add that dmain t the blacklist. The value applies t e-mail address in the Frm, T, CC, and BCC fields. T blck r allw specific dmains 1. Lg in t the SAT administratin interface (e.g., Start > Prgrams > GlbalSCAPE > Secure Ad Hc Transfer Mdule > Secure Ad Hc Cnfiguratin). 2. In the left navigatin page, click Security Plicy. The Security Plicy page appears. T allw e-mails t be sent t all dmains EXCEPT ne r mre specified, click Allw send t all dmains except, then specify the dmains t which yu want t prevent e- mails frm being sent. T blck e-mails frm being sent all dmains EXCEPT ne r mre specified, click Deny t all dmains except, then specify the dmains t which yu want t ALLOW e-mails t be sent. Separate multiple dmains by cmmas. 3. Click Save t save the changes n the Server. Recipient Authenticatin Optins By default, SAT ntificatin e-mails include a hyperlink t lg the recipient in t the Web Transfer Client autmatically t dwnlad the files that were sent. Optinally, yu can cnfigure SAT t prvide lgin credentials in ne email, separate e-mails (ne with the username, anther with the passwrd), r just the username, with the passwrd t be sent by ther means, such as a phne call. Yu can als specify whether SAT users are allwed t send t nly specified dmains r are denied sending t specified dmains. T change temprary-user Access Cntrl Plicy 1. Lg in t the SAT administratin interface (e.g., Start > Prgrams > GlbalSCAPE > Secure Ad Hc Transfer Mdule > Secure Ad Hc Administratin). 2. In the left navigatin page, click Security Plicy. The Security Plicy page appears. 3. In the Access Cntrl Plicy area, edit the settings as needed: Recipient passwrd prvisining Click the drp-dwn list t specify hw the lgin credentials fr retrieving files are prvided t the recipient: Username and passwrd in same e-mail message Username and passwrd in separate messages Username and passwrd in separate messages (t sender, and then sender prvides t the recipient by ther means) 33

Secure Ad Hc Transfer Mdule v3 User Guide Username (t recipient) and passwrd (t sender, and then sender prvides t the recipient by ther means) Single-click authenticatin is specified (username and passwrd are embedded in a link) Delay [N] secnds befre sending secnd e-mail cntaining the passwrd When the username and passwrd are sent in separate messages, yu can specify a delay between sending each e-mail. 4. Click Save t save yur changes n the Server. Specifying HTML r Plain Text E-Mail Frmat In Secure Ad Hc Transfer's cnfiguratin file, yu can specify whether the system will send e-mails in HTML r Plain Text frmat. This is a glbal setting that applies t all e-mails; it is nt user cnfigurable. T specify whether e-mails are sent as plain text r HTML 1. Lg in t the SAT administratin interface (e.g., Start > Prgrams > GlbalSCAPE > Secure Ad Hc Transfer Mdule > Secure Ad Hc Administratin). 2. In the left navigatin page, click Advanced. The Advanced Settings page appears. 3. In the E-mail frmat area, specify a frmat, either HTML r text. 4. Click Save t save yur changes n the Server. Using SAT with Active Directry SAT allws Active Directry (AD) authenticatin fr the sender by default (new installs). This page is fr enabling AD extensins fr restricting access t the SAT page; it has nthing t d with hw the SAT mdule wrks in cnjunctin with EFT Server. If yu plan t verride SAT s Integrated Windws Authenticatin by mdifying the cnfiguratin settings file s Path, DmainAdminUser, DmainAdminPass (base64 encded), and AuthenticatinMethd fields, yu must als set "CnnectinSettingEnabled" value="true", therwise thse values will NOT be used by SAT. T change Active Directry infrmatin in SAT 1. Lg in t the SAT administratin interface (e.g., Start > Prgrams > GlbalSCAPE > Secure Ad Hc Transfer Mdule > Secure Ad Hc Administratin). 2. In the left navigatin page, click AD Extensins. The AD Extensins page appears. 3. Edit the settings as needed: Ppulate "Frm" email address using Active Directry When the Ppulate "Frm" email address using Active Directry check bx is selected, SAT will query the AD server fr the email address f the currently lgged in user t ppulate the Frm field n the Send Mail page. If this check bx is selected when AD is nt being used, SAT will get an applicatin errr. Disable "Frm" field (dn't allw verride) when using AD fr ppulating e-mail address Select this check bx when Ppulate "Frm" email address using Active Directry is selected if yu d nt want senders t change the "Frm" address. AD Query Parameters Edit these fields t match the AD server's parameters fr finding e- mail addresses t ppulate the "Frm" address. 4. Click Save t save yur changes n the Server. 34

Cnfiguring SAT Default Template Lcatins E-mail ntificatins are frmatted by templates stred n the cmputer n which SAT is installed. (By default, stred in C:\Inetpub\wwwrt\EFTAdhc\Templates.) ErrrReprtMessage.tlt and ErrrReprtMessage.txt When a SAT send event fails t wrk fr any reasn, a message bx appears that allws the sender t send a ntificatin t the SAT administratr. These templates prvide the text f the e-mail ntificatin. PasswrdMessage.tlt and PasswrdMessage.txt One f tw ntificatins sent t a temprary user when the lgin username and passwrd are sent in separate emails. Includes the passwrd, dwnlad URL, and an expiratin date. UsernameMessage.tlt and UsernameMessage.txt One f tw ntificatins sent t a temprary user when the lgin username and passwrd are sent in separate emails. Includes the username;, dwnlad URL, and an expiratin date. UsernamePasswrdMessage.tlt and UsernamePasswrdMessage.txt Ntificatin sent t temprary user when bth username and passwrd are sent in the same e-mail; cntains lgin credentials, dwnlad URL, and expiratin date. SingleClickAuthenticatinMessage.tlt and SingleClickAuthenticatinMessage.txt Message sent when t temprary user when Single-Click Authenticatin (lgin credentials embedded in the link) is used; includes lgin credentials, a file list, a dwnlad URL, the singleclick URL, and the date that the file dwnlad will expire. SendUpladNtificatinMessage.tlt and SendUpladNtificatinMessage.txt When a SAT user sends attachments t a temprary user, and that temprary user is allwed t uplad files in return, a ntificatin that files were upladed by the temprary user is sent t the SAT user. The ntificatin includes the filename and lcatin, the accunt credentials, the dwnlad URL, and the server time. Enfrcing Cmplex Passwrds fr Temprary Users If yur EFT Server passwrd settings are set t use a minimum f mre than 20 characters, the SAT temprary user creatin will fail. If yur EFT Server Site's cmplex passwrd settings require mre than 20 characters, be sure t cnfigure the EFTAdHc Settings Template t verride the Site's passwrd settings s that cmplex passwrds fr SAT temprary users cntain fewer than 20 characters. Refer t "Enfrcing Cmplex Passwrds at the Site Level" in the EFT Server dcumentatin fr mre infrmatin abut cnfiguring cmplex passwrds. Using the High Security Mdule (HSM) with the Secure Ad Hc Transfer Mdule When installed with the default settings, SAT vilates a cuple f the Payment Card Industry Data Security Standard (PCI DSS) requirements. Hwever, yu can adjust these default settings. Wrkarunds fr using SAT and cmplying with PCI DSS: PCI DSS requirement 8.5.3: Requires users t reset their passwrds t a unique value upn first use. On the SAT User Settings Template (e.g., EFTAdhc) Security tab, clear the Frce users t change their first-time passwrd immediately upn first use check bx. PCI DSS requirement 8.5.9: Change user passwrds at least every 90 days: On the SAT User Settings Template (e.g., EFTAdhc) Security tab, yu shuld disable the Frce user t change their first-time passwrd check bx passwrd reset ptin. This will als disable the passwrd expiratin ptins fr all users n this Settings Template. (Clearing the Allw users t reset their passwrds check bx als clears the Frce users t change their first-time passwrd check bx.) 35

Secure Ad Hc Transfer Mdule v3 User Guide If the SAT administratr passwrd expires r changes, the value stred in the SAT mdule's cnfiguratin file will n lnger be valid. This means that each time the SATgenerated administratr accunt passwrd expires and then is reset, yu wuld have t change the passwrd n the SAT administratr page. Therefre, n the Server's Administratin tab, click the SAT administratr accunt, then click Passwrd Plicy and in the Passwrd Security Settings dialg bx, clear the Expire passwrds check bx. If yur EFT Server Site's cmplex passwrd settings require mre than 20 characters, be sure t cnfigure the EFTAdHc User Settings Template in EFT Server t verride the EFT Server Site's passwrd cmplexity settings s that cmplex passwrds fr SAT temprary users cntain fewer than 20 characters. Refer t Enfrcing Strng (Cmplex) Passwrds in the EFT Server help fr details f creating cmplex passwrds. When yu make these changes n a PCI DSS-enabled ("strict security settings") Site, the PCI DSS Vilatins Detected dialg bx appears. Click Apply this change anyway, then in the Prvide justificatin r describe cmpensating cntrl bx, paste text similar t the fllwing example: 36

Cnfiguring SAT Ad hc accunts are shrt-lived accunts with a unique (PCI DSS 8.5.3) and cmplex (PCI DSS 8.5.10,11) system-generated passwrd. The need t "change after first use" is bviated by the autnmus nature in which the passwrd was generated, as ppsed t traditinal methds in which an administratr creates a "first time" use passwrd fr a user, with its bvius security implicatins. Specifying Virtual Flders fr SAT Users If yu wuld like t stre temprary users' flders n a remte cmputer, yu can cnfigure that in EFT Server's Virtual File System (VFS) s that when a file is sent, the temprary user's hme flder is created at the lcatin yu specified fr the Virtual Flder. Similar t a shrtcut, yu can pint a Virtual Flder t a physical path n the same cmputer r n a remte cmputer, but the cmputer n which SAT and IIS are installed must have permissin t write t that flder. Fr details f specifying the Virtual flder, refer t "Specifying Virtual Flders fr SAT Users" in the EFT Server help dcumentatin. 37

Secure Ad Hc Transfer Mdule v3 User Guide 38

Using the SAT Mdule The tpics belw prvide infrmatin regarding using the Secure Ad Hc Transfer mdule. Sending Files SAT v2 defaulted t annymus authenticatin. If yu upgraded frm SAT v2 t SAT v3, this will be unchanged. Fr new installs f SAT v3, NT authenticatin is nw standard. In rder t send emails, yu must have an accunt n the cmputer frm which yu are attempting t send a message and must be a member f the "User s" grup. T send a file using Secure Ad Hc Transfer 1. Cnnect t the SAT Send Mail page: In yur web brwser, prvide the IP address r dmain name t the IIS website running the Secure Ad Hc Transfer mdule, depending n the website and Virtual Flder yu chse during installatin. Fr example, type 192.168.20.156/EFTAdHc r www.eftadhc.cm. (Or frm the Start menu, click Prgrams > GlbalSCAPE > Secure Ad Hc Transfer Mdule > Secure Ad Hc Send Page.) The Send Mail page appears. If the send mail page des nt appear, verify that Java JRE 1.6 r later is running n the client (sender/user) system. If the web page des nt appear, try http instead f https. (Administratrs can refer t Trubleshting Errrs in the Secure Ad Hc Transfer Mdule fr assistance.) 2. In the Frm bx, type yur e-mail address. The Frm address is stred in a ckie fr ne day after a successful e-mail has been sent. Subsequent e-mail messages cntain the previus Frm e-mail address, unless yu verwrite it. When Windws Authenticatin is used (the default), SAT btains the crrespnding user s e-mail address frm the Active Directry accunt and ppulates the Frm field with that address. If the Frm address is disabled, it is because SAT is using yur Active Directry prvisined e-mail address, and yu are nt allwed t specify an alternate frm/sender address, fr security reasns. 3. In the T bx, type the destinatin address (the intended recipient). If yu have sent mail frm this page befre, addresses yu used previusly were stred in a ckie. As yu type an address, SAT will autmatically suggest addresses that yu've used befre. Yu can add multiple addresses separated by semiclns. 4. T shw the Cc and Bcc bxes (advanced e-mail ptins), n the menu bar, click Shw Cc & Bcc. (T hide the bxes, click Shw Cc & Bcc again.) Type the destinatin address (the intended recipient). Yu can use the Cc and Bcc bxes just as yu d the T bx. Yu can add multiple addresses separated by cmmas, e.g., email1@bcd.cm, email2@fsr.cm. SAT limits the T, Frm, and CC field length t 2048 characters, truncating characters that exceed the limit. 5. If yu want t send a cpy f the message yur e-mail address, click Send me a blind carbn cpy. 6. If yu want the recipient t be able t send yu files, select the Allw recipient t send me back files, which enables uplad permissins t the temprary flder created fr the recipient. 7. (Optinal) In the Subject bx, type the tpic f the e-mail. 8. (Optinal) In the Bdy bx, type a message. 39

Secure Ad Hc Transfer Mdule v3 User Guide 9. Click Add Attachments t attach ne r mre files t the e-mail. (Attachments are nt required if Allw recipient t send me back files is selected). As the sender (riginatr) f a file using Secure Ad Hc Transfer, yu can authrize the recipient t uplad a file that yu can later retrieve. Fr example, yu can send a dcument t a reviewer, then the recipient can make edits t the dcument and uplad the edited dcument. When the recipient uplads the file, yu receive a ntificatin e-mail that cntains the same hyperlink and lgin credentials that were prvided t the recipient. 10. At the bttm f the page, a file brwser appears. Click Select file(s)/flder(s) t brwse fr and select ne r mre files r flders t attach. The filename, size, and date f each file appears in the file brwser. The number f files selected fr uplad appears in the status bar. 11. T remve attachments, right-click the attached file, then click Remve selected item(s) r Remve all items. 12. Click Send. EFT Server creates a temprary accunt username and passwrd fr the recipient, and then uplads the files. The transfer percent cmpleted appears in the status bar as the files are upladed. "Upladed cmpleted" appears in the status bar and a "Cmplete" message bx appears when the transfer is cmplete. Recipients receive a message ntifying them f the files t be picked up, the URL frm which t pick up the files, and lgin credentials infrmatin. Picking Up Files When a file is sent using Secure Ad Hc Transfer, the recipient receives an e-mail message with a secure HTTP hyperlink and lgin credentials infrmatin. T pick up a file 1. In the e-mail, click the hyperlink. 2. In the lgin page that appears, prvide yur lgin credentials, then click OK. If using the Web Transfer Client: T dwnlad a file, duble-click the file in the remte pane t transfer it t yur lcal files and flders. T uplad a file, duble-click the file in the lcal pane t transfer it t the remte file system. If using the Plain Text Client, a list f files available fr dwnlad appears. T dwnlad a file, click a file name. T uplad a file, click Brwse, click a file t uplad, then click Uplad. Refer t the EFT Server nline help fr mre infrmatin abut the Web Transfer Client r Plain Text Client. 40

Using the SAT Mdule Viewing Reprts f SAT Activity With EFT Server's Auditing and Reprting mdule (ARM), yu can generate reprts f SAT activity. Yu d nt have t cnfigure anything extra in the SAT mdule--if the ARM mdule is installed, licensed, cnfigured, and enabled, it is cllecting SAT data that yu can use in ARM reprts. The predefined SAT reprts prvide the time the e-mail was sent, Site name, Frm e-mail address, T e-mail address, Subject line f the e-mail, e-mail type, attached file name, file size, expiratin date, and temprary user name. Activity-SAT by File (Detailed) - This reprt displays all Secure Ad Hc Transfer mdule activity fr a specified file name, and srted by date in reverse chrnlgical rder. In versin 6.1 and later, if a user sent multiple files n ne e-mail via the SAT mdule, each f the files are listed in the reprt. Activity-SAT By Recipient (Detailed) - This reprt displays all Secure Ad Hc Transfer mdule activity fr a specified recipient's e-mail address, and srted by date in reverse chrnlgical rder. In versin 6.1 and later, if a user sent multiple files n ne e-mail via the SAT mdule, each f the files are listed in the reprt. When yu click Shw Reprt, the Enter Reprt Parameters dialg bx appears. Prvide the entire e-mail address. Activity-SAT by Sender (Detailed) - This reprt displays all Secure Ad Hc Transfer mdule activity fr a specified sender's e-mail address, and srted by date in reverse chrnlgical rder. In versin 6.1 and later, if a user sent multiple files n ne e-mail via the SAT mdule, each f the files are listed in the reprt. When yu click Shw Reprt, the Enter Reprt Parameters dialg bx appears. Prvide the entire e-mail address. Activity-SAT (Detailed) - This reprt displays activity fr Secure Ad Hc Transfer mdule activity, srted by date in reverse chrnlgical rder. In versin 6.1 and later, if a user sent multiple files n ne e-mail via the SAT mdule, each f the files are listed in the reprt. Activity-SAT (Summary) - This reprt displays all Secure Ad Hc Transfer mdule activity, gruped by username, and srted by date in reverse chrnlgical rder. In versin 6.1 and later, if a user sent multiple files n ne e-mail via the SAT mdule, each f the files are listed in the reprt. Fr details f creating and viewing reprts f SAT activity, refer t dcumentatin fr the Auditing and Reprting Mdule. 41

Secure Ad Hc Transfer Mdule v3 User Guide 42

Trubleshting Errrs in the SAT Mdule Refer t the articles belw fr trubleshting assistance. Failed t Cnnect t EFT Server A variety f prblems can cause SAT t be unable t cnnect t EFT Server, as described in this Trubleshting chapter. A cmmn prblem is that incrrect values were chsen during installatin (e.g., the wrng IP address r prt number was prvided) r IIS,.NET, and SAT were nt installed in that rder. Verify the values supplied fr cnfiguratin in the SAT Administratin pages. If yu are unable t cnnect t the SAT Administratin pages (e.g., http://lcalhst/eftadhc/admin/) ensure the settings in the cnfiguratin file in the SAT installatin flder are crrect (by default, C:\Inetpub\wwwrt\EFTAdhc\cnfig\settings.cnfig). Refer t SAT Mdule Applicatin Errr Cdes fr any cdes that appear n the errr page. Applicatin Errr: Unable t retrieve e-mail address frm AD If yu receive an applicatin errr that says, "Secure Ad Hc Transfer (SAT) was unable t retrieve yur e-mail address frm the Activity Directry server r the e-mail address is invalid," the SAT administratr shuld verify the AD Settings in the SAT administratin interface. SAT Mdule Applicatin Errr Cdes When errrs ccur during the peratin f the SAT mdule, an errr number appears at the tp f the Send Mail page. Use the errr cde t trublesht the issue. The table belw prvides descriptins fr pssible applicatin errrs that can ccur with the SAT Mdule. Errr Descriptin 10001 Nt enugh disk space t uplad the files n drive {0} strtempfldername 10003 The system culd nt save files t temprary directry 10006 The caller des nt have the required permissin t create the specified path (LgPath). 10007 The caller des nt have the required permissin t create the specified path (IISUpladFlder). 10008 The caller des nt have the required permissin t delete the upladed File in the temprary directry. 10009 Unhandled Web exceptin. Refer t the lg files fr details. 10010 Unhandled exceptin. Refer t the lg files fr details. 10011 Failed t instantiate CIServer. Ensure SFTPCOMInterface.dll is registered n the applicatin server. 10012 Culd nt initiate cnnectin t EFT Server. 10013 The Site name {0} defined in the cnfiguratin file cannt be fund n EFT Server. 10014 The temprary user cannt be created n Site {sitename} f the EFT Server. Mst likely cause: SAT was installed n an AD r LDAP Site, which cannt create temprary users. Reinstall SAT n a GS r ODBC Site s that EFT Server can create the temprary users. 10015 Failed t set permissins fr temprary user n Site {sitename} f EFT Server 10016 Culd nt get a reference t the temprary user n Site {sitename} f EFT Server 10017 Culd nt set user hme directry as rt flder fr Temprary user n Site {sitename} f EFT Server 10018 Failed t set expiratin date fr temprary user n Site {sitename} f EFT Server 10019 Failed t reset permissins fr a temprary user n Site {sitename} f EFT Server 10020 Failed t send message by e-mail. Refer t lg files fr details. (Often caused by the SMTP server being unavailable.) 43

Secure Ad Hc Transfer Mdule v3 User Guide Errr Descriptin 10021 Expired Versin 10022 Failed t instantiate ClientFTPEngineClass. Ensure ClientFTPCOMLib.dll is registered n the Applicatin Server. 10023 Failed t get retrieved Settings Template fr the EFTAdHc Setting Template. Ensure the EFTAdHc Settings Template was created n EFT Server. Refer t the lg files fr details. 10024 Cmplex passwrd fr the user culd nt be created n Site {sitename} 10025 Change passwrd fr the user culd nt be created n Site {sitename} 10026 Culd nt set New Full Name fr the user. 10027 Access t the path is denied. Refer t the lg files fr details. 10028 Internal errr has ccurred; SAT cannt cntact the Active Directry Services. Smetimes ccurs when the AD server is nt peratinal. 10029 Internal errr has ccurred; Failed t deliver the paylad t the temp accunt flder. This can be caused by ne f the fllwing errrs: IIS des nt have permissin t place the file(s) in the temp accunt flder. The end user's hme flder drive ran ut f space r the physical flder des nt exist. The lg file will read: "An exceptin has ccurred while mving the paylad. Errr: {0} StackTrace: {1}" The physical destinatin path is greater than 250 characters. The lg file will read: "Files cannt be delivered due t the Path '{0}' because the Fullname is greater than 250 characters. Please change the SAT User Setting physical path n EFT Server t use a shrter path." 44

Index A Access Cntrl Plicy... 25 Activating Secure Ad Hc Transfer... 17 Active Directry... 25, 34, 43 Activity-SAT... 41 Activity-SAT By Recipient... 41 AD... 34 AD Extensins... 43 Adding Blacklist and Whitelist Dmains... 33 Advanced Settings... 25 Allw Uplad... 32 Applicatin Errr Unable t retrieve e-mail address frm AD.. 43 Auditing... 41 B Backgrund Clr... 29 Banner Image... 29 BEFORE Installing the SAT Mdule with IIS7... 9 BlackListDestinatinDmain... 25 brand... 29 C Cmplex Passwrds fr Temprary Users... 35 Cnfiguratin Pages... 25 cnfigure... 25, 35, 43 Cnfiguring Temprary User Accunt Expiratin... 32 Cnfiguring Temprary-User Accunt Plicy... 32 Cnfiguring the Secure Ad Hc Transfer Mdule... 25 Cnfiguring the Secure Ad Hc Transfer Mdule v3... 25 Custmizing... 29 Custmizing the Ntificatin E-Mail... 31 Custmizing the Secure Ad Hc Transfer Web Interface... 29 D Default Template Lcatins... 35 DefaultPermissinMask... 25 Delaying the Passwrd Ntificatin E-Mail... 25 Disable... 25 E EFTAdHc... 25 EmailBehavir... 25 EmailTemplateFrmat... 25 Enfrcing Strng (Cmplex) Passwrds... 35 errr... 43 errr cdes... 43 Expirydays... 25 F Failed t Cnnect t EFT Server... 43 Frm... 43 H Header_Lg... 29 HTML... 34 I IIS... 7, 25 IIS 7.0... 9 IIS7... 7 installing... 10 Installing Secure Ad Hc Transfer... 7, 10 Intrductin t Secure Ad Hc Transfer... 5 L LckFrmField... 25 LgLevel... 25 LgPath... 25 M mailfiltering... 25 N NET... 7 Ntificatin E-Mail... 31 Ntify Sender... 21 P Passwrd Ntificatin E-Mail... 31, 33 PasswrdEmailOffset... 25 PCI Site... 35 Picking Up Files... 40 Plain Text... 34 Ppulate... 25 R Register- Click Register... 18 Reprting... 41 S samaccuntname... 25 SAT Activity... 41 SAT Event Rules... 21 SAT Mdule Applicatin Errr Cdes... 43 SearchFilter... 25 Secure Ad Hc Send Page... 39 Secure Ad Hc Transfer System Requirements 7 Send Mail... 43 SenderEmailDisplayAttribute... 25 45

Secure Ad Hc Transfer Mdule v3 User Guide Sending a File Using Secure Ad Hc Transfer 39 Sending Files... 39 SendMail... 29 SendPasswrd... 25 SendUpladNtificatin... 21 SendUserName... 25 SetFrmFieldWithEmail... 25 settings.cnfig... 25 Single-Click Authenticatin... 33 SMTPAuthenticate... 25 SMTPServer... 25 SMTPServerPrt... 25 Specifying HTML r Plain Text E-Mail Frmat. 34 Specifying Virtual Flders in EFT Server fr Ad Hc users... 37 SystemEmail... 25 T Temprary Accunt Plicy... 32 TempUserNameLength... 25 Trubleshting Errrs in the Secure Ad Hc Transfer Mdule... 43 U uninstallatin... 23 Uninstalling the SAT Mdule... 23 upgrading... 18 Upgrading Secure Ad Hc Transfer... 18 Uplad... 21, 40 UpladEFTServerAddress... 25 UpladPermissinMask... 25 UpladPrt... 25 URLPattern... 25 userprincipalname... 25 UseSmartEmailTextBxes... 25 Using SAT with Active Directry... 34 Using the HS Mdule with the Secure Ad Hc Transfer Mdule... 35 Using the Secure Ad Hc Transfer Mdule... 39 V VFS... 37 Viewing Reprts f SAT Activity... 41 Virtual Flders fr Ad Hc Users... 37 W WaitFrUpladsDuratinSecs... 25 Web Server... 7 What's New in Secure Ad Hc Transfer... 5 Whitelist... 33 WhiteListDestinatinDmain... 25 Windws 2008... 7 Windws Server 2003... 7 X x86-64... 7 46