Top tips for Globalscape EFT administrators
This post answers common Globalscape EFT administrator questions, including logging into EFT, the EFT password reset process if you have an EFT forgotten password and more.
Logging in EFT Server: EFT forgotten password
When configuring Globalscapes’ Enhanced File Transfer solution (EFT) for the first time, you are asked to create a login to allow administration of the EFT Server. In addition to this, if you have the High Security Module, you can use Active Directory (AD) linked accounts to access the server. This is fine until you forget the main administration login or the link between the server and the AD is broken.
At this point you could be stuck with EFT still accepting files and triggering event rules, but have no way to administer the system.
In this case, all is not lost…
Follow the steps below and you should be able to access your system again;
- You will need to logon to the server as an administrator. Create a local server account and add it to the “local administrators” group on the server. e.g. Create a local windows account called EFTAdministrator and make sure there is a password (N.B. a domain account which is a member of the Local Administrators group will not work, it must be a local account.)
- When you have created this account, open the EFT administration application on the server.
- Set the login method to be “Windows Authentication”
- Login as .\EFTAdministrator and give the password.
- This SHOULD take you in as an administrator to the server.
- At this point you can update the password for the “normal” login and check that the password has not expired. These settings can be seen on the “Password Policy” Button off the Administration screen in the Server settings.
If this does not work you may have a more serious problem with your EFT server. Contact Pro2cols’ UK based Globalscape support team on firstname.lastname@example.org and we can help.
Securing your Administrator Access
Globalscape EFT server allows administrators to authenticate login credentials using either in-built authentication or, if the High Security Module has been licensed, using an Active Directory account.
AD Accounts are recommended for administrators as these are unique for each administrator and have security policies enforced against them. If administrators do not use AD accounts, then EFT can manage account password complexity, expiry and lockouts. By default these settings are all turned off but it is recommended to enable these for all EFT managed administration accounts.
To configure the options, navigate inside EFT to the server’s “administration” pane. Selecting an administrator account, will allow you to set the account policy and password policy.
Account policy setting will enable you to set what happens if too many incorrect admin login requests are received, account expiration settings and how long to leave an administration session before terminating it for inactivity. Password length, complexity history and reset options can all be configured from the “password policy” button.
In addition to ensuring your account password settings are configured, securing remote access is also recommended but is also not set as default. If you have remote access enabled, you should secure it using SSL as all settings, including passwords, will be transmitted in plain text between the administration client and the server.
You can reuse an existing certificate pair, assuming you have the correct private key and password, or create a new certificate pair from the “create” button inside the SSL configuration box. Although the certificate created will be self-signed certificate, it does not need to be signed as you will be prompted to trust or reject the certificate when you connect to the server.