FAQ: Where does BPFTP Server store the Users, Groups and Settings?

FAQ: Where does BPFTP Server store the Users, Groups and Settings?

The Users, Groups and Settings for BulletProof FTP Server are stored in simple flat-text-files called INI Files. These files have not changed over previous versions, however the location for these files has changed slightly to reflect Microsoft’s suggestions for security and reliability:

Version Default Storage-Location File Names
v2018
v2017
v2016
v2015
v2014
%LOCALAPPDATA%\BulletProof Software\BulletProof FTP Server\

As of v2014/v2016, the program will no longer store the files in a “version specific” location on the local computer. In the future, this will streamline the upgrade process for later versions.

bpftpserver.ini
bpftpserver-ui.ini
bpftpserver-users.ini
bpftpserver-groups.ini
v2013 %LOCALAPPDATA%\BulletProof Software\BulletProof FTP Server\2013\ bpftpserver.ini
bpftpserver-ui.ini
bpftpserver-users.ini
bpftpserver-groups.ini
v2011 %LOCALAPPDATA%\BulletProof Software\BulletProof FTP Server\2011\ bpftpserver.ini
bpftpserver-ui.ini
bpftpserver-users.ini
bpftpserver-groups.ini
v2010 %LOCALAPPDATA%\BulletProof Software\BulletProof FTP Server\2010\ bpftpserver.ini
bpftpserver-ui.ini
bpftpserver-users.ini
bpftpserver-groups.ini
v2.3.1.26 %ProgramFiles%\BulletProof FTP Server 2.3.1.26\ ftpsrv.ini
users.ini
groups.ini
v2.3 %ProgramFiles%\BulletProof FTP Server 2.3\ ftpsrv.ini
users.ini
groups.ini
v2.21 %ProgramFiles%\BPFTP Server\ ftpsrv.ini
users.ini
groups.ini

TIPS: How to serve your Network-Drives via FTP

BulletProof FTP Server has the ability to serve files on your Mapped Network Drive via FTP. But you will need to add some special parameters to make sure that the credentials for the mapped drive are saved and the connection is toggled as persistent.

This is best done via the command-line (CLI) using the NET.EXE USE command.

Take the following example:

c:> %SystemRoot%\system32\net.exe use h: \\myserver\myshare /user:myusername /persistent:yes

In this example we are mapping drive-letter “H:” to a computer named “myserver” with a share-name of “myshare”, where the credentials needed to login to the machine are specified as “myusername” (if you were part of a domain, it would be “mydomain\myuser). The “/persistent:yes” instructs Windows to reconnect the drive at login.

Full Docs on the NET.EXE USE command:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/net_use.mspx?mfr=true

Microsoft Windows, by default, disconnect network-drives after X minutes of inactivity. Remapping the drive is done quickly and usually without any interruption. However if you have any problems, it’s recommended that you increase the default 600 seconds (10 minutes) to a larger number:
Mapped Drive Connection to Network Share May Be Lost

HOWTO: Overridding the Storage-Path for Settings, Users and Groups

The latest version of BulletProof FTP Server (by default) stores everything related to the program’s operation, including “Settings, Users and Groups” in the non-roaming, local user storage location %LOCALAPPDATA%. This allows for a constant, microsoft certified location for the storage of files and settings related to a program. This path is user-specific, in that, it is private to the OS-USER that you use to login to Windows. In some environments, you may want to change this location to something that complies with your own standards .. or perhaps you would like to run the SERVICE as a different user than the GUI.

Starting with BulletProof FTP Server v2010 (including later versions), the path for storing the “Settings, Users and Groups” was changed as a result of security improvements to Windows (starting with Vista). Previously, the BulletProof FTP Server stored everything in the “Installation-Directory” for the software. However, with the development of User-Access-Control (UAC) in Windows Vista/2008, the storage-path for these files were redirected to the Virtual Store. This redirection of file-writes to now protected paths, such as the %ProgramFiles%, proved to be very cumbersome of difficult for our customers to manage. For this reason, we embraced the new location Microsoft has specified and developed the ability to OVERRIDE it for customers that wanted to retain control of this location.

Table-Listing of Storage-Locations over the past several versions of BulletProof FTP Server:
Q: Can I backup the Settings, Users and Groups?

In the following example, you are stepped through the process of “Overriding the Storage-Path” in the program and the subsequent process that BulletProof FTP Server goes through to migrate the files containing the “Settings, Users and Groups”. Please note, this process can also be used to restore a backed up copy of your files.

HOWTO: Windows System-Service

BulletProof FTP Server 2011 can also run as a Windows System-Sevice, allowing you to serve up ftp-content from your computer without having to login to the system. This is a very handy feature for businesses that rely upon a FTP-Server to communicate with customers, receive files from automated processes or just-plain access your HOME computer from WORK.

Setting up Windows System-Service Support is very easy, but it does mean a little-bit of leg work on your end to satisfy Microsoft Windows’ security.

Click on a thumbnail to expand the image and see more information and instructions.

HOWTO: Upgrade your license from HOME to CORP

First, thank you very much for upgrading to the CORP version! Your support helps to fund development and keep new versions coming out with the same pace of changing technology!

Second, you’ll need to remove the previous license from the computer. This is done by:

  • Launch the GUI version of BulletProof FTP Server for Windows
  • Clicking the “About” button
  • Now, hold down Ctrl + Shift + Alt and Left-Click the section labeled “Licensed for Use”
  • Click “Yes” to confirm removing the license
  • Then click the “Enter Key” dialog after the program terminates
  • FIX: “Out of Memory” or “Low GDI” with BulletProof FTP Server

    Is BulletProof FTP Server for Windows crashing when you first run it? You might have it freeze during “Loading” or a “Crash Report” comes up saying “Out of Memory”…

    Don’t worry! It’s most likely a problem with running out of GDI-Handles in your installation of Windows…

    You may receive an “Out of Memory” error message because of the desktop heap limitation in Windows Vista or in Windows 7
    http://support.microsoft.com/kb/947246

    “Out of Memory” error message appears when you have a large number of programs running
    http://support.microsoft.com/kb/126962

    NOTE: You CANNOT have the /3GB option specified in the bootloader, this is often used on Exchange Server installations. (MORE INFO)

    This GUIDE will help illustrate the steps to increase the amount of memory..

    Vista Hands On #17: Solving a pesky resource problem
    http://www.zdnet.com/blog/bott/vista-hands-on-17-solving-a-pesky-resource-problem/269

    SharedSection & Max Number of Open Windows on XP & Vista
    http://www.mycsharpcorner.com/Post.aspx?postID=50

    Windows XP flakiness – solved
    http://weblogs.asp.net/kdente/archive/2004/06/04/148145.aspx

    Registry setting keeps Windows from wigging out when you open lots of IE7 tabs
    http://weblogs.asp.net/jgalloway/archive/2008/01/14/registry-setting-keeps-windows-from-wigging-out-when-you-open-lots-of-ie7-tabs.aspx

    INCREASING USER HANDLE AND GDI HANDLE LIMITS
    http://weblogs.asp.net/mikedopp/archive/2008/05/16/increasing-user-handle-and-gdi-handle-limits.aspx

    Many Thanks to AlexanderL for helping to discover a resolution to this problem!

    Windows System Service: Logon As Service

    Microsoft is known to be one of the most security (gui) operating-systems on the ‘net. For us old salts, we know it certainly didn’t start that way. Over the last decade, Microsoft has made tremendous strides… but with that comes added levels of complications.

    Take running BPFTP Server as a Windows-System-Service, one of the most common technical-support questions (second to Firewall settings )… It’s a complicated issue.

    In order to run BPFTP Server as a Windows-System-Service, you must give it a USER/PASSWORD to run under. In BulletProof FTP Server 2011, this is done under:

    Management -> Server Settings -> Auto-Start (tab) -> Auto-Start: Windows System Service

    Or, You can change it directly from Windows in:

    Windows Start -> Control Panel -> Administrative Tools -> Services -> BulletProof FTP Server 2011 -> right-click for "Properties" -> "Logon" (tab)


    NOTE: This USER/PASSWORD needs to be the same one you run the GUI version as, since the Settings, Users and Groups are all stored in:

    "%LOCALAPPDATA%\BulletProof Software\BulletProof FTP Server\2011\"

    NOTE: You can get around this, by overriding the “default storage-path” in BulletProof FTP Server 2011 under the following:

    Management -> Server Settings -> General (tab) -> Adv Settings -> Override Storage-Path


    Which brings us to the permission “Logon as Service”… The magically permission that the OS-USER needs to have in Windows in order to run BulletProof FTP Server 2011 as a Windows System Service.

    Microsoft: Logon as Service
    http://technet.microsoft.com/en-us/library/cc739424(WS.10).aspx

    HOWTO: API/CLI into BPFTP Server

    BulletProof FTP Server is an excellent FTP Server for Windows. With the recent development efforts in v2011, we thought it would be a good time to introduce some of the command-line-switches (CLI) for managing BPFTP Server from external programs, web-sites, scripts, etc.

    NOTE: At times you’ll see BulletProof FTP Server for Windows referred to as “BPS”.

    Let’s first start with a brief explanation of the binaries distributed with BulletProof FTP Server for Windows (BPS):

    The default installation location for the program is located in the following location:
    %PROGRAMFILES%\BulletProof FTP Server\

    Depending on your version of Windows, %PROGRAMFILES% is expanded to the following for 32-Bit and 64-Bit versions of Windows:
    C:\Program Files\BulletProof FTP Server\
    C:\Program Files (x86)\BulletProof FTP Server\

    Investigating this location will yield the following executables:
    bpftpserver.exe – Main executable for the program
    bpftpserver-adduser.exe – CLI to manipulating the User & Group Database
    bpftpserver-service.exe – responsible for controlling BPS when it’s running as a Windows System Service
    CSDispatcher.exe – used with “remote debug” for sending log-messages to our remote-server

    MAIN EXECUTABLE

    bpftpserver.exe [OPTION]

    -reload
    Will cause the running instance of BPS to reload the settings, users and group information.

    -online
    Take BPS online and ready for incoming connections.

    -offline
    Take BPS offline and disable the listener from answering incoming connections.

    -exit
    Terminate BPS and stop it’s execution on the system. All users will be forcibly disconnected.

    -close
    Keep BPS online and all active-connections maintain, but disable the listener; resuling in no *new* connections accepted.

    -open
    Renable the listener, allowing new connections to be accepted.

    -startlogging
    Start logging to the log-file defined in the software.

    -stoplogging
    Stop logging to the log-file.

    -kickall
    Kick all currently connected users off of the server.

    -stat
    Regenerate the statistics files for users in the system.

    CLI ADDUSER

    BulletProof FTP Server command-line utility 'bpftpserver-adduser.exe'
    Copyright (c) 1998-2015 BulletProof Software LLC, All Rights Reserved.

    Command-line utility to manipulate the USER and GROUP database for BulletProof FTP Server.

    Usage: bpftpserver-adduser.exe [OPTION]…

    Bulk Import (moreNew in Version 2013.1.0.7 – 2013-JUNE-26
    –bulkimport=FILENAME.CSV
    –bulkimport-help (reports a list of fields supported for CSV import)
    –bulkimport-help-as-html (output HTML version of –bulkimport-help

    -list=USERNAME[*,?]
    -name=ACCOUNTNAME
    -enabled
    -disabled
    -login=USERNAME
    -group=GROUPNAME
    -pswd=PASSWORD
    -crypt
    -access=PATH,ACCESSRIGHTS
    -loginmsg=FILENAME
    -speedlimit=[0,1]
    -speedrcv=BYTES-PER-SECOND
    -speedsnd=BYTES-PER-SECOND
    -banfile=FILEMASK[,FILEMASK2,FILEMASK3,…]

    Access = R(ead) W(rite) D(elete) A(ppend) M(ake) L(ist) S(ubdir) K(delete dir)

    First -access will be Home Directory

    Example :
    C:\Program Files (x86)\BulletProof FTP Server\bpftpserver-adduser.exe -name=newuser -enabled -login=newlogin -pswd=newpass -group=demogroup -loginmsg=c:\login.txt -access=c:\ftproot\,RLS -banfile=+*.jpg,+*.gif

    Some explanation of the behavior is important, specifically the “-access” parameter. In the above example the login of “newlogin” for the account “newuser” is given the directory of “c:\ftproot\”

    We’ll break down the command-line, piece by piece

    -name=newuser
    While initially confusing, there’s a difference between an “account-name” and the “login-name”. The account-name refers to a “user-friendly” name for the account, such as “upstairs accountant” and “log-name” is the actual login that used to access the ftp-server; such as “accountant”.

    -enabled
    Will enable the account for login

    -login=newlogin
    The login-name for the user to use to access the ftp-server (see above not for -name)

    -pswd=newpass
    The password for the login

    -group=demogroup
    If the account belongs to a group, you can specify the name of the group (OPTIONAL)

    -loginmsg=c:\login.txt
    Will send a user-specific login-message via the protocol to the user after logging in (OPTIONAL)

    -access=c:\ftproot\,RLS
    Will add an access-right for the account to the directory c:\ftproot\ with the privledges of (R)ead,(L)ist,(S)ubdir . The first access-right specified will be the HOME-DIRECTORY for the user. Additional access-rights can be defined by use the “-access” parameter again. If you are specifying a user-account that already exists, then all access-rights for the account will be deleted and given the access-rights that you define here.

    -banfile=+*.jpg,+*.gif
    Will add a file-mask of files that the user-account is prohibited from uploading or downloading. (OPTIONAL)

    HOWTO: Getting Started Video-Guide for BPFTP Server

    Great “Getting Started Guide” for BulletProof FTP Server.. the intention of the video is to get the product up an running with Yokogawa DAQMaster MW100; but it’s a great primer!

    YouTube:
    http://www.youtube.com/watch?v=SLTAo1pDTe4

    NOTE: The version used in the video is 2010, but the UI is very familiar to 2011 and you won’t have a problem following it.

    HOWTO: Windows Firewall and BPFTP Server 2011

    Windows Version: Windows Server 2008 R2, Windows Server 2008, Windows 7/Vista

    By default, the latest versions of Windows protects your computer with the Windows Firewall with Advanced Security, effectively blocking access to your computer from the internet and would-be hackers (Getting Started Guide).

    However, this also prevents ftp-clients from accessing your installation of BulletProof FTP Server 2011 unless you “open the firewall” to allow access. This means, you must open at least two ports; one for the control-connect and 1 (one) data-port for every concurrent connection to the ftp-server.

    NOTE: It’s very common for people to think that only 1 (ONE) port is needed for FTP (default tcp/ip port 21). However, this is NOT the case as you need to define data-ports in order to support Passive-Mode (PASV).


    Configuring the Windows Firewall and BPFTP Server 2011 is very simple, but it takes a few steps. Below, we’ve broken down the process:
    1) Configure BPFTP Server 2011 for NAT/Firewall and Passive-Mode (PASV)
    2) Open the Windows Firewall up for the BPFTP Server 2011
    3) Open the Windows Firewall up for the Control-Connection
    4) Open the Windows Firewall up for the Data-Ports (Passive-Mode aka PASV)
    5) Completed Entries in Windows Firewall

    LASTLY: Be sure to run your installation through our Firewall Tester. After providing the IP/Host, Port, User and Password for your installation, this tester will simulate a ftp-user can connect to your BPFTP Server. Please use it!
    http://bpftpserver.com/products/bpftpserver/windows/test/firewall

    NOTE: If you are running any Anti-Virus or Internet-Security software on your computer (McAfee, Norton, etc) you may also be protected by yet-another-software-based-firewall. Please consult the documentation that came with your software for opening up firewall-ports.

    NOTE: Almost everyone has a hardware-based NAT/Firewall router in their network topology. For Home Users, this is usually your WiFi-Router. Please look into the documentation that came with your hard-based NAT/Firewall router for information on opening firewall-ports.

    Step-by-Step Directions


    BPFTP Server - NAT/Firewall Configuration
    Step #1.1: BPFTP Server - NAT/Firewall Configuration

    BPFTP Server - Use DNS for PASV
    Step #1.2: BPFTP Server - Use DNS for PASV

    BPFTP Server - Use Static IP for PASV
    Step #1.3: BPFTP Server - Use Static IP for PASV

    BPFTP Server - Configure Data-Ports
    Step #1.4: BPFTP Server - Configure Data-Ports

    Back to Top

    2) Open the Windows Firewall up for the BPFTP Server 2011

    Open Windows Firewall
    Step 2.0: Open Windows Firewall

    Create New Firewall-Rule
    Step 2.1 Create New Firewall-Rule

    Choose Firewall-Rule Type
    Step 2.2: Choose Firewall-Rule Type

    Browse for Program
    Step 2.3: Browse for Program

    Choose Program-Path
    Step 2.4: Choose Program-Path

    Confirm Program-Path
    Step 2.5: Confirm Program-Path

    Choose Allow
    Step 2.6: Choose Allow

    Select Firewall Domain
    Step 2.7: Select Firewall Domain

    Name Firewall-Rule
    Step 2.8: Name Firewall-Rule

    Back to Top

    3) Open the Windows Firewall up for the Control-Connection

    Open Windows Firewall
    Step 3.0: Open Windows Firewall

    Create New Firewall-Rule
    Step 3.1: Create New Firewall-Rule

    Choose Firewall-Rule Type
    Step 3.2: Choose Firewall-Rule Type

    Specify Port for Control-Connection
    Step 3.3: Specify Port for Control-Connection

    Choose Allow
    Step 3.4: Choose Allow

    Select Firewall Domains
    Step 3.5: Select Firewall Domains

    Name Firewall-Rule
    Step 3.6: Name Firewall-Rule

    Back to Top

    4) Open the Windows Firewall up for the Data-Ports (Passive-Mode aka PASV)

    Open Windows Firewall
    Step 4.0: Open Windows Firewall

    Create New Firewall-Rule
    Step 4.1: Create New Firewall-Rule

    Choose Firewall-Rule Type
    Step 4.2: Choose Firewall-Rule Type

    Specify Port for Data-Ports
    Step 4.3: Specify Port for Data-Ports

    Choose Allow
    Step 4.4: Choose Allow

    Select Firewall Domains
    Step 4.5: Select Firewall Domains

    Name Firewall-Rule
    Step 4.6: Name Firewall-Rule

    Back to Top

    5) Completed Entries in Windows Firewall

    Completed Entries in Windows Firewall
    Step 5: Completed Entries in Windows Firewall

    Back to Top