SERVICE: User-Access Control (UAC) prevents running Windows System-Service

NOTE: This ONLY effects the OLDER version of BulletProof FTP Server 2011. This problem does not exist in the current version.

This week, we discovered the source of a problem with running BulletProof FTP Server 2011.1.0.71 (and prior) as a Windows System-Service and the default settings for User-Access-Control (UAC). User-Access-Control (UAC) was first-introduced in Windows Vista as a tool to help isolate programs from making unauthorized changes to the Windows Registry; and is now included by default in Windows 7, Server 2008 and R2.

User-Access-Control blocks and prevents some of the functionality in BulletProof FTP Server 2011.1.0.71 (and prior), specifically the code dealing with Windows System-Services. This includes the installation of the SERVICE and it’s internal communications to the SERVICE when running the GUI.

Bottom Line: In order to run BulletProof FTP Server 2011.1.0.71 (and prior) as a Windows System-Service, you will need to modify the User-Access-Control (UAC) and change it’s settings to “Never Notify”.

We understand this presents a security-risk in some environments and will be releasing an update in the coming days to address the problem.

Please see the detailed steps below for changing the settings in UAC, starting in the Windows Start -> Control Panel.

One could argue that UAC was a big reason for the universal opinion that Vista was a flop; but still other techies are fans, as it can help protect the computer (if you don’t always click Continue without thinking).

HOWTO: Overridding the Storage-Path for Settings, Users and Groups

The latest version of BulletProof FTP Server (by default) stores everything related to the program’s operation, including “Settings, Users and Groups” in the non-roaming, local user storage location %LOCALAPPDATA%. This allows for a constant, microsoft certified location for the storage of files and settings related to a program. This path is user-specific, in that, it is private to the OS-USER that you use to login to Windows. In some environments, you may want to change this location to something that complies with your own standards .. or perhaps you would like to run the SERVICE as a different user than the GUI.

Starting with BulletProof FTP Server v2010 (including later versions), the path for storing the “Settings, Users and Groups” was changed as a result of security improvements to Windows (starting with Vista). Previously, the BulletProof FTP Server stored everything in the “Installation-Directory” for the software. However, with the development of User-Access-Control (UAC) in Windows Vista/2008, the storage-path for these files were redirected to the Virtual Store. This redirection of file-writes to now protected paths, such as the %ProgramFiles%, proved to be very cumbersome of difficult for our customers to manage. For this reason, we embraced the new location Microsoft has specified and developed the ability to OVERRIDE it for customers that wanted to retain control of this location.

Table-Listing of Storage-Locations over the past several versions of BulletProof FTP Server:
Q: Can I backup the Settings, Users and Groups?

In the following example, you are stepped through the process of “Overriding the Storage-Path” in the program and the subsequent process that BulletProof FTP Server goes through to migrate the files containing the “Settings, Users and Groups”. Please note, this process can also be used to restore a backed up copy of your files.

HOWTO: Windows System-Service

BulletProof FTP Server 2011 can also run as a Windows System-Sevice, allowing you to serve up ftp-content from your computer without having to login to the system. This is a very handy feature for businesses that rely upon a FTP-Server to communicate with customers, receive files from automated processes or just-plain access your HOME computer from WORK.

Setting up Windows System-Service Support is very easy, but it does mean a little-bit of leg work on your end to satisfy Microsoft Windows’ security.

Click on a thumbnail to expand the image and see more information and instructions.

Windows System Service: Logon As Service

Microsoft is known to be one of the most security (gui) operating-systems on the ‘net. For us old salts, we know it certainly didn’t start that way. Over the last decade, Microsoft has made tremendous strides… but with that comes added levels of complications.

Take running BPFTP Server as a Windows-System-Service, one of the most common technical-support questions (second to Firewall settings )… It’s a complicated issue.

In order to run BPFTP Server as a Windows-System-Service, you must give it a USER/PASSWORD to run under. In BulletProof FTP Server 2011, this is done under:

Management -> Server Settings -> Auto-Start (tab) -> Auto-Start: Windows System Service

Or, You can change it directly from Windows in:

Windows Start -> Control Panel -> Administrative Tools -> Services -> BulletProof FTP Server 2011 -> right-click for "Properties" -> "Logon" (tab)

NOTE: This USER/PASSWORD needs to be the same one you run the GUI version as, since the Settings, Users and Groups are all stored in:

"%LOCALAPPDATA%\BulletProof Software\BulletProof FTP Server\2011\"

NOTE: You can get around this, by overriding the “default storage-path” in BulletProof FTP Server 2011 under the following:

Management -> Server Settings -> General (tab) -> Adv Settings -> Override Storage-Path

Which brings us to the permission “Logon as Service”… The magically permission that the OS-USER needs to have in Windows in order to run BulletProof FTP Server 2011 as a Windows System Service.

Microsoft: Logon as Service