WinSCP allows system administrators to restrict or enforce certain functionality of the application.

System administrator can configure the following:

• Restrict password storing.
• Restrict file opening/editing.
• Restrict connection to servers without having their host keys accepted in advance.
• Force authentication banners being shown.

These restrictions are configured via “local machine” registry root key (modifiable only by system administrators). Example of corresponding registry export follows:

REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2]
"DisableOpenEdit"=dword:00000001
"DisablePasswordStoring"=dword:00000001
"DisableAcceptingHostKeys"=dword:00000001
"ForceBanners"=dword:00000001

Administrator can set session setting Special to 1 to restrict user from modifying or deleting the session accidentally (Note that the setting can be changed by end-user). Such session will also be highlighted in session list. Example how to configure the setting, if INI file is used as configuration storage, follows:

[Sessions\Server]
HostName=example.com
UserName=customer
Special=1

WinSCP can be distributed with the restrictions preconfigured.