WinSCP allows system administrators to restrict or enforce certain functionality of the application.
System administrator can configure the following:
- Restrict password storing.
- Restrict file opening/editing.
- Restrict connection to servers without having their host keys accepted in advance.
- Force authentication banners being shown.
- Set default automatic updates check period.
- Set default for allowing collection of usage statistics.
These restrictions are configured via “local machine” registry root key (modifiable only by system administrators). Example of corresponding registry export follows:
[HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2] "DisableOpenEdit"=dword:00000001 "DisablePasswordStoring"=dword:00000001 "DisableAcceptingHostKeys"=dword:00000001 "ForceBanners"=dword:00000001 "DefaultUpdatesPeriod"=dword:00000000 "DefaultCollectUsage"=dword:00000001
On 64-bit systems, a physical location of the key is
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Martin Prikryl\WinSCP 2 (as WinSCP is 32-bit application).
Administrator can set site setting
Special to 1 to restrict user from modifying or deleting the site accidentally (Note that the setting can be changed by end-user). Such site will also be highlighted in site list. Example how to configure the setting, if INI file is used as configuration storage, follows:
[Sessions\Server] HostName=example.com UserName=customer Special=1
WinSCP can be distributed with the restrictions preconfigured.