Logging

Is it possible to lock the configuration on the clients so the users can not make changes? I have created a ini file to push the wanted configuration but the user can still open preferences and make changes beyond what we wanted.

See https://winscp.net/eng/docs/custom_distribution#preconfigured_site

martin wrote:

See https://winscp.net/eng/docs/custom_distribution#preconfigured_site

But that does not stop the user from making changes to the configuration.

It seems you will have to describe your use case into more details.
Do you want your users to be able to connect with WinSCP only to pre-configured sites?
That's more a job for a firewall, than for a client application.

martin wrote:

It seems you will have to describe your use case into more details.
Do you want your users to be able to connect with WinSCP only to pre-configured sites?
That's more a job for a firewall, than for a client application.

I would like to lock the configuration so that users can not change the log settings in particular. I would like to monitor everything that is transferred and not allow the users to disable that functionality. If it is also possible to disable all of the preferences, that is OK also. Yes I am able to create a ini file or adjust the registry to push a initial configuration but the end user is always able to change the settings.
If this is part of a "pay for" enterprise version then I am also interested in that software.

All of that is a job for a server and/or a firewall, not for a client.

martin wrote:

All of that is a job for a server and/or a firewall, not for a client.

That is true if the connection is not on the local network and is leaving the building. If I am trying to monitor and record all sessions that are on the local network then no firewall will come into play. The server can be of a malicious nature and that is what I am trying to capture. I can not pull the logs of a server if the server should not be on the network. I figured that limiting the client that always creates logs in a particular shared location then it is easy to parse the logs with a cron job.
WinSCP does this but does not remove the ability to lock the configuration so no one can alter what and where it is logged.

Are you really fearing a malicious server on your local network?

martin wrote:

Are you really fearing a malicious server on your local network?

Actually I am trying to be compliant with the JSIG configuration guide. Record and monitor all file transfers on a secure network. A rouge server can be another issue by an administrator and not a average user. We do use Ivanti end point protection for all activities other then network transfers.

I cannot imagine that JSIG guide refers to logging on a client. That makes no sense. It would be quite difficult for you to set it up in a way that the user cannot circumvent that. User can always use a different client or a script (e.g. PowerShell).

Anyway, this request has been added to the tracker:
https://winscp.net/tracker/1643