-
rpittigh@...
Guest
Logging
Advertisement
Is it possible to lock the configuration on the clients so the users can not make changes? I have created a ini file to push the wanted configuration but the user can still open preferences and make changes beyond what we wanted.
Advertisement
-
martin◆
Site Admin - Joined:
- Posts:
- 41,518
- Location:
- Prague, Czechia
Re: Logging
- Guest
Re: Logging
But that does not stop the user from making changes to the configuration.
-
martin◆
Site Admin
Re: Logging
It seems you will have to describe your use case into more details.
Do you want your users to be able to connect with WinSCP only to pre-configured sites?
That's more a job for a firewall, than for a client application.
Do you want your users to be able to connect with WinSCP only to pre-configured sites?
That's more a job for a firewall, than for a client application.
- Guest
Re: Logging
It seems you will have to describe your use case into more details.
Do you want your users to be able to connect with WinSCP only to pre-configured sites?
That's more a job for a firewall, than for a client application.
I would like to lock the configuration so that users can not change the log settings in particular. I would like to monitor everything that is transferred and not allow the users to disable that functionality. If it is also possible to disable all of the preferences, that is OK also. Yes I am able to create a ini file or adjust the registry to push a initial configuration but the end user is always able to change the settings.
If this is part of a "pay for" enterprise version then I am also interested in that software.
Advertisement
-
martin◆
Site Admin
Re: Logging
All of that is a job for a server and/or a firewall, not for a client.
- Guest
Re: Logging
All of that is a job for a server and/or a firewall, not for a client.
That is true if the connection is not on the local network and is leaving the building. If I am trying to monitor and record all sessions that are on the local network then no firewall will come into play. The server can be of a malicious nature and that is what I am trying to capture. I can not pull the logs of a server if the server should not be on the network. I figured that limiting the client that always creates logs in a particular shared location then it is easy to parse the logs with a cron job.
WinSCP does this but does not remove the ability to lock the configuration so no one can alter what and where it is logged.
-
martin◆
Site Admin
Re: Logging
Are you really fearing a malicious server on your local network?
- Guest
Re: Logging
Are you really fearing a malicious server on your local network?
Actually I am trying to be compliant with the JSIG configuration guide. Record and monitor all file transfers on a secure network. A rouge server can be another issue by an administrator and not a average user. We do use Ivanti end point protection for all activities other then network transfers.
Advertisement
-
martin◆
Site Admin - Joined:
- Posts:
- 41,518
- Location:
- Prague, Czechia
Re: Logging
I cannot imagine that JSIG guide refers to logging on a client. That makes no sense. It would be quite difficult for you to set it up in a way that the user cannot circumvent that. User can always use a different client or a script (e.g. PowerShell).
Anyway, this request has been added to the tracker:
https://winscp.net/tracker/1643
Anyway, this request has been added to the tracker:
https://winscp.net/tracker/1643
Advertisement
You can post new topics in this forum