Change the FileXpress User Access Account on the FileXpress Secure Shell Proxy

The FileXpress user access account specifies the account on the FileXpress Secure Shell Proxy server that acts as the "run as" account for FileXpress users. FileXpress users run under the privileges provided by this account.

By default, FileXpress user access account is set to Service account . With this setting, FileXpress users run using the same account as the FileXpress Proxy Secure Shell Proxy service (the Local System account). Because of the privileges available to the Local system account, you should always leave Restrict FileXpress users to file transfer sessions enabled when Service account is selected. This is the default configuration.

To help further reduce the risk of escalation of privileges, you can use the following procedure to configure an alternate user account with more limited privileges than the Local System account.

Note: The credentials for the account you configure must remain current or users will not be able to connect the FileXpress Transfer Server.

To change the FileXpress user access account

  1. Start the FileXpress Secure Shell Proxy console. It is installed in the Windows Start menu (or Apps list) under Attachmate FileXpress Gateway > FileXpress Secure Shell Proxy.
  2. On the FileXpress Users pane, under FileXpress user access account, select User account.
  3. Click Select account.
  4. Click Add and enter the user name and password for the user whose account FileXpress users will run under. Click Test to confirm these credentials, then click OK to save this user account to the credential cache.
  5. In the Select Account dialog box, select the user account you just added and click OK to set this as the "run as" account for FileXpress users.
  6. Save your settings (File > Save Settings).