Cyber-Ark
®Software
One-Click Transfer
User Guide
The Cyber-Ark
®
Vault
All rights reserved. This document contains information and ideas, which are proprietary to Cyber-Ark Software. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, without the prior written permission of Cyber-Ark Software.
OCT004-5-0-1
Table of Contents
Introduction...5
Requirements ... 6
Authentication... 6
Before Using the One-Click Transfer...7
Getting Started...7
Services...14
Viewing a Service ... 14
Running Services ... 15
Shortcuts ...15
Transferring Files without a User Interface ...15
Downloading Files with a User Interface...15
Uploading Selected Files to the Vault ...16
Scheduling a Service... 16
Restoring Files ... 16
Authenticating to the Vault... 17
Logging on to the Vault Manually ...17
Logging on to the Vault Automatically...18
Configuration ...20
Services ... 20
Creating a New Service ...21
Copying a Service ...22
Modifying a Service ...23
Removing a Service ...24
Refreshing the Services List ...24
Vaults ... 25
Adding a Vault ...26
Modifying Vault Properties ...27
Removing a Vault...27
Users... 28
User Authorizations...28
User Credentials ...29
Configuring Manual Authentication ...30
Configuring Automatic Authentication ...30
Creating User Credential Files ...31
Modifying a User ...32
Deleting a User ...32
Activity Logs ...33
General Logs... 33
Service Logs ... 34
History Logs ... 34
Sending Logs ... 34
Customizing the One-Click Transfer GUI ...35
Introduction
Introduction
Cyber-Ark’s One-Click Transfer is an end-user utility that transfers files between the Cyber-Ark Vault and a standard file system, according to predefined settings. Files can be transferred in different directions to and from the Vault, and can either be uploaded to the Vault from the local file server, or downloaded from the Vault to the local file server.
As a utility, One-Click Transfer does not require installation. This eliminates the need for administrator permissions or assistance, and enables users to begin working immediately. An intuitive GUI interface leads end-users through service
configuration, which is very simple and requires no training.
Transfers can either be carried out manually or according to a third party schedule without human intervention. The files to be transferred can either be predefined or can be selected by the user during the service.
Before file transfers can be carried out, the user is required to authenticate to the Vault. Authentication can be supplied manually by the user, or stored in a user credential file that is automatically used by the service. User credential files may contain encrypted passwords, with or without an external token, or PKI certificates. After each service, an E-mail message can be sent to specified E-mail addresses with information about the activities that have been carried out. This feature can be used to inform the receiver when a service has transferred files, and can also be used by administrators when the utility requires immediate attention.
Requirements
The One-Click Transfer utility must be installed on a machine that is accessible to the Vault.
The One-Click Transfer utility is currently supported on the following platforms: Windows XP
Windows 2000 Windows 2003 Windows Vista
The One-Click Transfer utility works with the following version of the Cyber-Ark Vault:
Version 3.5 or higher
The One-Click Transfer utility requires the following memory for installation:
10MB
This utility also requires and additional space for temporary files and files being transferred.
Authentication
The One-Click Transfer utility supports the following authentication methods: Password
Password with a certificate on a hardware token Radius
PKI on Windows
For more information about logging on during a One-Click Transfer service, refer to
Before Using the One-Click Transfer
Before Using the One-Click Transfer
Before you can use the One-Click Transfer, in each Vault that will be accessed during file transfers, create and configure the following:
Safes and folders referred to in the services.
The utility will not create new Safes in the Vault, so any services that contain references to non-existent Safes will not be carried out.
Users that require access to the Vault during transfers.
User authentication– Users can log onto the Vault with either a password or a PKI certificate.
Safe Ownership– The user that will carry out the service must have the relevant Safe ownership authorizations to enable the transfer to be carried out. For more information about Safe Ownership, refer to the IBV/SDV
Implementation Guide for Users.
Getting Started
The first time that you use the One-Click Transfer utility, the Service Configuration wizard leads you through setting up the first service.
1. From the installation folder, double-click DCClient.exe to start the Service Configuration wizard.
Field Defines
Services The name of the service Description A description of the service Run mode
Without a user interface
The service will automatically transfer all the files that are specified in the Files window during service setup.
With a user interface The user will be able to select a file to transfer.
3. Click Next to display the Vault window.
As this is the first time you are running the utility, no Vaults have been defined yet in the utility.
Field Defines
Existing Vault Select from an existing Vault in the Vaults List.
Define a new Vault Display the Vault details window and define a new Vault.
4. Select Define a new Vault, then click Next; the Vault details window appears.
Getting Started
Field Defines
Name The name of the Vault. Address The IP address of the Vault. Port The port to the Vault. Request timeout The timeout in seconds. Use RADIUS
authentication
Whether or not the user will be authenticated to the Vault with Radius authentication. Select the type of certificates to use for authentication. Proxy or Firewall
Server
Whether you are using a proxy or firewall server, or neither. If you are using either a Proxy or Firewall, click Advanced to specify the settings to use.
PKI Authentication To log onto the Vault with a certificate, type the name that appears on the Vault certificate, or click Select to choose the certificate from a list.
6. Select the type of connection that the user will use to run the service, then click
Next to display the Files window.
Field Defines
Manual The user will supply a password in a logon window. Authentication File The password will be encrypted and stored in a file.
Change password The password will be changed after each logon. Existing user Choose a predefined user from the Users list. Create a new authentication file Create a new credential file for the user.
If you selected Authentication File, the User details window
appears and enables you to select the type of password file that you will supply. For more information, refer to User Credentials, page 29.
7. Select whether the service will upload files into a Safe or download files from a Safe.
8. Specify the files to transfer during the service.
Field Defines
Service type
Store in a Safe Files will be uploaded into the Safe. Retrieve from
a Safe
Files will be downloaded to the local file system.
Files to transfer Local folder name
The name of the folder on the local file system.
Safe name The name of the Safe specified in the transfer. Safe folder
name
The name of the folder in the Safe specified in the transfer.
File Pattern The file pattern of the files to transfer. For example, files that begin with
Getting Started
9. Click Next to display the Post action window where you can specify the activities that will take place after the transfer.
Field Defines
Actions on the source files
No action No action will be carried out. Archive
the files
Move the transferred files into an archive folder that you specify. You can also add a timestamp to these files. The timestamp uses the following format:
“yyyymmdd_hhmmss”.
For example, ‘Product.doc’ that was created on 23 May 2004 at 18.50 would be renamed ‘Product##20040523_185000##.doc
Note: An upload service moves files into an archive folder on the local file system, and a download service moves files into an archive folder in the Vault.
Delete the files
Delete the source files.
Actions on the destination files Open the
file
Open the file in the default application.
Rename the file
The filename will be changed to a new name that you specify.
10. Click Next to display the Success mail window where you can specify an E-mail message to send a confirmation of a successful transfer.
11. Select Send success E-mail message to make the fields in this window active so that you can specify a recipient’s E-mail information.
Field Defines
E-mail settings
From The E-mail address of the sender. To The E-mail address of the recipient. E-mail server
IP
The IP address of the mail server. You can copy the properties from your Outgoing Mail – SMTP application.
Message Content
Subject The subject title of the message. Template The template file for the message.
12. Click Next to display the Error E-mail window where you can specify an E-mail message to send after a failed transfer.
Getting Started
13. Select Send error E-mail message to make the fields in this window active.
Field Defines
E-mail settings
From The E-mail address of the sender. To The E-mail address of the recipient.
E-mail server IP The IP address of the mail server. You can copy the properties from your Outgoing Mail – SMTP application.
Message Content
Subject The subject title of the message. Template The template file for the message.
14. Click Next to display the Finish window where you finish configuring the service.
15. Select Create a shortcut on the desktop to create a shortcut to the service on the desktop.
16. Click Finish to save all the service configurations and complete the first service setup.
Services
The One-Click Transfer window displays a list of the services that have already been created. In this window, you can also run a selected service and carry out a limited number of access changes to the service.
Viewing a Service
1. In the installation folder, double-click DCClient.exe to display the One-Click Transfer window and display the services.
2. Select a service to view a description of the file transfer.
Name of the service
Description of the service
Location of the source files
Location of the target files
Each service is marked with an icon that indicates whether the file transfer is an upload to the Safe or a download from the Safe.
Icon Indicates «
A download service. An upload service.
Services
Running Services
After services have been set up and a connection to the Vault has been defined through authorized users, the services can be run. A service can either be started manually, or scheduled to run automatically.
The files that will be transferred during the service can either be specified during service configuration, or while the service is running.
With a user interface for selecting files – This type of service enables the user to select the file to transfer while the service is running.
Without a user interface for selecting files – This type of service transfers a group of files, according to a file pattern. It can be run manually, but can also be
scheduled to run by a third party scheduling software.
To Run a Service
Double-click the shortcut icon; the service begins automatically, or,
In the One-Click Transfer window, select the service to run, then click Run. The user is now required to provide logon authentication. If external
authentication is required, you are prompted for it now.
After authentication, the file transfer is carried out according to the service configurations without any more intervention from the user.
Shortcuts
You can create a shortcut to the service that will be placed on the Desktop. This shortcut enables you to run the service without having to open the One-Click Transfer window.
Select the service, then from the Service menu, select Create Shortcut; the shortcut icon will appear on the Desktop.
Transferring Files without a User Interface
Run the service as described above; the transfer is carried out with no user intervention.
Downloading Files with a User Interface
1. Run the service as described above.
2. After authentication, the Service Files window appears. Select the file to transfer, then click Retrieve; the transfer is now carried out.
Uploading Selected Files to the Vault
1. Run the service as described above.
2. After authentication, the Service Files window appears. Select the file to transfer, then click Open; the transfer is now carried out.
Scheduling a Service
Services that transfer files without a user interface can be scheduled in a third party scheduled software.
Insert the following code into the scheduled script:
DCClient.exe <full path of the name of service>
For example, the following code would run a service called ‘Customers’:
DCClient.exe C:\Documents and Settings\Desktop\One-Click Transfer\Services\Customers.ini
Restoring Files
Files that have been transferred by a One-Click Transfer service, and moved to an archive folder, can be restored and returned to their pre-transfer location.
1. Select the service that carried out the transfer. 2. From the Service menu, select Restore.
If only one file is in the archive folder for this service, the file will be restored immediately.
If more than one file is in the archive folder, the Service Archive Files window appears.
3. Select the file to restore, then click Restore; the file is removed from the archive folder and is restored to its pre-transfer location.
Services
Authenticating to the Vault
The user that will run the service must authenticate to the Vault so that the transfers to and from the Vault can be carried out. The type of authentication required is
determined when the service is created.
Logging on to the Vault Manually
If the service requires manual logon, the user is required to supply a password. Depending on the user authentication specified in the Vault, the user might also be required to supply a certificate on an external hardware token or additional Radius authentication.
To Authenticate to the Vault
1. Start the service; the Vault Logon window appears.
2. The name of the user as it appears in the service configuration appears in the username edit box.
If the name of the user does not appear or if it isn’t correct, type the name of the user who will run the service.
Password authentication:
3. Type the user’s password.
4. Click Logon; the Vault authenticates the user and carries out the service.
Radius authentication:
3. Type the user’s password, then click Logon; a secure channel is created between the client and the Vault through which this logon information is sent.
4. If the RADIUS server requires more information to authenticate you to the Vault, a RADIUS Challenge window appears, prompting you for it.
5. Specify the additional logon details, then click OK; the RADIUS server authenticates you to the Vault.
To Change a Password
The user can change their password to the Vault through the One-Click Transfer. 1. In the One-Click Transfer window, select the service that logs onto the Vault
where the password will be changed.
2. From the Services menu, select Set Password; the Logon window appears. 3. Type the username and password, then click Logon; the Set Password on Vault
window appears.
4. Type the current password, then type the new password and confirm it. 5. Click OK; the password is changed in the Vault.
Logging on to the Vault Automatically
Users can log onto the Vault automatically with a credential file that contains the user’s logon credentials, and is stored on the One-Click Transfer station for automatic logon. This utility enables automatic logon with three options. For more information, refer to User Credentials, page 29.
Encrypted Password
This option refers to a credential file that stores the user’s password in an encrypted form. It can be changed automatically after every successful logon operation. Start the service; the service accesses the credential file and logs onto the Vault
automatically.
Password Encrypted by an External Token
This option refers to a credential file that contains the user’s username and a password that has been encrypted using an external token. In order for the Vault to authenticate the user with this password, the token is required to decrypt it.
1. Attach the token.
If you are using a USB token, place the token in the USB port. If you are using a Smartcard, place the card in the Smartcard reader.
2. Start the service; the service accesses the credential file and logs onto the Vault automatically.
Services
Radius Authentication
This option refers to a credential file that stores the user’s password in an encrypted form.
Start the service; the service accesses the credential file and logs onto the Vault automatically.
If a challenge response is required, it cannot be supplied automatically. You will be prompted for the challenge response and will need to specify it manually in order to authenticate to the Vault.
PKI Authentication
Users can run a service with a credential file that has been created using a PKI certificate.
Note: The authentication certificate must be in the Microsoft Windows Certificate Store or on an external CryptoAPI device.
1. If you are using an external authentication token, attach it now. If you are using a USB token, place the token in the USB port. If you are using a Smartcard, place the card in the Smartcard reader.
2. Start the service; the service accesses the credential file and logs onto the Vault automatically.
Configuration
The One-Click Transfer Configuration client enables users to configure Vaults, user authentication, and file transfer services that can be carried out by the One-Click Transfer Client.
Services
Each Service is defined in a service configuration file, called <service>.ini, and stored in the Service subfolder of the One-Click Transfer installation folder. Service
definitions include the name and description of the service, and the source and destination of the files to be transferred, etc.
For more information about the parameters in <service>.ini, refer to <service>.ini, page 36.
Configuration
The One-Click Transfer Configuration window displays services that have already been setup, and enables you to add new services, and update or delete existing ones. This window is displayed in either of the following ways:
In the One-Click Transfer window, from the Tools menu, select
Service Manager, or,
In the One-Click Transfer installation folder, double-click DCConfig.exe.
Creating a New Service
In the One-Click Transfer Configuration window, click New, or,
From the Service menu, select New.
Copying a Service
You can also create a new service by copying an existing one and then changing its settings.
1. Select the service to copy, then from the Service menu, select Duplicate; the Service Configuration wizard appears.
2. In the Service edit box, type the name of the new service.
3. Follow the Service Configuration wizard and make other modifications to the service as necessary, then click Finish.
For more information about the Service Configuration wizard, refer to Getting
Configuration
Modifying a Service
You can modify the service configurations to make changes in the type of service or the files to be transferred. You can change every setting, other than the name of the service.
1. In the One-Click Transfer Configuration window, select a service. 2. Click Update,
or,
From the Service menu, select Update.
The Update Service window appears. Display the various tabs to update the service configurations.
Removing a Service
When a service is not required any more, you can delete it.
1. In the One-Click Transfer Configuration window, select the service to delete. 2. Click Remove,
or,
From the Service menu, select Remove.
The following confirmation window appears prompting you to confirm that you want to delete the selected service.
3. Click Yes to delete the service, or,
Click No to leave the service and return to the One-Click Transfer Configuration window.
Refreshing the Services List
After updating or removing a service, refresh the services list to include the changes that have been made.
From the View menu, select Refresh Service List; the Services List is updated and displays the current service configurations.
Configuration
Vaults
Each Vault that will be referred to in a service is defined in a Vault configuration file and stored in the Vault subfolder of the One-Click Transfer installation folder. The user credentials of the User who will access the Vault during the service are stored in a credential file in the same folder.
For example, to enable a user called Simon to run a service that accesses the ‘Bank’ Vault, the following files must be created and stored in the Vaults/Bank subfolder:
Vault.ini – This file contains all the details about the ‘Bank’ Vault. For more information about the parameters in Vault.ini, refer to Vault.ini, page 40.
Simon.cred – This file contains an encrypted password that will enable the service to run through the user account in the Vault called ‘Simon’.
Adding a Vault
1. From the Tools menu, select Vaults; the Vaults Manager window appears and displays a list of Vaults that have already been defined.
2. Click Add; the Create a new Vault window appears.
3. Specify the name and IP address of the Vault that a user will access in order to carry out a service.
4. Specify the request timeout period in seconds.
5. To enable the user to log onto the Vault with Radius authentication, select
RADIUS authentication, then select one of the following: Trust self-signed certificates
Allow third party authentication with self-signed certificates
6. Specify whether or not access to the Vault is via a Proxy or Firewall server, and which type.
7. If appropriate, specify the Vault’s DN.
8. Click OK; the Vault appears in the Vault’s list as one that is recognized by the utility.
Configuration
Modifying Vault Properties
If the Vault properties change or are incorrect, you can modify them in the One-Click Transfer so that the service can access the Vault.
1. In the Vaults list, select a Vault, then click Update; the Update Vault window appears.
2. Update the properties of the Vault, then click OK.
Removing a Vault
When a connection to a specific Vault is no longer required, you can delete the Vault from the One-Click Transfer.
1. In the Vaults list, select the Vault to delete, then click Remove; the following confirmation window appears prompting you to confirm that you want to delete the selected Vault.
2. Click Yes to delete the Vault from the Vaults list, or,
Users
The One-Click Transfer utility maintains a list of known Users on each Vault. These users are used to access the Vaults and perform file transfers when processing the services. These users must be created in the Vault before they can carry out a One-Click Transfer service. In addition, the user must be a Safe Owner of the Safe specified in the service and must have the appropriate authorizations.
User Authorizations
The following table lists the activities that the service might specify and the relevant authorizations that the user must have.
Activity Authorization
Download transfer Retrieve files from Safe Upload transfer Store files in Safe Move files to archive Store files in Safe Change filename Store files in Safe Delete source files Delete files from Safe Open files Retrieve files from Safe
For more information about Safe Owners and authorizations, refer to the IBV/SDV Implementation Guide for Users.
Configuration
User Credentials
The logon credentials of a User are required to log onto the Vault successfully. One-Click Transfer enables users to log onto the Vault either manually or automatically with a credential file.
Manual– This type of logon requires the user to supply a user name and password manually. Users can log on in either of the following ways:
Password– The user supplies their Vault username and password in a logon window.
Radius authentication– The user supplies their username and password in a logon window. If an additional Radius challenge is required, the user is required to supply that as well.
Automatic– This type of logon enables users to log onto the Vault with a credential file and initiate services automatically. The credential file can specify any of the authentication types listed below. The credentials of users who will log on with a credential file or with PKI must be defined in the User Properties window. All user credential files are stored in the Vault subfolder.
Encrypted Password– The user’s logon credentials are stored in an encrypted form on the One-Click Transfer station. It can be changed automatically after every successful logon operation.
Password with External Token – The user’s password is encrypted with a key stored on an external token, such as a USB or a Smartcard.
Any PKCS#11 token can be used for this type of authentication, as long as it meets all of the following criteria:
The token must be a hardware token.
The token is accessible through the PKCS#11 interface. Access to the token is only possible after supplying a PIN. The token supports RSA with 1024 or 2048 bit key length.
The token must be able to perform encryption and key generation in hardware. Radius authentication– The user’s logon credentials are stored in an encrypted
form on the One-Click Transfer station. If an additional Radius challenge response is required, the user must supply the response manually.
Certificate– Any certificate that is accessible through Windows Internet Explorer certificates stores can be used to authenticate to the Vault.
Configuring Manual Authentication
Services that will be run by a user who will supply a password manually do not need to be defined in the Users List. When the service is started, the user is immediately prompted for his password to the Vault. If the user is required to supply an additional Radius challenge, he will be prompted for it before he is authenticated to the Vault.
Configuring Automatic Authentication
User credential files can be created in the One-Click Transfer utility. The user’s credential file is stored in the subfolder of the Vault that it will be used to access in the One-Click Transfer installation folder. For example, the credential file of a user called Simon that will be used to access the ‘Bank’ Vault will be stored in the following folder:
One-Click Transfer\Vaults\Bank\Simon.cred
To Display the User Properties Window
1. In the One-Click Transfer Configuration window, from the Tools menu, select
Vaults; the Vaults Manager window appears and displays the Vaults that have already been defined.
2. Select a Vault, then click Users.
If you have already created users for the Vault, the Users in Vault window appears.
If you have not yet created users for this Vault, the Create a new user in Vault window for the selected Vault appears.
Configuration
Creating User Credential Files
If the password will be encrypted with an external token, attach it now. If you are using a USB token, place the token in the USB port. If you are using a Smartcard, place the card in the Smartcard reader. To Create a Password Credential File
1. Display the User Properties window.
2. In the User name edit box, type in the name of the User.
3. In the User type section, select Authenticated by an encrypted password in a file.
4. Specify the password to encrypt, then specify it again to confirm it.
To use an external token to encrypt the password, select Use Token to encrypt the password, then specify the DLL path of the USB or smartcard and the PIN code.
To use Radius authentication, select Use RADIUS.
5. Click OK to create the user credentials; the user appears in the Users in Vault window.
To Configure PKI Authentication
Before creating the credential file for logon with PKI, the authentication certificate must be imported into the Microsoft Windows certificate store.
1. Display the User Properties window.
2. In the User name edit box, type in the name that identifies the User. 3. In the User type section, select Authenticate with PKI.
4. In the DN edit box, specify the Vault’s DN.
5. In the PIN edit box, specify the PIN of the external token, if required.
6. Click OK to create the user credentials; the user appears in the Users in Vault window.
Managing Users
To Modify a User
The authentication method of a User can be modified so that the user can access the Vault with a different authentication method.
1. In the Users list, select the user, then click User; the Update User Properties window appears.
2. Modify the User’s authentication method, then click OK. To Delete a User
When a user is no longer needed to carry out a service, he can be deleted from the Users list.
1. In the Users list, select the user to delete, then click Remove; the following confirmation window appears prompting you to confirm that you want to delete the selected user.
2. Click Yes to delete the user, or,
Activity Logs
Activity Logs
All activities that are carried out by the utility are written to log files and stored in the in the Logs subfolder of the One-Click Transfer installation folder. All log messages are written to the log files, including general and informative messages, errors, and warnings.
The following list details the log files that are created, and their contents:
DCClient.log – This file contains all the log messages related to the One-Click Transfer Client.
DCConfig.log – This file contains all the log messages related to the One-Click Transfer Configuration client.
<service>.log – This file contains all the log messages related to the service of the same name.
All these log files are stored in the Logs subfolder of the One-Click Transfer Installation folder.
General Logs
The General log displays the contents of the DCClient log file. This lists all the activities that have been carried out by the One-Click Transfer utility.
To View the Log File 1. Do not select a service.
2. From the View menu, select View Main Log; the Show Log File window appears and displays the contents of the general One-Click Transfer log.
Service Logs
The Service log displays the contents of the service log file. This lists all the activities that have been carried out by the One-Click Transfer utility for this service.
To View the Log File 1. Select a service.
2. From the View menu, select View Service Log; the Show Log File window appears and displays the information in the specified service log.
History Logs
When the size of a log file reaches 5 MB, it is moved into the History subfolder of the Logs folder. Only the most recent history file of each log is retained.
To View the General History Log File 1. Do not select a service.
2. From the View menu, select View Main Log; the Show Log File window appears.
3. Click History; the Show Log File window displays the History log file of the One-Click Transfer client.
To View the Service History Log File 1. Select a service.
2. From the View menu, select View Service Log; the Show Log File window appears
3. Click History; the Show Log File window displays the History log file of the service.
Sending Logs
Log files can be sent to an e-mail account directly from the Show Log File window. 1. Display the log to send, then click Send; the default E-mail Message window
opens. The log file appears in the message as an attachment. 2. Enter the E-mail addresses to send the log file to, and click Send.
Customizing the One-Click Transfer GUI
Customizing the One-Click Transfer GUI
The One-Click Transfer interface can be customized, so that it includes your
company’s logo, icon, and information. These customizations appear in both the One-Click Transfer window and the One-One-Click Transfer Configuration window.
All the files that contain this information must be stored in the One-Click Transfer installation folder.
To Customize a Logo
1. Create a logo that is 200 pixels wide and 36 pixels in height.
2. Save the logo as logo.jpg, and copy it to the One-Click Transfer installation folder.
When you next start the One-Click Transfer utility, your logo will appear on the right of the screen.
To Customize an Icon
Save the icon as logo.ico, and copy it to the One-Click Transfer installation folder.
When you next start the One-Click Transfer utility, your logo will appear in the corner of the title bar.
To Customize Help Information
Write the information to display and save it as about.txt in the One-Click Transfer installation folder.
Appendix A: Parameter Files
<service>.ini
The service configuration files contain all the definitions of the file transfers to carry out. Each service has its own configuration file.
These definitions describe the Vaults that are used in the file transfers, and which Vault user accounts are used. They also describe the actual file transfer details – the source of the files to be transferred, the destination for the transfer, etc.
Note: These configurations are specified in the GUI, and must not be made manually.
Following is a description of each of the parameters in the service parameter file:
Token Meaning Mandatory Default
Value
Acceptable Values
Name The name of the service
Yes None String
Description A description of the service
No None String
UserName The username that will be used to log onto the Vault.
Yes No String
VaultName The name of the Vault that files will be transferred to or from.
Yes None String
SafeName The name of the Safe that files will be transferred to or from.
Yes None String
FolderName The name of the local folder that files will be transferred to or from.
Yes None Path
SafeFolderName The name of the folder in the Safe where files will be transferred to or from.
Yes None String
FilePattern The complete or part of the name of the file to transfer. You can use wildcards to specify more than one file.
Appendix A: Parameter Files
Token Meaning Mandatory Default
Value
Acceptable Values
ArchiveFolderName The name of the folder where files will be moved to after a service.
No None Path
PostMsg The message to display after a service has been carried out successfully.
No None String
FileNewName The new name of the file on the local file server after it has been copied into the Vault.
This parameter is mandatory if RenameProperty =Yes
None String
LogFileName The full path of the log file.
No None String
DesktopShortcutPath The path of the shortcut on the desktop to the service.
No None Path
SuccessMailTemplate Path
The path of the text file that contains the message to send by email.
This parameter is mandatory if SendSuccessMail =Yes
None Path
SuccessMailSubject The text to include in the Subject field.
This parameter is mandatory if SendSuccessMail =Yes
None String
SuccessMailServerIP The IP address of the Mail Server.
This parameter is mandatory if SendSuccessMail =Yes
None IP address
SuccessMailSender Address
The e-mail address of the sender.
This parameter is mandatory if SendSuccessMail =Yes
None IP address
SuccessMailRecipient Address
The e-mail address of the recipient.
This parameter is mandatory if SendSuccessMail =Yes
None IP address
ErrorMailTemplatePath The path of the text file that contains the message to send by email.
This parameter is mandatory if SendErrorMail =Yes
None Path
ErrorMailSubject The text to include in the Subject field.
This parameter is mandatory if SendErrorMail =Yes
Token Meaning Mandatory Default Value
Acceptable Values
ErrorMailServerIP The IP address of the Mail Server.
This parameter is mandatory if SendErrorMail =Yes
None IP address
ErrorMailSender Address
The e-mail address of the sender.
This parameter is mandatory if SendErrorMail =Yes
None IP address
ErrorMailRecipient Address
The e-mail address of the recipient.
This parameter is mandatory if SendErrorMail =Yes
None IP address
InteractiveRule Whether or not the service will display a user interface or not.
Yes No Yes/No Yes=with interface No=without interface InteractiveLogon Whether logon to the
Vault will be manual or with a credential file.
Yes Yes Yes/No Yes=manual logon
No=credential file logon DisplayInteractiveMsg Whether or not to
display success or error messages.
Yes Yes/No Yes=display messages No=do not display messages OpenAfterDownload Whether or not to
open the file(s) after downloading them.
Yes No Yes/No Yes=open the files
No=do not open the files AddTimeStamp Whether or not to add
a timestamp to the filename after the transfer.
No No Yes/No Yes=add a timestamp No=do not add a timestamp AddTimestampOn
Archive
Whether or not to add a timestamp to the filename in the archive folder.
This parameter is mandatory if PostOperation=1
No Yes/No Yes=add a timestamp No=do not add a timestamp RenameFile Whether or not to
rename a file after transferring it.
No No Yes/No Yes=rename the file No=do not rename the file
Appendix A: Parameter Files
Token Meaning Mandatory Default
Value
Acceptable Values
SendSuccessMail Whether or not to send a message after a successful transfer.
No No Yes/No Yes=send message No=do not send message SendErrorMail Whether or not to
send a message after an unsuccessful transfer.
Yes No Yes/No Yes=send message No=do not send message ChangePasswordOn EveryLogon
Whether or not to change the user’s password after every logon.
Yes No Yes/No Yes=change password No=do not change password PostOperation The action that will
be carried out after a transfer.
Yes 0 0/1
0=no action 1=archive 2=delete files ActionType Whether the service
will upload files into the Vault or
download them to a local file server.
Yes 0 0/1 0=upload 1=download
Vault.ini
The Vault.ini file contains all the information about the Vault.
Parameter Description Default Value Acceptable
Values
Vault The name of the Vault. None String Address The IP address of the Vault. None IP address Port The Vault IP Port. 1858 Number
Optional Parameters:
Timeout The number of seconds to wait for a Vault to respond to a command before a timeout message is displayed.
30 Number
AuthType The type of authentication to be used to log onto the Vault.
PA_AUTH PA_AUTH (Password), NT_AUTH, RADIUS_AUTH, PKI_AUTH NTAuthAgentName The name of the NT
Authentication Agent.
None String
NTAuthAgentKeyFile The name of the NT Authentication Key File.
None String
VaultDN The Distinguished Name of the Vault (PKI Authentication).
None String
ProxyType The type of proxy through which the Vault is accessed.
None HTTP, HTTPS, SOCKS4, SOCKS5 ProxyAddress The proxy server IP address.
This is mandatory when using a proxy server.
None IP address
ProxyPort The Proxy server IP Port. 8081 Number ProxyUser User for Proxy server if NTLM
authentication is required.
None User name
ProxyPassword The password for Proxy server if NTLM authentication is
required.
None Password
ProxyAuthDomain The domain for the Proxy server if NTLM authentication is required.
NT_DOMAIN_ NAME
Domain name
BehindFirewall Whether or not the Vault is being accessed via a Firewall.
Appendix A: Parameter Files
Parameter Description Default Value Acceptable
Values
UseOnlyHTTP1 Use only HTTP 1.0 protocol. Valid either with proxy settings or with BEHINDFIREWALL.
No Yes/No
NumofRecordsPerSend The number of file records to transfer together in a single TCP/IP send/receive commands.
15 Number
NumOfRecordsPer Chunk
The number of file records to transfer together in a single TCP/IP send/receive operation.
15 Number
ReconnectPeriod The number of seconds to wait before the sessions with the Vault is re-established.
1 Number
CIFSGateway The name of the CIFS Gateway. None String HTTPGatewayAddress The URL of the HTTP Gateway. URL URL
