The login ID is provided by the client as one part of authenticating the session to the file server. In addition to the login ID, clients must provide a password to complete authentication. Login IDs must be unique for each account specified at the particular level. Login IDs cannot contain any of the following special characters:

\ / < > | : . ? *

Two special login IDs exist: Anonymous and FTP. These login IDs are synonymous with one another, and they can be used for guests on your file server. These users do not require a password, which should be left blank in this case. Instead, Serv-U requires users who log on with one of these accounts to provide their email address to complete the login process.

The password is the second item that is required so that a session can be authenticated with the file server. The password should be kept a secret and not shared with anyone other than the person that owns the account. A strong password contains at least six characters including a mix of upper and lowercase letters and at least one number. You can place restrictions on the length and complexity of passwords through limits. For more information about password limits, see User limits and settings.

You can also generate a new random password for a user by clicking the Lock icon next to the Password. This new password will follow the defined password length requirements. By default, all passwords are eight characters long and are complex. If the minimum password length is equal to or less than four characters, the password will be four characters long. Otherwise, generated passwords will follow the specified domain value.

Select the level of privilege to be applied to users in this group.

No Privilege. A regular user account that can only transfer files to and from the File Server. The Serv-U Management Console is not available.

Group Administrator. A Group Administrator can only perform administrative duties relating to their primary group - the group listed first in their Groups memberships list. They can add, edit, and delete users which are members of their primary group. They can also assign permissions at or below the level of the Group Administrator. They may not make any other changes.

Domain Administrator. A Domain Administrator can only perform administrative duties for the domain to which their account belong, and is also restricted from performing domain-related activities that may affect other domains. The domain-related activities that may not be performed by Domain Administrators are:

• configuring their domain listeners
• configuring or administering LDAP groups
• configuring ODBC database access for the domain

System Administrator. A System Administrator can perform any file server administration activity including creating and deleting domains, user accounts, and even updating the license of the file server. A user account with System Administrator privileges logged in through HTTP remote administration can administer the server as if they had physical access to the server.

Read-only Group/Domain/Server Administrator. Read-only administrator accounts can allow administrators to log in and view configuration options at the group, domain or server level, greatly aiding remote problem diagnosis when working with outside parties. Read-only administrator privileges are identical to their full-access equivalents, except that they cannot change any settings, and cannot create, delete or edit user accounts.

By default, all accounts are permanent and exist on the file server until manually deleted or disabled. You can configure an account to be automatically disabled or deleted on a specified date by configuring the account type. After selecting the appropriate type, the Account Expiration Date control is displayed. Click the calendar or expiration date to select when the account should be disabled or deleted.

The account is accessible until the beginning of the day on which it is set to be disabled. For example, if an account is set to be disabled on 25 December 2019, the user can log in until 24 December 2019, 23:59.

If your Serv-U license enables the use of FTP Voyager JV, then users connecting to the file server through HTTP can choose which client they want to use after logging in. Instead of asking users which client they want to use, you can also specify a default client. If you change this option, it overrides the option specified at the server or domain level. It can also be inherited by a user through group membership. Use the Inherit default value option to reset it to the appropriate default value.

The Email Address is used when Web Client password recovery requires an email address to send a recovered password to a user. If you have the MFT edition of Serv-U, this is also used by Events.

Enter or navigate to the home directory for this user. This is where the user is placed immediately after logging in to the file server. This must be specified using a full path including the drive letter or the UNC share name.

When you specify the home directory, you can use the %USER% macro to insert the login ID in to the path. This is used mostly to configure a default home directory at the group level or within the new user template to ensure that all new users have a unique home directory. When it is combined with a directory access rule for %HOME%, a new user can be configured with a unique home directory and the appropriate access rights to that location with a minimal amount of effort.

You can also use the %DOMAIN_HOME% macro to identify the user's home directory. For example, to place a user's home directory into a common location, use %DOMAIN_HOME%\%USER%.

The home directory can be specified as "\" (root) in order to grant system-level access to a user, allowing them to access all system drives. In order for this to work properly, the user must not be locked in their home directory.

If you have the MFT edition of Serv-U, you can specify a SSH public key to be used to authenticate a user when logging in to the Serv-U File Server.

For information on SSH public key authentication, adding a SSH key pair, and creating an key pair for testing, see New SSH Key Pair Creation.

Enabling this option means that the user account is always permitted to log in, regardless of restrictions placed upon the file server, such as maximum number of sessions. It is useful as a fail-safe in order to ensure that critical system administrator accounts can always remotely access the file server. As with any option that allows bypassing access rules, care should be taken in granting this ability. The value of this attribute can be inherited through group membership.

Enabling the Always Allow Login option does not override IP access rules. If both options are defined, the IP access rules prevail.

Click Availability if you want to place limits on when this user can log in.

Check Apply limit and select the start and end time to specify the period this user may log in.

Tick the checkboxes for the days of the week on which this user may log in.