NT User Security Impersonation Enterprise Users In Windows 2000 and XP when using an NTFS file system, it is possible to assign specific permissions to folders to different users capable of logging into the operating system. On a system with existing NT users an administrator may want to provide FTP access to these users and also provide them access to their own personal folders that only they can read and write. Because BlackMoon FTP Server runs as a service application, it also logs into the operating system using the SYSTEM account (local administrator equivalent, default installation account). This SYSTEM account will not be able to read a folder only a certain NT user is granted access to. In the example below, supposing there is an NT user account called PETER and PETER is the only account allowed to read a certain folder. The FTP Administrator creates an account in BlackMoon FTP Server for PETER and checks the OS Authentication option. PETER can now log into the FTP Server and try to read the files only he can read. There is just one little problem. Because the FTP Server is running under a different NT account called SYSTEM, it cannot read PETER's folder and PETER gets a blank listing or errors saying "access denied". The way around this little problem is to use impersonation. Impersonation is a technique which allows the ftp server to pretend it is PETER. As the graphic below shows, with impersonation the outcome is a lot different To summarize, impersonation is only required in situations where you want to provide FTP access to the personal directories of existing Windows Accounts (NT USers). For normal everyday FTP operations using normal account impersonation isn't required or needed. The SYSTEM account that the ftp server runs under by default can read all files and folders unless that permission is specifically removed. The Impersonation is feature is only available in the Enterprise Edition.