The server adopts the identity of Active Directory (AD) users upon their login, performing all server operations as the respective AD user. However, when an anonymous connection is established to download a publicly shared file, the server does not impersonate an AD user. Instead, the connection accessing the publicly shared file operates under the same account as the Cerberus FTP Server Windows Service.
For an anonymous connection to open and download the file successfully, the account running the Cerberus FTP Server Windows Service must possess read permissions on the publicly shared file.
Another common issue arises when dealing with files located on a NAS or network share. While AD users have permission to access the network share, the Local System account, under which Cerberus FTP Server runs, often lacks network privileges. To address this, you can run the Cerberus FTP Server Windows Service using an alternative account with the necessary permissions to access the network share. Refer to this FAQ entry for guidance on common issues encountered when changing the underlying Cerberus Service account.