Why can't public file links shared by Active Directory users be downloaded? An "Access Denied" error appears in the log when an anonymous connection tries to download the publicly shared file link.

The server will impersonate Active Directory (AD) users when they login, and carry out all server operations as that AD user. The server does not impersonate an AD user when an anonymous connection is established to download a publicly shared file. The connection accessing the publicly shared file is accessing that file under the same account the Cerberus FTP Server Windows Service is running under.

The account that the Cerberus FTP Server Windows Service (the default is Local System) is running under has to have read permission on the publicly shared file to allow the anonymous connection to open and download the file.

Another common problem occurs when files are on a NAS or network share. AD users have permission to access the network share, but the Local System account that Cerberus FTP Server runs under often does not have network privileges. The solution is to run the Cerberus FTP Server Windows Service as another account that has permission to access the network share. Take a look at this FAQ entry for common issues encountered when changing the underlying Cerberus Service account.