Try for Free Contact Us
Key Features
  • Microsoft Azure
  • Remote Monitoring & Mangement
  • Antivirus & Antimalware Protection
  • Backup & Disaster Recovery
  • Documentation and Asset Management
  • Ticketing & Helpdesk
  • Top-Tier Security Compliance
    • One Platform
    All the Features

    Documentation

    Web Policy

    The Web Policy section in MSPControl defines security and operational configurations for various internet-facing services, ensuring managed environments maintain control, traceability, and compliance across hosted domains, FTP access, mail systems, and public web content. These policies help prevent misconfiguration, enforce business rules, and limit exposure to threats from external networks.

    Each policy in this section can be individually enabled and customized based on your organization’s hosting strategy, client-specific restrictions, and compliance requirements.

    Table of Contents

    Domain Policy

    The Domain Policy section allows administrators to configure domain-related behaviors within MSPControl. It includes automation settings for domain lifecycle monitoring, creation defaults, and dashboard visibility for expiring domains.

    Web Policy

     

    WhoisXML API

    This section enables integration with the WhoisXML API for domain status tracking. It is primarily used to retrieve up-to-date registration data and identify expiring or inactive domains.

    1. Use WhoisXML API – Enables or disables the API integration.
    2. API Key – The secured key used to authenticate requests with WhoisXML. This is masked by default for security.
    3. Number Of Days Between Domain Refresh – Defines how often MSPControl refreshes WHOIS data for the domains (e.g., every 4 days).

    Domain Creation Defaults

    Controls the default behavior when new domains are added to the platform.

    1. Create a New Website – Automatically creates a new website upon domain registration.
    2. Create Instant Alias – Automatically adds a domain alias to match the registered domain for convenience or redirection purposes.

    Dashboard Widget Settings

    Defines how domain expiration is surfaced in administrative dashboards.

    1. Domains Expiring Threshold (days) – Determines how far in advance domains are flagged as “expiring soon” in the dashboard (e.g., 30 days before expiration).

    Best Practices

    • Enable WhoisXML API to maintain accurate domain expiration tracking and prevent service disruptions.
    • Set a domain refresh interval (e.g., 4 days) that balances API usage limits with operational awareness.
    • Keep Create Instant Alias enabled to simplify web redirection and alternate domain resolution automatically.
    • Configure the Domains Expiring Threshold based on your renewal or alerting workflows—typically 30–60 days.
    • Ensure that the API key is valid and has appropriate permissions in WhoisXML for domain queries.

    FTP Policy

    The FTP Policy in MSPControl allows administrators to define consistent standards for managing FTP account names, security controls, and activity thresholds. These settings help ensure compliance, maintain security, and enforce naming conventions across all provisioned FTP accounts.

    FTP Policy FTP Policy FTP Policy

    FTP Accounts Policy

    This section governs the naming conventions for FTP accounts.

    1. Enable Policy: Activates the account name validation logic.
    2. Allowed symbols: Defines additional allowed symbols beyond the default (`a-z`, `A-Z`, `0-9`, `.`, `_`). For example, the dash symbol (`-`) can be allowed here.
    3. Minimum length: Sets the minimum character length for FTP usernames.
    4. Maximum length: Sets the upper limit for FTP username character length.
    5. Prefix: A static prefix added to each new FTP account. Variables such as `[USER_NAME]` and `[USER_ID]` are supported.
    6. Suffix: A static suffix for FTP usernames (e.g. `_ftp`). Variables supported here as well.

    End User Portal

    Controls MFA handling behavior in user-facing scenarios.

    • Override SMS Two Form if User has Microsoft MFA: If enabled, the system skips internal SMS-based two-factor authentication when Microsoft MFA is detected on the account. This avoids redundant prompts for end users.

    FTP User

    • Allow Customer to Unlock FTP User: Permits clients to manually unlock their FTP accounts if locked due to inactivity or access restrictions.

    Additional Settings

    1. Max Inactive Days Until Deactivation: Sets the number of days an FTP user account can remain inactive before being automatically deactivated. A value of 30 days is typically recommended.

    Password

    Defines password requirements and renewal behavior for FTP accounts.

    1. Enable Policy: Enforces password rules defined below.
    2. Repair settings for organizations: Applies default settings to existing organizations that don’t yet follow the policy.
    3. MinLength / MaxLength: Password length boundaries (e.g. 12 to 20 characters).
    4. Enforce password history: Prevents reuse of recent passwords. The number defines how many previous passwords are remembered.
    5. Notification Days: Number of days before password expiration that users receive a warning.
    6. Auto Renew Days: Automatically resets the password after this period if enabled.
    7. Max Password Age: Maximum validity period for a password. Use `0` to disable expiration.
    8. Min Password Age: Minimum required period before a password can be changed again. `0` disables this limit.

    Password Complexity Options:

    • MinUpperCase: Minimum number of uppercase characters required.
    • MinNumbers: Minimum number of digits.
    • MinSymbols: Minimum number of special characters required.

    Invite expired hours: Duration before invitation links expire (default: 24 hours).

    Best Practices

    • Enable account name policies to enforce naming standards across tenants.
    • Set password complexity to meet compliance requirements (e.g. ISO, SOC2).
    • Use prefixes and suffixes to avoid username conflicts in multi-tenant environments.
    • Set reasonable inactivity thresholds to automatically clean up unused accounts.
    • Ensure override logic for MFA is aligned with your organization’s authentication strategy.

    Mail Policy

    The Mail Policy section allows administrators to define how mail accounts are named and managed across organizations. It includes rules for mail account structure, password security, and optional overrides for MFA behavior in end-user scenarios.

    Mail Policy Mail Policy

    General Settings

    This section defines the default catch-all address for domains created under this policy.

    • Catch-All Account: Email address that will receive all messages sent to undefined recipients in the domain.

     

    Mail Accounts Policy – Account Name

    • Enable Policy: Activates all configuration fields below for enforcement.
    • Allowed Symbols: Characters permitted in mail account names in addition to default a–z, A–Z, 0–9, dot, hyphen, and underscore.
    • Minimum Length: Enforces the minimum number of characters allowed in the mailbox name.
    • Maximum Length: Enforces the maximum number of characters allowed.
    • Prefix / Suffix: Optional fields to add custom text or variables ([USER_NAME], [USER_ID]) before or after the mailbox name.

     

    Password

    • Enable Policy: Enables enforcement of all password rules configured in this section.
    • Repair Settings for Organizations: Clicking this button applies the current password policy to all existing organizations, overwriting old values.
    • MinLength / MaxLength: Defines the allowed range for password length.
    • Enforce Password History: Prevents users from reusing the last N passwords.
    • Notification Days: Number of days before password expiration to notify users.
    • Auto Renew Days: If enabled, automatically updates the password after a defined number of days.
    • Max/Min Password Age: Optional limits to define when passwords must be changed or can’t be changed too soon.
    • Enable Password Complexity: Requires at least one uppercase letter, one digit, and one symbol.
    • MinUpperCase / MinNumbers / MinSymbols: Specific requirements to enforce complex password structure.
    • Invite Expired Hours: How many hours an email invitation (for e.g., to join the platform) remains valid before expiring.

     

    End User Portal

    • Override SMS Two Form if User has Microsoft MFA: When enabled, users with Microsoft MFA configured will bypass the default SMS-based 2FA for portal access.

    Best Practices

    When configuring Web Policies in MSPControl (Domain, FTP, Mail, Web):

    • Enforce naming conventions using prefix/suffix rules to ensure consistency and avoid conflicts across tenants.
    • Use strong password policies with enforced history, complexity, and expiration settings to protect accounts.
    • Limit account name lengths to avoid platform compatibility issues with downstream systems or integrations.
    • Regularly apply ‘Repair’ actions to propagate updated policies across all organizations, especially after policy changes.
    • Set inactivity and expiration thresholds to automatically deactivate unused accounts and prevent security risks.
    • Use catch-all addresses cautiously; they can be useful for diagnostics but may introduce spam if not monitored.
    • Rely on Microsoft MFA where possible and override SMS-based 2FA only if Microsoft MFA is properly configured.
    • Optimize UI responsiveness by clearing your browser’s cache regularly: go to browser settings → Privacy → Clear cached files and images.

    Web Policy

    This section allows administrators to define default web behavior for newly created web sites, including parking page templates, default documents, and publishing settings.

    Parking Page

    The Parking Page option enables a placeholder page for newly created websites until real content is deployed.

    • Add Parking Page: Enables insertion of a default HTML page for under-construction websites.
    • Page Name: The filename of the placeholder page (e.g., default.aspx).
    • Page Content: Custom HTML content for the parking page. You can include inline CSS and HTML to define the visual appearance and message displayed to visitors.
    • Allow Tokens: When enabled, MSPControl tokens can be used within the page content for dynamic replacements (e.g., website name).

    Parking Page

    Defaults

    This section defines default values used when provisioning web sites.

    • Default Hostname: A fallback hostname assigned to websites when hostname-based access is enabled. Leave empty to skip auto-assignment.
    • Default Documents: A prioritized list of default documents that the web server will look for in the site root. These include common default filenames like default.aspx, index.php, and default.html.

    Web Publishing

    This configuration sets up Web Deploy publishing profiles for automated website publishing.

    • Publishing Profile: A custom XML template used for generating publishing profiles. Supports tokenized values like #{WebSite.Name#} and #{WebSite.WebDeployPublishingAccount#} that are replaced dynamically per site.

    Web Publishing Password

    This section defines complexity rules and limits for Web Publishing user passwords.

    • MinLength / MaxLength: Minimum and maximum number of characters allowed in the password.
    • Enable Password Complexity: When enabled, enforces composition rules defined below.
    • MinUpperCase: Minimum number of uppercase letters required.
    • MinNumbers: Minimum number of digits required.
    • MinSymbols: Minimum number of special characters required.

    Web Publishing

    Remote Management

    This section applies the same password policy rules to Remote Management users.

    • MinLength / MaxLength: Password length limits for remote access credentials.
    • Enable Password Complexity: Enforces additional complexity constraints when checked.
    • MinUpperCase: Required number of uppercase characters in the password.
    • MinNumbers: Required number of digits.
    • MinSymbols: Required number of special characters.

    Remote Management

    General Settings

    This section allows administrators to configure default web server behaviors for provisioned websites.

    Security Settings

    • Enable Write Permissions: Grants write access to the website’s file system. Useful for content management systems or applications that need to modify files.
    • Enable Directory Browsing: Allows users to view the contents of directories without a default document. Typically disabled for security reasons.
    • Enable Parent Paths: Enables the use of “..” in ASP code for referencing parent directories. Can be a security risk if misused.
    • Dedicated Application Pool: When checked, each website will run in its own isolated IIS application pool, improving security and stability.

     

    Authentication

    • Allow Anonymous Access: Enables public access to the website without requiring login credentials.
    • Enable Integrated Windows Authentication: Allows seamless authentication using Windows credentials for intranet environments.
    • Enable Basic Authentication: Allows standard HTTP basic authentication. Less secure unless used over HTTPS.

     

    Compression

    • Enable static compression: Compresses static content (e.g., CSS, JS, HTML) to reduce bandwidth usage.
    • Enable dynamic compression: Compresses dynamic content such as ASP.NET pages, improving load times and performance.

     

    CPU Throttling

    • Enable IIS CPU Throttling: Activates CPU throttling via IIS (if supported). Note: MSPControl does not modify existing IIS throttle rules if this is unchecked.

     

    Let’s Encrypt

    • Use Space Owner Email: Uses the owner’s email address for Let’s Encrypt SSL certificate requests and renewals.

     

    New Website

    • Include Zone Template: Applies a predefined zone template when creating a new website to standardize DNS and structure.

    General Settings

    Extensions

    This section defines which scripting and runtime technologies are enabled for hosted websites.

    • ASP: Enables classic ASP scripting support.
    • ASP.NET: Allows selection of the desired ASP.NET runtime mode (e.g., 4.0 Integrated).
    • Python: Enables Python support via supported handlers in IIS.
    • Perl, CGI-BIN, ColdFusion, CFVirtualDirectories: Enable or disable corresponding handlers and folder support for websites. Use only if needed by specific workloads.

    Anonymous Account Policy

    Controls the username format and policy for anonymous access accounts.

    • Enable Policy: Enforces the rules specified below for auto-generated anonymous user accounts.
    • Allowed Symbols: Defines which non-alphanumeric characters are permitted. By default, letters, digits, underscores, and periods are allowed.
    • Minimum / Maximum Length: Sets the allowed character length of the username.
    • Prefix / Suffix: Optional values to prepend or append to the username. Can include tokens like [USER_NAME] or [USER_ID].

    Extentions

    Virtual Directories

    Defines naming rules for virtual directories created under a website.

    • Enable Policy: Enforces naming restrictions for virtual directories.
    • Allowed Symbols: Defines which special characters are allowed in directory names. Letters, numbers, underscore, and hyphen are allowed by default.
    • Minimum / Maximum Length: Sets the allowed length for the virtual directory name.
    • Prefix / Suffix: Optional fields to standardize naming conventions or include dynamic elements such as user identifiers.

    Virtual Directories

    Secured Web Folders

    Defines naming conventions and restrictions for user accounts created for secured web folder access.

    • Enable Policy: Enforces rules for naming secured folder usernames.
    • Allowed Symbols: Additional characters allowed beyond default alphanumerics.
    • Minimum / Maximum Length: Defines username length range.
    • Prefix / Suffix: Optional fields for appending identifiers or enforcing naming consistency. Tokens like [USER_NAME] and [USER_ID] are supported.

    Secured Web Folders

    User Password

    Controls password complexity and renewal rules for secured folder user accounts.

    • Enable Policy: Turns on enforcement of all password rules below.
    • Repair Settings: Attempts to fix mismatches in password policies for existing organizations.
    • MinLength / MaxLength: Allowed password length boundaries.
    • Enforce Password History: Prevents reuse of the last X passwords.
    • Notification Days: Sends an expiration warning this many days before password expiry.
    • Auto Renew Days: Triggers automatic renewal or prompt X days before expiration.
    • Max / Min Password Age: Defines how long a password can be used before it must change (0 disables).
    • Enable Password Complexity: Activates rules below for uppercase, numbers, and symbols.
    • MinUpperCase / MinNumbers / MinSymbols: Composition rules that enforce strong passwords.
    • Invite Expired Hours: Defines how long an invite remains valid (in hours).

    Group Name

    Defines the policy for naming groups used in web folder and permission assignments.

    • Enable Policy: Turns on validation for group name creation.
    • Allowed Symbols: Extra characters allowed in group names.
    • Minimum / Maximum Length: Required character length range for group names.
    • Prefix / Suffix: Optional values to structure naming conventions. Supports [USER_NAME] and [USER_ID] tokens.

    User Password

    Web Site Folders

    This section defines folder structure templates for each provisioned website. All paths are relative to the space root.

    • Root Folder: Main folder where website content is placed (e.g., \\[DOMAIN_NAME]\wwwroot).
    • Logs Folder: Stores web server logs (\\[DOMAIN_NAME]\logs).
    • Data Folder: Used for application-specific data storage.
    • PHP Folder: Optional folder for storing PHP-related scripts or modules.
    • Add random string to the end of [DOMAIN_NAME]: Adds entropy to folder paths, useful in multi-tenant security contexts.

    Web Site Folders

    Headers

    This section allows configuration of HTTP response headers for all websites.

    • Add Custom Header: Adds user-defined headers with custom name-value pairs. Can also be scoped to SSL requests.
    • Enable HTTP keep-alive: Enables persistent connections between client and server to improve load performance.
    • Expire Web Content: Adds caching headers to control content freshness for browsers and proxies.

    URL Rewrite

    Defines URL rewrite rules that apply to all provisioned websites.

    • Add URL Rewrite Rule: Allows administrators to create rewrite logic based on conditions, patterns, and actions.
    • Apply to All Websites: Propagates the defined rewrite rules to every managed website in the system.

    WordPress Rewrite Rules

    Predefined rules to support clean URLs and permalinks in WordPress installations. Uses standard IIS web.config rewrite schema.

    File Manager

    Configures file manager permissions and editable file types for web hosting clients.

    • Disable IIS Request Filtering: When enabled, overrides IIS’s default file extension filtering. Use with caution.
    • Editable and Downloadable File Extensions: Defines which file types are visible/editable through the web-based file manager. Each extension must be listed on a separate line.

    File Manager

    Best Practices

    To ensure robust, secure, and scalable website hosting in MSPControl environments, the following practices are recommended:

    • Always use Dedicated Application Pools to isolate websites and avoid cross-process interference.
    • Enable Password Complexity for all user, folder, and group policies to enforce minimum security standards.
    • Use token-based folder paths (e.g., [DOMAIN_NAME]) to dynamically generate consistent directory structures.
    • Restrict editable file types to only what is necessary (e.g., .php, .html, .txt) to reduce the risk of exploits.
    • Enable <st

    Boost efficiency and profitability with MSPControl.

    No credit card required for free, limited license.