Guest FTP access

J

Jim Matthews

I have a FTP site (W2K Server SP4), which is used by our remote consultants
to download software, company docs, etc.- using a logon and password.

Lately, I have had several requests to give clients access to a "Guest"
Folder to upload software and docs.

In order to eliminate them from accessing the company folders, I have to go
to each folder and "deny" the "Guest" account on those folders and enable
access to the Guest Folder.

I would like to set it up so that if they tried to login to ftp.domain.com,
they would be disallowed, or at least not even see the company folders.

They would be forced to access ftp.domain.com/guest where they would type
their logon and password and "away they go".

But when I set the permission to the FTP "home folder" to "deny" and set the
permission for "Guest" to "full control", they cannot logon at all.

Anybody got a suggestion ?

Thanks,

JM
 
G

Gino

One thing to think about giving a FTP upload folder full access. Someone
could upload an .exe and then execute it.
Read folders should be READ, LIST, ATTRIBUTES, EXTENDED ATTRIBUTES. (uncheck
execute and transverse, on the advanced tab)
Upload folders should be LIST, WRITE
In local policies, user rights the Everyone account should be removed from
BYPASS TRANSVERSE CHECKING.
WEB and FTP folders should not be on the same drive as %windir%
You don't have to deny access to the guest account. If you remove the
Everyone group
from all the drives and guest is not given explicit rights to a folder they
will not be able open it.
I would think about using a different port number. It's just as easy to tell
them to type
ftp.domain.com:2121 as it is to ftp.domain.com/guest , that way you can drop
them into a different root.
 
J

Jim Matthews

All good advice (most of which is already done), but it does not address my
question

I want these guests to be able to "see" whatever they are authorized for,
and nothing else.

Currently, they can see all folders but can only access the "Guest" folder.

Acceptable alternatives:

1. When they log onto ftp.domain.com, they see ONLY the folders they are
permitted
2. When they log onto ftp.domain.com, they are told they are nor
authorized - But if they log onto ftp.domain.com/guest, they are given
access

Thanks again for your help

JM
 
G

Gino

Who ever logs on either your regular users or the guest they are going to
see the folder name that FTP drops them on. For guest if they are not on the
ACL they will not be able to open the folder. If they click on it they will
be denied access. If they append "/guest" in the address line they will be
taken to the guest folder where they can open it (add guest to the guest
folder ACL).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

logon to guest acount takes over an hour 3
Shared folders inaccessible from guest account, ok for authed users 0
Guest account and power profile question 3
Changing account access to applications 6
admistrator lockout 1
Restrict folder access of Guest 9
Guest Access to Printers 6
Can"t access Admin acct 1

Top