Setting up FTP site in Windows 2000

[paulsmith5]

Hi,

I wish to set up FTP so that a group of users have access to a specific
location within my overall FTP site. Lets suppose that I have a
directory on my pc called App1 and I have created a new virtual
directory in my default FTP site that maps to it (therefore to access
it I would navigate to ftp://ipaddress/app1). Now consider the user
group - call it App1FTPUsers. Every member of App1FTPUsers should be
required to login and have read only rights - i.e. they should only be
allowed download files and browse certain folders. Individual members
of App1FTPUsers should only be able to access specific folders, for
example User1 should only be able to access a directory within App1
called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should only be
able to access a directory within App1 called User2 (e.g.
ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should be
able to access anywhere outside of ftp://ipaddress/app1. Furthermore, I
would like to retain the ability for certain other users ouside of the
App1FTPUsers group (e.g. the local administrator etc.) to write to the
directories involved.

Please could somebody help me with the steps I should take to achieve
this. I have set up the ftp virtual directory but have done nothing
about the security settings i.e. currently the App1FTPUsers group does
not exist, I have Allow Anonymous Connections set to true for my FTP
site, my FTP home directory has Read and Log Visits checkboxes checked
- Write is unchecked. Everyone has full control on all the folders that
are mapped to in ftp://ipaddress/app1. I am using Windows 2000 and IIS
6.0. The FTP server is not a domain controller.

Thanks,

Paul

 

[Steven L Umbach]

FTP permissions work in conjunction with ntfs permissions to restrict or
allow users or groups access with the most restrictive of the two
permissions applying. In other words if your FTP site is set to read only
and a user has write access to a folder, they will not be able to write to
the folder. When configuring permissions make sure that only the specific
groups you want to have access are included in the permissions with the
proper permissions. Do not have everyone or users included for instance if
you want to restrict a folder to specific groups. If possible, have your ftp
folders on a different drive partition other than the system drive. Do not
enable anonymous access unless you want to allow anyone to access your ftp
server. Keep in mind that for FTP authentication that user credentials are
sent in clear text. The link below may help. --- Steve

http://www.microsoft.com/technet/pr...IIS/31c2427c-c0a5-49fa-9e03-823f34fba3e8.mspx

 

[Jeff Cochran]

Hi,

I wish to set up FTP so that a group of users have access to a specific
location within my overall FTP site. Lets suppose that I have a
directory on my pc called App1 and I have created a new virtual
directory in my default FTP site that maps to it (therefore to access
it I would navigate to ftp://ipaddress/app1). Now consider the user
group - call it App1FTPUsers. Every member of App1FTPUsers should be
required to login and have read only rights - i.e. they should only be
allowed download files and browse certain folders. Individual members
of App1FTPUsers should only be able to access specific folders, for
example User1 should only be able to access a directory within App1
called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should only be
able to access a directory within App1 called User2 (e.g.
ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should be
able to access anywhere outside of ftp://ipaddress/app1. Furthermore, I
would like to retain the ability for certain other users ouside of the
App1FTPUsers group (e.g. the local administrator etc.) to write to the
directories involved.

Please could somebody help me with the steps I should take to achieve
this. I have set up the ftp virtual directory but have done nothing
about the security settings i.e. currently the App1FTPUsers group does
not exist,

So create the group and add whatever users get access to this section
to the group.

I have Allow Anonymous Connections set to true for my FTP
site

Remove anonymous access.

my FTP home directory has Read and Log Visits checkboxes checked
- Write is unchecked. Everyone has full control on all the folders that
are mapped to in ftp://ipaddress/app1.

Remove the Everyone group from the folder permissions. Assign only
the rights specifically needed, in this case Read for the App1FTPUsers
group. Probably want full permissions for admins as well. These are
NTFS file/folder permissions, not in the MMC for the FTP site.

I am using Windows 2000 and IIS
6.0.

No you're not. W2K has IIS5, IIS6 comes with Server 2003.

The FTP server is not a domain controller.

Doesn't need to be.

Also see:

HOW TO: Set Up an FTP Server in Windows 2000
http://support.microsoft.com/?id=300662

How To Set Up an FTP Site So That Users Log Onto Their Folders:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;201771

HOW TO: Create a Secure FTP Directory that Uses Password
Authentication:
http://support.microsoft.com/?id=239120

Jeff

 

[paulsmith5]

Hi Steven,

Thanks for the help. Got it sorted.

Paul

 

[paulsmith5]

Hi Jeff,

Thanks for the help and links. Got it sorted.

Paul

 

[Steven L Umbach]

Your welcome. Glad you are good to go now. --- Steve