Sign in with
Sign up | Sign in
Your question

Setting up FTP site in Windows 2000

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
April 20, 2005 7:50:10 AM

Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

Hi,

I wish to set up FTP so that a group of users have access to a specific
location within my overall FTP site. Lets suppose that I have a
directory on my pc called App1 and I have created a new virtual
directory in my default FTP site that maps to it (therefore to access
it I would navigate to ftp://ipaddress/app1). Now consider the user
group - call it App1FTPUsers. Every member of App1FTPUsers should be
required to login and have read only rights - i.e. they should only be
allowed download files and browse certain folders. Individual members
of App1FTPUsers should only be able to access specific folders, for
example User1 should only be able to access a directory within App1
called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should only be
able to access a directory within App1 called User2 (e.g.
ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should be
able to access anywhere outside of ftp://ipaddress/app1. Furthermore, I
would like to retain the ability for certain other users ouside of the
App1FTPUsers group (e.g. the local administrator etc.) to write to the
directories involved.

Please could somebody help me with the steps I should take to achieve
this. I have set up the ftp virtual directory but have done nothing
about the security settings i.e. currently the App1FTPUsers group does
not exist, I have Allow Anonymous Connections set to true for my FTP
site, my FTP home directory has Read and Log Visits checkboxes checked
- Write is unchecked. Everyone has full control on all the folders that
are mapped to in ftp://ipaddress/app1. I am using Windows 2000 and IIS
6.0. The FTP server is not a domain controller.

Thanks,

Paul
Anonymous
a b 8 Security
April 20, 2005 4:48:08 PM

Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

FTP permissions work in conjunction with ntfs permissions to restrict or
allow users or groups access with the most restrictive of the two
permissions applying. In other words if your FTP site is set to read only
and a user has write access to a folder, they will not be able to write to
the folder. When configuring permissions make sure that only the specific
groups you want to have access are included in the permissions with the
proper permissions. Do not have everyone or users included for instance if
you want to restrict a folder to specific groups. If possible, have your ftp
folders on a different drive partition other than the system drive. Do not
enable anonymous access unless you want to allow anyone to access your ftp
server. Keep in mind that for FTP authentication that user credentials are
sent in clear text. The link below may help. --- Steve

http://www.microsoft.com/technet/prodtechnol/WindowsSer...

<paulsmith5@hotmail.com> wrote in message
news:1113994210.763305.174270@l41g2000cwc.googlegroups.com...
> Hi,
>
> I wish to set up FTP so that a group of users have access to a specific
> location within my overall FTP site. Lets suppose that I have a
> directory on my pc called App1 and I have created a new virtual
> directory in my default FTP site that maps to it (therefore to access
> it I would navigate to ftp://ipaddress/app1). Now consider the user
> group - call it App1FTPUsers. Every member of App1FTPUsers should be
> required to login and have read only rights - i.e. they should only be
> allowed download files and browse certain folders. Individual members
> of App1FTPUsers should only be able to access specific folders, for
> example User1 should only be able to access a directory within App1
> called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should only be
> able to access a directory within App1 called User2 (e.g.
> ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should be
> able to access anywhere outside of ftp://ipaddress/app1. Furthermore, I
> would like to retain the ability for certain other users ouside of the
> App1FTPUsers group (e.g. the local administrator etc.) to write to the
> directories involved.
>
> Please could somebody help me with the steps I should take to achieve
> this. I have set up the ftp virtual directory but have done nothing
> about the security settings i.e. currently the App1FTPUsers group does
> not exist, I have Allow Anonymous Connections set to true for my FTP
> site, my FTP home directory has Read and Log Visits checkboxes checked
> - Write is unchecked. Everyone has full control on all the folders that
> are mapped to in ftp://ipaddress/app1. I am using Windows 2000 and IIS
> 6.0. The FTP server is not a domain controller.
>
> Thanks,
>
> Paul
>
Anonymous
a b 8 Security
April 20, 2005 11:28:03 PM

Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

On 20 Apr 2005 03:50:10 -0700, paulsmith5@hotmail.com wrote:

>Hi,
>
>I wish to set up FTP so that a group of users have access to a specific
>location within my overall FTP site. Lets suppose that I have a
>directory on my pc called App1 and I have created a new virtual
>directory in my default FTP site that maps to it (therefore to access
>it I would navigate to ftp://ipaddress/app1). Now consider the user
>group - call it App1FTPUsers. Every member of App1FTPUsers should be
>required to login and have read only rights - i.e. they should only be
>allowed download files and browse certain folders. Individual members
>of App1FTPUsers should only be able to access specific folders, for
>example User1 should only be able to access a directory within App1
>called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should only be
>able to access a directory within App1 called User2 (e.g.
>ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should be
>able to access anywhere outside of ftp://ipaddress/app1. Furthermore, I
>would like to retain the ability for certain other users ouside of the
>App1FTPUsers group (e.g. the local administrator etc.) to write to the
>directories involved.
>
>Please could somebody help me with the steps I should take to achieve
>this. I have set up the ftp virtual directory but have done nothing
>about the security settings i.e. currently the App1FTPUsers group does
>not exist,

So create the group and add whatever users get access to this section
to the group.

>I have Allow Anonymous Connections set to true for my FTP
>site

Remove anonymous access.

>my FTP home directory has Read and Log Visits checkboxes checked
>- Write is unchecked. Everyone has full control on all the folders that
>are mapped to in ftp://ipaddress/app1.

Remove the Everyone group from the folder permissions. Assign only
the rights specifically needed, in this case Read for the App1FTPUsers
group. Probably want full permissions for admins as well. These are
NTFS file/folder permissions, not in the MMC for the FTP site.

> I am using Windows 2000 and IIS
>6.0.

No you're not. W2K has IIS5, IIS6 comes with Server 2003.

>The FTP server is not a domain controller.

Doesn't need to be.

Also see:

HOW TO: Set Up an FTP Server in Windows 2000
http://support.microsoft.com/?id=300662

How To Set Up an FTP Site So That Users Log Onto Their Folders:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;201771

HOW TO: Create a Secure FTP Directory that Uses Password
Authentication:
http://support.microsoft.com/?id=239120

Jeff
Related resources
Anonymous
a b 8 Security
April 22, 2005 7:54:33 AM

Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

Hi Steven,

Thanks for the help. Got it sorted.

Paul

Steven L Umbach wrote:
> FTP permissions work in conjunction with ntfs permissions to restrict
or
> allow users or groups access with the most restrictive of the two
> permissions applying. In other words if your FTP site is set to read
only
> and a user has write access to a folder, they will not be able to
write to
> the folder. When configuring permissions make sure that only the
specific
> groups you want to have access are included in the permissions with
the
> proper permissions. Do not have everyone or users included for
instance if
> you want to restrict a folder to specific groups. If possible, have
your ftp
> folders on a different drive partition other than the system drive.
Do not
> enable anonymous access unless you want to allow anyone to access
your ftp
> server. Keep in mind that for FTP authentication that user
credentials are
> sent in clear text. The link below may help. --- Steve
>
>
http://www.microsoft.com/technet/prodtechnol/WindowsSer...
>
> <paulsmith5@hotmail.com> wrote in message
> news:1113994210.763305.174270@l41g2000cwc.googlegroups.com...
> > Hi,
> >
> > I wish to set up FTP so that a group of users have access to a
specific
> > location within my overall FTP site. Lets suppose that I have a
> > directory on my pc called App1 and I have created a new virtual
> > directory in my default FTP site that maps to it (therefore to
access
> > it I would navigate to ftp://ipaddress/app1). Now consider the user
> > group - call it App1FTPUsers. Every member of App1FTPUsers should
be
> > required to login and have read only rights - i.e. they should only
be
> > allowed download files and browse certain folders. Individual
members
> > of App1FTPUsers should only be able to access specific folders, for
> > example User1 should only be able to access a directory within App1
> > called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should
only be
> > able to access a directory within App1 called User2 (e.g.
> > ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should
be
> > able to access anywhere outside of ftp://ipaddress/app1.
Furthermore, I
> > would like to retain the ability for certain other users ouside of
the
> > App1FTPUsers group (e.g. the local administrator etc.) to write to
the
> > directories involved.
> >
> > Please could somebody help me with the steps I should take to
achieve
> > this. I have set up the ftp virtual directory but have done nothing
> > about the security settings i.e. currently the App1FTPUsers group
does
> > not exist, I have Allow Anonymous Connections set to true for my
FTP
> > site, my FTP home directory has Read and Log Visits checkboxes
checked
> > - Write is unchecked. Everyone has full control on all the folders
that
> > are mapped to in ftp://ipaddress/app1. I am using Windows 2000 and
IIS
> > 6.0. The FTP server is not a domain controller.
> >
> > Thanks,
> >
> > Paul
> >
Anonymous
a b 8 Security
April 22, 2005 7:56:06 AM

Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

Hi Jeff,

Thanks for the help and links. Got it sorted.

Paul
Anonymous
a b 8 Security
April 22, 2005 10:41:11 PM

Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

Your welcome. Glad you are good to go now. --- Steve

<paulsmith5@hotmail.com> wrote in message
news:1114167273.051905.253400@f14g2000cwb.googlegroups.com...
> Hi Steven,
>
> Thanks for the help. Got it sorted.
>
> Paul
>
> Steven L Umbach wrote:
>> FTP permissions work in conjunction with ntfs permissions to restrict
> or
>> allow users or groups access with the most restrictive of the two
>> permissions applying. In other words if your FTP site is set to read
> only
>> and a user has write access to a folder, they will not be able to
> write to
>> the folder. When configuring permissions make sure that only the
> specific
>> groups you want to have access are included in the permissions with
> the
>> proper permissions. Do not have everyone or users included for
> instance if
>> you want to restrict a folder to specific groups. If possible, have
> your ftp
>> folders on a different drive partition other than the system drive.
> Do not
>> enable anonymous access unless you want to allow anyone to access
> your ftp
>> server. Keep in mind that for FTP authentication that user
> credentials are
>> sent in clear text. The link below may help. --- Steve
>>
>>
> http://www.microsoft.com/technet/prodtechnol/WindowsSer...
>>
>> <paulsmith5@hotmail.com> wrote in message
>> news:1113994210.763305.174270@l41g2000cwc.googlegroups.com...
>> > Hi,
>> >
>> > I wish to set up FTP so that a group of users have access to a
> specific
>> > location within my overall FTP site. Lets suppose that I have a
>> > directory on my pc called App1 and I have created a new virtual
>> > directory in my default FTP site that maps to it (therefore to
> access
>> > it I would navigate to ftp://ipaddress/app1). Now consider the user
>> > group - call it App1FTPUsers. Every member of App1FTPUsers should
> be
>> > required to login and have read only rights - i.e. they should only
> be
>> > allowed download files and browse certain folders. Individual
> members
>> > of App1FTPUsers should only be able to access specific folders, for
>> > example User1 should only be able to access a directory within App1
>> > called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should
> only be
>> > able to access a directory within App1 called User2 (e.g.
>> > ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should
> be
>> > able to access anywhere outside of ftp://ipaddress/app1.
> Furthermore, I
>> > would like to retain the ability for certain other users ouside of
> the
>> > App1FTPUsers group (e.g. the local administrator etc.) to write to
> the
>> > directories involved.
>> >
>> > Please could somebody help me with the steps I should take to
> achieve
>> > this. I have set up the ftp virtual directory but have done nothing
>> > about the security settings i.e. currently the App1FTPUsers group
> does
>> > not exist, I have Allow Anonymous Connections set to true for my
> FTP
>> > site, my FTP home directory has Read and Log Visits checkboxes
> checked
>> > - Write is unchecked. Everyone has full control on all the folders
> that
>> > are mapped to in ftp://ipaddress/app1. I am using Windows 2000 and
> IIS
>> > 6.0. The FTP server is not a domain controller.
>> >
>> > Thanks,
>> >
>> > Paul
>> >
>
!