Setting up FTP site in Windows 2000

Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

Hi,

I wish to set up FTP so that a group of users have access to a specific
location within my overall FTP site. Lets suppose that I have a
directory on my pc called App1 and I have created a new virtual
directory in my default FTP site that maps to it (therefore to access
it I would navigate to ftp://ipaddress/app1). Now consider the user
group - call it App1FTPUsers. Every member of App1FTPUsers should be
required to login and have read only rights - i.e. they should only be
allowed download files and browse certain folders. Individual members
of App1FTPUsers should only be able to access specific folders, for
example User1 should only be able to access a directory within App1
called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should only be
able to access a directory within App1 called User2 (e.g.
ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should be
able to access anywhere outside of ftp://ipaddress/app1. Furthermore, I
would like to retain the ability for certain other users ouside of the
App1FTPUsers group (e.g. the local administrator etc.) to write to the
directories involved.

Please could somebody help me with the steps I should take to achieve
this. I have set up the ftp virtual directory but have done nothing
about the security settings i.e. currently the App1FTPUsers group does
not exist, I have Allow Anonymous Connections set to true for my FTP
site, my FTP home directory has Read and Log Visits checkboxes checked
- Write is unchecked. Everyone has full control on all the folders that
are mapped to in ftp://ipaddress/app1. I am using Windows 2000 and IIS
6.0. The FTP server is not a domain controller.

Thanks,

Paul
5 answers Last reply
More about setting site windows 2000
  1. Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

    FTP permissions work in conjunction with ntfs permissions to restrict or
    allow users or groups access with the most restrictive of the two
    permissions applying. In other words if your FTP site is set to read only
    and a user has write access to a folder, they will not be able to write to
    the folder. When configuring permissions make sure that only the specific
    groups you want to have access are included in the permissions with the
    proper permissions. Do not have everyone or users included for instance if
    you want to restrict a folder to specific groups. If possible, have your ftp
    folders on a different drive partition other than the system drive. Do not
    enable anonymous access unless you want to allow anyone to access your ftp
    server. Keep in mind that for FTP authentication that user credentials are
    sent in clear text. The link below may help. --- Steve

    http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/31c2427c-c0a5-49fa-9e03-823f34fba3e8.mspx

    <paulsmith5@hotmail.com> wrote in message
    news:1113994210.763305.174270@l41g2000cwc.googlegroups.com...
    > Hi,
    >
    > I wish to set up FTP so that a group of users have access to a specific
    > location within my overall FTP site. Lets suppose that I have a
    > directory on my pc called App1 and I have created a new virtual
    > directory in my default FTP site that maps to it (therefore to access
    > it I would navigate to ftp://ipaddress/app1). Now consider the user
    > group - call it App1FTPUsers. Every member of App1FTPUsers should be
    > required to login and have read only rights - i.e. they should only be
    > allowed download files and browse certain folders. Individual members
    > of App1FTPUsers should only be able to access specific folders, for
    > example User1 should only be able to access a directory within App1
    > called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should only be
    > able to access a directory within App1 called User2 (e.g.
    > ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should be
    > able to access anywhere outside of ftp://ipaddress/app1. Furthermore, I
    > would like to retain the ability for certain other users ouside of the
    > App1FTPUsers group (e.g. the local administrator etc.) to write to the
    > directories involved.
    >
    > Please could somebody help me with the steps I should take to achieve
    > this. I have set up the ftp virtual directory but have done nothing
    > about the security settings i.e. currently the App1FTPUsers group does
    > not exist, I have Allow Anonymous Connections set to true for my FTP
    > site, my FTP home directory has Read and Log Visits checkboxes checked
    > - Write is unchecked. Everyone has full control on all the folders that
    > are mapped to in ftp://ipaddress/app1. I am using Windows 2000 and IIS
    > 6.0. The FTP server is not a domain controller.
    >
    > Thanks,
    >
    > Paul
    >
  2. Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

    On 20 Apr 2005 03:50:10 -0700, paulsmith5@hotmail.com wrote:

    >Hi,
    >
    >I wish to set up FTP so that a group of users have access to a specific
    >location within my overall FTP site. Lets suppose that I have a
    >directory on my pc called App1 and I have created a new virtual
    >directory in my default FTP site that maps to it (therefore to access
    >it I would navigate to ftp://ipaddress/app1). Now consider the user
    >group - call it App1FTPUsers. Every member of App1FTPUsers should be
    >required to login and have read only rights - i.e. they should only be
    >allowed download files and browse certain folders. Individual members
    >of App1FTPUsers should only be able to access specific folders, for
    >example User1 should only be able to access a directory within App1
    >called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should only be
    >able to access a directory within App1 called User2 (e.g.
    >ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should be
    >able to access anywhere outside of ftp://ipaddress/app1. Furthermore, I
    >would like to retain the ability for certain other users ouside of the
    >App1FTPUsers group (e.g. the local administrator etc.) to write to the
    >directories involved.
    >
    >Please could somebody help me with the steps I should take to achieve
    >this. I have set up the ftp virtual directory but have done nothing
    >about the security settings i.e. currently the App1FTPUsers group does
    >not exist,

    So create the group and add whatever users get access to this section
    to the group.

    >I have Allow Anonymous Connections set to true for my FTP
    >site

    Remove anonymous access.

    >my FTP home directory has Read and Log Visits checkboxes checked
    >- Write is unchecked. Everyone has full control on all the folders that
    >are mapped to in ftp://ipaddress/app1.

    Remove the Everyone group from the folder permissions. Assign only
    the rights specifically needed, in this case Read for the App1FTPUsers
    group. Probably want full permissions for admins as well. These are
    NTFS file/folder permissions, not in the MMC for the FTP site.

    > I am using Windows 2000 and IIS
    >6.0.

    No you're not. W2K has IIS5, IIS6 comes with Server 2003.

    >The FTP server is not a domain controller.

    Doesn't need to be.

    Also see:

    HOW TO: Set Up an FTP Server in Windows 2000
    http://support.microsoft.com/?id=300662

    How To Set Up an FTP Site So That Users Log Onto Their Folders:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;201771

    HOW TO: Create a Secure FTP Directory that Uses Password
    Authentication:
    http://support.microsoft.com/?id=239120

    Jeff
  3. Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

    Hi Steven,

    Thanks for the help. Got it sorted.

    Paul

    Steven L Umbach wrote:
    > FTP permissions work in conjunction with ntfs permissions to restrict
    or
    > allow users or groups access with the most restrictive of the two
    > permissions applying. In other words if your FTP site is set to read
    only
    > and a user has write access to a folder, they will not be able to
    write to
    > the folder. When configuring permissions make sure that only the
    specific
    > groups you want to have access are included in the permissions with
    the
    > proper permissions. Do not have everyone or users included for
    instance if
    > you want to restrict a folder to specific groups. If possible, have
    your ftp
    > folders on a different drive partition other than the system drive.
    Do not
    > enable anonymous access unless you want to allow anyone to access
    your ftp
    > server. Keep in mind that for FTP authentication that user
    credentials are
    > sent in clear text. The link below may help. --- Steve
    >
    >
    http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/31c2427c-c0a5-49fa-9e03-823f34fba3e8.mspx
    >
    > <paulsmith5@hotmail.com> wrote in message
    > news:1113994210.763305.174270@l41g2000cwc.googlegroups.com...
    > > Hi,
    > >
    > > I wish to set up FTP so that a group of users have access to a
    specific
    > > location within my overall FTP site. Lets suppose that I have a
    > > directory on my pc called App1 and I have created a new virtual
    > > directory in my default FTP site that maps to it (therefore to
    access
    > > it I would navigate to ftp://ipaddress/app1). Now consider the user
    > > group - call it App1FTPUsers. Every member of App1FTPUsers should
    be
    > > required to login and have read only rights - i.e. they should only
    be
    > > allowed download files and browse certain folders. Individual
    members
    > > of App1FTPUsers should only be able to access specific folders, for
    > > example User1 should only be able to access a directory within App1
    > > called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should
    only be
    > > able to access a directory within App1 called User2 (e.g.
    > > ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should
    be
    > > able to access anywhere outside of ftp://ipaddress/app1.
    Furthermore, I
    > > would like to retain the ability for certain other users ouside of
    the
    > > App1FTPUsers group (e.g. the local administrator etc.) to write to
    the
    > > directories involved.
    > >
    > > Please could somebody help me with the steps I should take to
    achieve
    > > this. I have set up the ftp virtual directory but have done nothing
    > > about the security settings i.e. currently the App1FTPUsers group
    does
    > > not exist, I have Allow Anonymous Connections set to true for my
    FTP
    > > site, my FTP home directory has Read and Log Visits checkboxes
    checked
    > > - Write is unchecked. Everyone has full control on all the folders
    that
    > > are mapped to in ftp://ipaddress/app1. I am using Windows 2000 and
    IIS
    > > 6.0. The FTP server is not a domain controller.
    > >
    > > Thanks,
    > >
    > > Paul
    > >
  4. Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

    Hi Jeff,

    Thanks for the help and links. Got it sorted.

    Paul
  5. Archived from groups: comp.os.ms-windows.nt.admin.security,microsoft.public.win2000.security (More info?)

    Your welcome. Glad you are good to go now. --- Steve

    <paulsmith5@hotmail.com> wrote in message
    news:1114167273.051905.253400@f14g2000cwb.googlegroups.com...
    > Hi Steven,
    >
    > Thanks for the help. Got it sorted.
    >
    > Paul
    >
    > Steven L Umbach wrote:
    >> FTP permissions work in conjunction with ntfs permissions to restrict
    > or
    >> allow users or groups access with the most restrictive of the two
    >> permissions applying. In other words if your FTP site is set to read
    > only
    >> and a user has write access to a folder, they will not be able to
    > write to
    >> the folder. When configuring permissions make sure that only the
    > specific
    >> groups you want to have access are included in the permissions with
    > the
    >> proper permissions. Do not have everyone or users included for
    > instance if
    >> you want to restrict a folder to specific groups. If possible, have
    > your ftp
    >> folders on a different drive partition other than the system drive.
    > Do not
    >> enable anonymous access unless you want to allow anyone to access
    > your ftp
    >> server. Keep in mind that for FTP authentication that user
    > credentials are
    >> sent in clear text. The link below may help. --- Steve
    >>
    >>
    > http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/31c2427c-c0a5-49fa-9e03-823f34fba3e8.mspx
    >>
    >> <paulsmith5@hotmail.com> wrote in message
    >> news:1113994210.763305.174270@l41g2000cwc.googlegroups.com...
    >> > Hi,
    >> >
    >> > I wish to set up FTP so that a group of users have access to a
    > specific
    >> > location within my overall FTP site. Lets suppose that I have a
    >> > directory on my pc called App1 and I have created a new virtual
    >> > directory in my default FTP site that maps to it (therefore to
    > access
    >> > it I would navigate to ftp://ipaddress/app1). Now consider the user
    >> > group - call it App1FTPUsers. Every member of App1FTPUsers should
    > be
    >> > required to login and have read only rights - i.e. they should only
    > be
    >> > allowed download files and browse certain folders. Individual
    > members
    >> > of App1FTPUsers should only be able to access specific folders, for
    >> > example User1 should only be able to access a directory within App1
    >> > called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should
    > only be
    >> > able to access a directory within App1 called User2 (e.g.
    >> > ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should
    > be
    >> > able to access anywhere outside of ftp://ipaddress/app1.
    > Furthermore, I
    >> > would like to retain the ability for certain other users ouside of
    > the
    >> > App1FTPUsers group (e.g. the local administrator etc.) to write to
    > the
    >> > directories involved.
    >> >
    >> > Please could somebody help me with the steps I should take to
    > achieve
    >> > this. I have set up the ftp virtual directory but have done nothing
    >> > about the security settings i.e. currently the App1FTPUsers group
    > does
    >> > not exist, I have Allow Anonymous Connections set to true for my
    > FTP
    >> > site, my FTP home directory has Read and Log Visits checkboxes
    > checked
    >> > - Write is unchecked. Everyone has full control on all the folders
    > that
    >> > are mapped to in ftp://ipaddress/app1. I am using Windows 2000 and
    > IIS
    >> > 6.0. The FTP server is not a domain controller.
    >> >
    >> > Thanks,
    >> >
    >> > Paul
    >> >
    >
Ask a new question

Read More

FTP Security IP Address Windows