Question

setup web based file access - file security must be based on active directory

Asked by: Zoldy2000

I have been through a million FTP utilities but can not find the right fit.   I want to give users access to there files through the web... the files are on a windows 2003 server share...  I dont want to have to install a client and both logon and security must be based on active directory

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-08-04 at 09:15:06ID24625253
Topic

WebApplications

Participating Experts
3
Points
500
Comments
31

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Running Multiple Logon Scripts in Profile Tab of Active Direc…
    I have one main batch script that I run using Active Directory, Profiles Tab: 'N.bat' There is a user or two in the group that needs one more directory mapped and I don't want it affecting everyone else in that group policy. Can I add multiple scripts in the logon script fi...
  2. FTP logon issues
    Ok here goes, I have a brand new Windows 2003 Web server. I have the FTP service installed, I have opened port 313 open on the firewall and the windows firewall on the server. I have for a test let anonymous users to access this site as I haven't been able to connect. Th...
  3. Active directory and Debain
    Hello, Is there any way to mach Windows 2003 active directory to debian. I mean i want to create user in debian but password is reading from active directory. Thanks

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: lamaslanyPosted on 2009-08-04 at 09:27:38ID: 25015459

?  

What is the matter with FTP in IIS 6.0?  This requires no special FTP client and supports authentication via Active Directory.

 

by: gtworekPosted on 2009-08-04 at 09:28:40ID: 25015474

 

by: Zoldy2000Posted on 2009-08-04 at 09:31:25ID: 25015522

share point is way more than we require but thank you for the suggestion ... as far as FTP in IIS the problem is the interface.   I would need an FTP client or just use the browser built in funtions...   I also dont think this is very secure...

 

by: gtworekPosted on 2009-08-04 at 09:38:02ID: 25015585

WSS is slightly simpler than "full" sharepoint and it's free. It may be the best option in many cases.

 

by: Zoldy2000Posted on 2009-08-04 at 09:38:47ID: 25015590

Oh I see i will check it out then and get back to you thanks

 

by: lamaslanyPosted on 2009-08-04 at 09:43:00ID: 25015635

... as far as FTP in IIS the problem is the interface. I would need an FTP client or just use the browser built in funtions...

If you add the ftp site as a network place it just appears to be a folder location in Windows Explorer - just as if you were using a network drive.  You can manipulate files as you would normally within Windows Explorer.

I also dont think this is very secure...

FTP isn't secure I agree.  Personally I would never use it.  I would have steered you away from it but for the fact you seemed keen on FTP.

My recommended solution would be WebDAV.  Secured over HTTPS and added as a network place (or even mapped to a drive letter if you are using Vista)

 

by: Zoldy2000Posted on 2009-08-04 at 09:47:39ID: 25015685

thank you ...I looked at webDAV already and was not able to figure it out.   i found it very confusing...

 

by: LBizzlePosted on 2009-08-04 at 10:30:33ID: 25016088

Do you use a Firewall? Place the FTP server in the DMZ and use local accounts instead of AD for security. You cannot have a secure IIS FTP server that is Internet facing and open to the internal network; not very secure is a huge understatement.

 

by: Zoldy2000Posted on 2009-08-04 at 10:35:14ID: 25016127

Just to be clear I do not want to use FTP it is just all I could find.   I am trying to figure out webDAV but can not.   And the WSS appears just to be a trial....

as stated above I require the use of AD for file security in this case it is a must.  that's why I am having so much trouble finding something.   which is why I posted this in the first place...  

 

by: gtworekPosted on 2009-08-04 at 11:14:54ID: 25016511

WSS is not a trial. It's a part of Windows 2003 server and is included in the OS price.

 

by: lamaslanyPosted on 2009-08-04 at 13:30:52ID: 25017835

IIS 6.0 with WebDAV extensions installed will allow WebDAV clients, such as Windows Explorer, to access the folders as if they were normal folders.  It is fully integrated with AD allowing you to set WebDAV permissions on the virtual directory in IIS and it honours NTFS and Share level permissions.

What part of WebDAV are you having problems with?

WSS (Windows SharePoint Services and *not* Office SharePoint Server) is free for Windows Server 2003.

 

by: Zoldy2000Posted on 2009-08-05 at 04:53:31ID: 25022299

when I did a search for WebDAV I found the information confusing.   I did not realize it was an extension of IIS.    Can this be made reasonably secure?   Perhaps you can link me to a setup guide for this?

Thanks

 

by: lamaslanyPosted on 2009-08-05 at 05:00:52ID: 25022364

* Install teh WebDAV component
* Enable WebDAV in the Web Service Extensions section in IIS Manager
* Create a virtual directory pointing to the file share share you want to publish leaving the 'Always use the authenticated user's credentials...' ticked and allowing Read, Write and Browse

You're done.

If you plan to use this offsite I'd recommend using Basic Authentication and use a certificate to encrypt the authentication and data.

 

by: Zoldy2000Posted on 2009-08-05 at 05:06:58ID: 25022406

Okay so before I start would you say for security and easy of use and setup you would go this way or with sharepoint services?   I downloaded this as well and was going to try it out.

 

by: Zoldy2000Posted on 2009-08-05 at 05:14:39ID: 25022459

Okay I followed the above directions.   When I try to access the virtual directory it prompts me for a username and password.   I enter a valid account and it just prompts for it over and over..

 

by: lamaslanyPosted on 2009-08-05 at 05:27:14ID: 25022557

Are you using basic authentication?  If not there are additional steps (but I've not done it myself).

Can you confirm that your account has access to the local/remote share (the path your virtual directory is pointing at) from the web server?  

 

by: Zoldy2000Posted on 2009-08-05 at 05:29:48ID: 25022576

I got it working now...   Just for testing I am doing it without HTTPS...   The interface is okay but a bit crude... anyway to dress it up a bit...?   For example if I dont have access to a particular folder I get a username and password prompt rather than access denied.  

Thanks again...   I am looking at sharepoint as well.

 

by: lamaslanyPosted on 2009-08-05 at 06:51:50ID: 25023428

"The interface is okay but a bit crude... anyway to dress it up a bit...?"

How are you trying to access it now?  Have you tried accessing it as a network place/mapped drive?  It should use the Windows Explorer interface.

"For example if I dont have access to a particular folder I get a username and password prompt rather than access denied."

Use Access Based Enumeration.  This will hide the files and folders that the user is not allowed to access.  You will need to use a UNC path however (use \\localhost if the files are stored on the local server).

 

by: Zoldy2000Posted on 2009-08-05 at 07:19:13ID: 25023707

Sorry I am not clear on what you are saying since I want it for remote users I am using internet explorer and using the web address...     using access based enumeration...  not sure what that is but will look into that

 

by: lamaslanyPosted on 2009-08-05 at 07:25:39ID: 25023793

Windows has a WebClient service that Windows Explorer uses to redirect calls to a WebDAV location.  In essense it allows you to open files and folders published via WebDAV using Windows Explorer.

PS:  What version of Internet Explorer are you using?  I am not sure about IE8 but I seem to recall if you opened a WebDAV location in Internet Explorer using File > Open in IE you could tick a box to open it as a folder.


http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en

Are you running Windows 2003 R2?  If so I don't think you need to download it seperately.

You might also find the following useful:  http://www.windowsnetworking.com/articles_tutorials/Implementing-Access-Based-Enumeration-Windows-Server-2003.html

 

by: Zoldy2000Posted on 2009-08-05 at 08:16:10ID: 25024398

it seems i have trouble with everything I try...   the ABE does not work on the server hosting the shares.   It is a windows 2003 storage server.   I tried all three versions availble.   I ether get wrong version of windows error... or wrong processor.  

 

by: lamaslanyPosted on 2009-08-05 at 08:21:40ID: 25024479

"It is a windows 2003 storage server"

This suggests it should work:  http://blogs.technet.com/windowsserver/archive/2006/01/23/417948.aspx

Are you sure it is not already installed?

Are you running 32-bit or 64-bit Windows?

 

by: Zoldy2000Posted on 2009-08-05 at 08:22:36ID: 25024497

Yes I read that article but it does not install... it is 64bit

 

by: lamaslanyPosted on 2009-08-05 at 08:39:57ID: 25024696

To confirm:  Are you running Windows Storage Server 2003 R2?

 

by: Zoldy2000Posted on 2009-08-05 at 08:43:19ID: 25024740

yes that is correct...    

 

by: lamaslanyPosted on 2009-08-05 at 08:46:14ID: 25024779

Then ABE should already be installed.

 

by: Zoldy2000Posted on 2009-08-05 at 09:46:53ID: 25025372

That may be the case but it does not do what it is supposed to do then.  Unless it has to be enabled on the share but I do not see anything on this.

 

by: Zoldy2000Posted on 2009-08-05 at 09:48:34ID: 25025392

according to what I read it is not installed or there would be a new tab available to me under properties of a folder

 

by: Zoldy2000Posted on 2009-08-05 at 09:55:12ID: 25025458

I just found it.   I needed to download the one listed as amd 64 bit... even though it is intel ... weird but worked.

 

by: Zoldy2000Posted on 2009-08-05 at 10:02:51ID: 25025542

Okay now I am getting some where this works great...   I need to see if I can figure out SSL...  then try to figure out the interface settings.   I see no check box to view as folder.

Thanks

 

by: lamaslanyPosted on 2009-08-05 at 10:40:42ID: 25026002

Must have been IE 6 that I am thinking of then...

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...