• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 158
  • Last Modified:

I'm new to Windows Server 2003 -- User / FTP issues

My goals:

- Host a website from a static IP.
- Allow File Transfer for webmasters (FTP I guess)
- Remote Desktop for administration

So far, I have the website setup, and remote desktop setup.

However, I'm having issues setting up users. I want to have 2 users who can access only particular FTP resources.

Do I need to setup Active Directory stuff? I have no idea what this is.

Do I need a domain controller? Again, I have no idea what this is. My website acts as a DNS server... is this the same thing?

What do I need to do to have 2 restricted accounts which can log in via FTP? Is FTP a bad option? Too Unsecure? They will be logging in from the internet, not internally.


2 Solutions
u will need a firewall to do that which allow to connect to FTP
if you only have a couple of user which permited to ftp then u can use windows firewall in control panel simply put allow port 21 then blok all other port with administrator user
dont want to use windows firewall? then u can use TCP/IP Filtering you can find in <LAN card> -> properties -> Internet Protocol (TCP/IP) -> advanced -> options -> then choose TCP/Ip Filtering (properties)

if you have a big scale to do that u will need a powerfull firewall such as isa server 2000,2004 (2006 will release soon still in beta version)

Active Directory (AD) is different with firewall
AD will manage whole your company user and account with organize privalages. lets says u can make some of group can shutdown the computer but else cannot , user can logon within work hour and logoff with specific time and more things can be done with this active directory http://www.microsoft.com/windowsserver2003/technologies/activedirectory/default.mspx

hope this help

One of the options in the IIS6 FTP server called 'user isolation mode' is really useful for setting up independent user login accounts where you can control what each user is able to see. User isolation mode can be integrated with AD or it can use local user accounts (I think the latter is the easier):

Regarding AD and Domain Controller(DC): You cannot have local user accounts on a DC and you don't need AD to do what you want so I would recommend keeping it simple and not having AD+DC.

Security is definitely a potential problem and you must use a firewall and have strong passwords for the FTP users who have write access. Use Windows folder security access settings to restrict write access, especially for the user called "Internet Guest Account". You can completely disable anonymous access to the FTP site in the FTP settings provided you don't want Jo Public to be downloading files from your FTP site. Switch on logging for the FTP site and check the log files regularly - my logs show just how often my sites come under attack - its a lot!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now