?
Solved

I'm new to Windows Server 2003  --  User / FTP issues

Posted on 2006-05-09
2
Medium Priority
?
155 Views
Last Modified: 2010-04-18
My goals:

- Host a website from a static IP.
- Allow File Transfer for webmasters (FTP I guess)
- Remote Desktop for administration

So far, I have the website setup, and remote desktop setup.

However, I'm having issues setting up users. I want to have 2 users who can access only particular FTP resources.

Do I need to setup Active Directory stuff? I have no idea what this is.

Do I need a domain controller? Again, I have no idea what this is. My website acts as a DNS server... is this the same thing?

What do I need to do to have 2 restricted accounts which can log in via FTP? Is FTP a bad option? Too Unsecure? They will be logging in from the internet, not internally.

Thanks

0
Comment
Question by:oxygen_728
2 Comments
 
LVL 3

Accepted Solution

by:
M0b1us earned 800 total points
ID: 16645905
u will need a firewall to do that which allow to connect to FTP
if you only have a couple of user which permited to ftp then u can use windows firewall in control panel simply put allow port 21 then blok all other port with administrator user
dont want to use windows firewall? then u can use TCP/IP Filtering you can find in <LAN card> -> properties -> Internet Protocol (TCP/IP) -> advanced -> options -> then choose TCP/Ip Filtering (properties)

if you have a big scale to do that u will need a powerfull firewall such as isa server 2000,2004 (2006 will release soon still in beta version)

Active Directory (AD) is different with firewall
AD will manage whole your company user and account with organize privalages. lets says u can make some of group can shutdown the computer but else cannot , user can logon within work hour and logoff with specific time and more things can be done with this active directory http://www.microsoft.com/windowsserver2003/technologies/activedirectory/default.mspx

hope this help

M0b1us
0
 
LVL 19

Assisted Solution

by:feptias
feptias earned 1200 total points
ID: 16646249
One of the options in the IIS6 FTP server called 'user isolation mode' is really useful for setting up independent user login accounts where you can control what each user is able to see. User isolation mode can be integrated with AD or it can use local user accounts (I think the latter is the easier):
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b63de8ef-e3c5-456d-a8ca-7af4198819d4.mspx?mfr=true

Regarding AD and Domain Controller(DC): You cannot have local user accounts on a DC and you don't need AD to do what you want so I would recommend keeping it simple and not having AD+DC.

Security is definitely a potential problem and you must use a firewall and have strong passwords for the FTP users who have write access. Use Windows folder security access settings to restrict write access, especially for the user called "Internet Guest Account". You can completely disable anonymous access to the FTP site in the FTP settings provided you don't want Jo Public to be downloading files from your FTP site. Switch on logging for the FTP site and check the log files regularly - my logs show just how often my sites come under attack - its a lot!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question