I'm new to Windows Server 2003  --  User / FTP issues

Posted on 2006-05-09
Last Modified: 2010-04-18
My goals:

- Host a website from a static IP.
- Allow File Transfer for webmasters (FTP I guess)
- Remote Desktop for administration

So far, I have the website setup, and remote desktop setup.

However, I'm having issues setting up users. I want to have 2 users who can access only particular FTP resources.

Do I need to setup Active Directory stuff? I have no idea what this is.

Do I need a domain controller? Again, I have no idea what this is. My website acts as a DNS server... is this the same thing?

What do I need to do to have 2 restricted accounts which can log in via FTP? Is FTP a bad option? Too Unsecure? They will be logging in from the internet, not internally.


Question by:oxygen_728
    LVL 3

    Accepted Solution

    u will need a firewall to do that which allow to connect to FTP
    if you only have a couple of user which permited to ftp then u can use windows firewall in control panel simply put allow port 21 then blok all other port with administrator user
    dont want to use windows firewall? then u can use TCP/IP Filtering you can find in <LAN card> -> properties -> Internet Protocol (TCP/IP) -> advanced -> options -> then choose TCP/Ip Filtering (properties)

    if you have a big scale to do that u will need a powerfull firewall such as isa server 2000,2004 (2006 will release soon still in beta version)

    Active Directory (AD) is different with firewall
    AD will manage whole your company user and account with organize privalages. lets says u can make some of group can shutdown the computer but else cannot , user can logon within work hour and logoff with specific time and more things can be done with this active directory

    hope this help

    LVL 19

    Assisted Solution

    One of the options in the IIS6 FTP server called 'user isolation mode' is really useful for setting up independent user login accounts where you can control what each user is able to see. User isolation mode can be integrated with AD or it can use local user accounts (I think the latter is the easier):

    Regarding AD and Domain Controller(DC): You cannot have local user accounts on a DC and you don't need AD to do what you want so I would recommend keeping it simple and not having AD+DC.

    Security is definitely a potential problem and you must use a firewall and have strong passwords for the FTP users who have write access. Use Windows folder security access settings to restrict write access, especially for the user called "Internet Guest Account". You can completely disable anonymous access to the FTP site in the FTP settings provided you don't want Jo Public to be downloading files from your FTP site. Switch on logging for the FTP site and check the log files regularly - my logs show just how often my sites come under attack - its a lot!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
    Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now