I have created a FTP to point to a website so that a user can update the website through FTP. It works, but want to make sure if I set up properly.
Windows 2003 SP2
1. Default FTP was not there, so I created it pointing to c:\inetpub\ftproot with Read and Log visits checked. No user isolation selected. IP address 'Unassigned' selected.
2. Then I created a virtual directory 'example.com' pointing to the folder where the website www.example.com
files are. I gave Read,Write, and Log visits permission on the virtual directory.
3. I created a FTP local user account and gave 'Modify' NT user rights to the website folder for the user.
This setting works, what else can I do to tighten security?
Also, is it possible to run two FTP sites, one with user isolation with AD and the above FTP with 'Unassigned IP Address'? The webserver has single NAT IP address set up in router to public.