Solved

Setup FTP user windows server 2008

Posted on 2015-02-21
3
374 Views
Last Modified: 2015-03-19
Hello ,

I have setup  my FTP on my windows server 2008.

I have created a user account to access this FTP, let's call it FTP_USER. Everything is working good.

How can I restrict this account FTP_USER to only be able to access the FTP and nothing else. I don't want this account to login to my server or anything else.

Thanks
0
Comment
Question by:arnololo123
3 Comments
 
LVL 9

Expert Comment

by:Benjamin MOREAU
ID: 40624598
I never use Microsoft FTP (personal choice), but I use the Free FTP Server "Filezilla server". With this solution, you can use accounts created on filezilla server and not on windows.

Maybe somebody have a solution to disable logon with windows account without to disable ftp access... but i don't know how to do that... (maybe with local security - GPEDIT.msc).
0
 

Author Comment

by:arnololo123
ID: 40673078
Thanks but this does not resolve my problem
0
 
LVL 28

Accepted Solution

by:
Bill Bach earned 500 total points
ID: 40676810
I would echo Benjamin's comments.  The Microsoft FTP server does have some issues, and I also use Filezilla to avoid these security issues, as well as provide for download and upload "speed limits" to prevent random people from impacting my Internet uplink performance.  You can see this if you do a web search for "free ftp server comparison" -- even though Microsoft's ftp service is free, it is RARELT (or NEVER) mentioned in any of these comparisons or reviews.

If your ONLY option was the Windows FTP service, then you should know that the Microsoft security is handled by exclusion, not inclusion.  In other words, rights are subtractive, not additive.  First, make sure that the user is NOT a member of any groups -- it should be a stand-alone account.  Then, you want to explicitly define NO rights for this user to the root of each volume.  Then, explicitly assign rights to the FTP folder(s) as needed.  By default, the user should not have the Log On Locally right, but you may wish to check this (in gpmc.msc) and exclude this right, too.  This will help prevent the login from being able to sign onto the server console itself, too.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now