Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Setup FTP user windows server 2008

Posted on 2015-02-21
3
Medium Priority
?
423 Views
Last Modified: 2015-03-19
Hello ,

I have setup  my FTP on my windows server 2008.

I have created a user account to access this FTP, let's call it FTP_USER. Everything is working good.

How can I restrict this account FTP_USER to only be able to access the FTP and nothing else. I don't want this account to login to my server or anything else.

Thanks
0
Comment
Question by:arnololo123
3 Comments
 
LVL 10

Expert Comment

by:Benjamin MOREAU
ID: 40624598
I never use Microsoft FTP (personal choice), but I use the Free FTP Server "Filezilla server". With this solution, you can use accounts created on filezilla server and not on windows.

Maybe somebody have a solution to disable logon with windows account without to disable ftp access... but i don't know how to do that... (maybe with local security - GPEDIT.msc).
0
 

Author Comment

by:arnololo123
ID: 40673078
Thanks but this does not resolve my problem
0
 
LVL 29

Accepted Solution

by:
Bill Bach earned 1500 total points
ID: 40676810
I would echo Benjamin's comments.  The Microsoft FTP server does have some issues, and I also use Filezilla to avoid these security issues, as well as provide for download and upload "speed limits" to prevent random people from impacting my Internet uplink performance.  You can see this if you do a web search for "free ftp server comparison" -- even though Microsoft's ftp service is free, it is RARELT (or NEVER) mentioned in any of these comparisons or reviews.

If your ONLY option was the Windows FTP service, then you should know that the Microsoft security is handled by exclusion, not inclusion.  In other words, rights are subtractive, not additive.  First, make sure that the user is NOT a member of any groups -- it should be a stand-alone account.  Then, you want to explicitly define NO rights for this user to the root of each volume.  Then, explicitly assign rights to the FTP folder(s) as needed.  By default, the user should not have the Log On Locally right, but you may wish to check this (in gpmc.msc) and exclude this right, too.  This will help prevent the login from being able to sign onto the server console itself, too.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question