ftp non-anonymous help - logon locally overriden by effective policy setting at domain level

From: Jeff Briar-Hill (jeff_briarhill_2000@yahoo.com)
Date: 05/16/02

• Next message: stephen: "401.3 Unauthorized: Logon Failed"
• Previous message: EveningStar: "Updated Summary of Microsoft Security Bulletins - MS02-023"
• Next in thread: x y: "Re: ftp non-anonymous help - logon locally overriden by effective policy setting at domain level"
• Reply: x y: "Re: ftp non-anonymous help - logon locally overriden by effective policy setting at domain level"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: jeff_briarhill_2000@yahoo.com (Jeff Briar-Hill)
Date: 15 May 2002 20:37:47 -0700

config: i have a two server configuration for a secure website using
iis5 on one and ad on the other server.

i would like to create an ftp site that is as secure as possible. to
accomplish this i created a local account on the webserver per this
instruction:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/iis/maintain/optimize/custom.asp

"To simplify administration of Windows 2000 accounts used for FTP
access,_our company created a local Windows 2000 group called FTP
Admins. We then granted this group the right to log on locally. As we
create new Windows 2000 accounts for nonanonymous FTP access, we add
each user account to this group. They now have appropriate rights, and
we can track all the FTP accounts as a single administrative entity. "

problem: the domain security policy overrides the local web server
policy for log-on locally. i have tried new group policy settings for
the domain that don't override or define the logon locally policy,
defining it locally and secedit /refreshpolicy... etc. all with no
luck. does anyone know how to allow a local policy to override the
effective setting from a domain controller?

help appreciated,

jeff

---

• Next message: stephen: "401.3 Unauthorized: Logon Failed"
• Previous message: EveningStar: "Updated Summary of Microsoft Security Bulletins - MS02-023"
• Next in thread: x y: "Re: ftp non-anonymous help - logon locally overriden by effective policy setting at domain level"
• Reply: x y: "Re: ftp non-anonymous help - logon locally overriden by effective policy setting at domain level"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Which Server 03 best suits my needs? ... your FTP server is also domain controller. ... do steps 2 and 3 in Default Domain controller policy. ... (microsoft.public.windows.server.setup) POP3 Connector and Exchange Server 2003 ... Server Management -> Users (Active Directory). ... >should update the accounts> YES. ... >policy, each user account property has the .local email ... (microsoft.public.windows.server.sbs) Re: GnuPG on unix- one pair of keys per server or per account ... Or only build one key ring for all the user accounts? ... > mean all the accounts use the same key pair. ... > ftp their files to different servers. ... You are securing an FTP server by using encryption .. ... (comp.os.linux.security) Prevent Domain user logon to FTP? ... I need to be able to restrict what accounts can logon to the FTP server ... The file transfer service (runs on FTP1 and some of our other ... (microsoft.public.inetserver.iis.ftp) user still has access when account disabled ... a server has IP filtering for FTP purposes. ... the 2 accounts used for FTP are ... Checking security settings, ... (microsoft.public.inetserver.iis.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)