Re: Secure FTP site

From: joel (jmerritt@roh-inc.com)
Date: 02/20/03

Next message: Tasha: "Problem redirecting"
Previous message: Jimmy Face: "Re: Secure FTP site"
In reply to: Jimmy Face: "Re: Secure FTP site"
Next in thread: Karl Levinson [x y] mvp: "Re: Secure FTP site"
Reply: Karl Levinson [x y] mvp: "Re: Secure FTP site"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "joel" <jmerritt@roh-inc.com>
Date: Thu, 20 Feb 2003 12:50:18 -0800

I created a group that has log on locally rights, and I
used a new user that is a member of this group. From the
cmd line ftp I can access this ftp site fine. When I try
to access the site from IE 6.0 I log on using the same
user and I get access denied, what did I miss?

>-----Original Message-----
>Here's the exact process I needed:
>
>If you want to prevent anonymous access to the site,
clear the option Allow
>Anonymous Connections. Users must then provide a valid
local account with
>the necessary rights to log onto the FTP site (explained
shortly).
>
> Tip Although you could change the account that the
FTP service uses
>for anonymous logon, I don't recommend it. Leave the
default IUSR account in
>place and allow IIS to control the password (through the
option of the same
>name).
>
>
>For remote users to connect to the FTP service, the
account they provide
>must have the right to log on locally. Setup grants the
IUSR account this
>right when you install IIS. You need to grant this right
to any other
>accounts that are authorized to use the FTP service. You
could assign the
>right on a per-user basis, but I recommend you create a
local group named
>ftp-users (or something similar), grant this group the
right to log on
>locally, and then add accounts to the group as needed.
>
>To create the FTP group, open the Computer Management
console and expand the
>Local Users and Groups branch. Right-click the Groups
node and choose New
>Group to open the New Group dialog box. Specify the group
name and then
>click Add to add local accounts to the group. After
populating the group,
>click Create, then close the dialog box.
>
>After you create and populate the group, you need to
grant it the right to
>log on locally as I mentioned before. Open the Local
Security Policy from
>the Administrative Tools folder. Expand the branch
\Security Settings\Local
>Policies\User Rights Assignment, and then double-click
the Log On Locally
>right to display the Log On Locally Properties dialog
box. Click Add User Or
>Group, enter the name of the group you just created, and
click OK. If you
>want to browse for the group, click Object Types, place a
check beside
>Groups, and click OK. Click Advanced and search for the
recently created FTP
>users group, then close the dialog box and the policy
editor.
>
>Now it's time to test the FTP service. You don't need to
log on from another
>computer. Just open a command console and type ftp
localhost. Or enter ftp
>and, at the ftp> prompt, type open localhost. Enter the
necessary account
>credentials when prompted. If the logon fails, verify the
account
>credentials and check that the account is included in the
local ftp-users
>group. Also check the methods you've allowed for
authentication on the FTP
>server, then try again.
>
>JimmyFace.
>
>"Joel" <jmerritt@roh-inc.com> wrote in message
>news:011e01c2d90a$941464a0$a101280a@phx.gbl...
>> I setup a secure FTP folder, I can access this site from
>> the command line ftp, I am able to enter in my user name
>> and password and then I can view the contents of the
>> folder. When I try to access the folder in a web
browser
>> using the same user name and password I get access
denied,
>> I have been able to access the site using the server
>> administrator account but that does me no good. Any
ideas?
>
>
>.
>

Next message: Tasha: "Problem redirecting"
Previous message: Jimmy Face: "Re: Secure FTP site"
In reply to: Jimmy Face: "Re: Secure FTP site"
Next in thread: Karl Levinson [x y] mvp: "Re: Secure FTP site"
Reply: Karl Levinson [x y] mvp: "Re: Secure FTP site"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: FTP Accounts
... Create the new account, give them NTFS access to the ftproot folder and any ... when they first logon to the FTP server. ... | Content-Class: urn:content-classes:message ...
(microsoft.public.inetserver.iis.security)
Separate Anonymous Access User to prevent FTP browsing?
... I have several virtual webs running in the same FTP root folder. ... With this setup, a user can authenticate with their FTP account, browse from ... - Point the WWW virtual web at that same folder. ...
(microsoft.public.inetserver.iis)
Re: Windows 2003 Error need help
... A 3rd party FTP may be more secure. ... First you would want to rename your AD administrator account to something else, then create an administrator account in the domain, but only leave it in the Guest group, then disable the account. ... Thn create a user account on ServU called "administrator" on ServU, leave the password blank, create ab empty folder, then configure the administrator user account you created to use this emtpy folder as its home folder, then configure permissions to only Read. ...
(microsoft.public.windows.server.networking)
Re: My FTP access is very unsecure - advice requested
... Do you have security set at the folder level for each user's folder? ... >> search random IP addresses for FTP servers that are open to abuse. ... >> because that account exists to allow anonymous logons to proceed. ... >> There are secure FTP servers available for even less than that - I'm ...
(microsoft.public.inetserver.iis.ftp)
Re: Folder permissions issue
... >>> FTP, because I connect as a different owner. ... You can give full access to the webserver as giving rights to it's ... folder and a couple config files for a new user. ... php scripts to be able to add,edit,delete anything in or below that ...
(alt.php)