Re: Additional Restrictions - option
From: BB (Bernard_at_3exp.com)
Date: 04/13/03
- Next message: Arnaldo Neto: "How do I configure SSL in the Intranet unless solicity certify"
- Previous message: jim c: "IIS Lock down tool configuration"
- In reply to: bimosekin: "Re: Additional Restrictions - option"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "BB" <Bernard_at_3exp.com> Date: Sun, 13 Apr 2003 18:56:13 +0800
You need to configure the permission as specify in this kb.
say in the ftp root and the user folder.
Your virtual directory name must be the same as username,
but the physical one can be different.
say -> userA -> c:\directoryA
-- Regards, Bernard Cheah http://support.microsoft.com/ "bimosekin" <bimosekin@hotmail.com> wrote in message news:057e01c300f6$66c09dc0$a101280a@phx.gbl... > This KB cannot be of help since it requires users' > directories to be created under ftp root directory. In my > case, I want the users directories to be separated > entirely from the anonymous ftp-root directory. > > Regards, > bimosekin > > >-----Original Message----- > >No luck with this kb ? > >How To Set Up an FTP Site So That Users Log Onto Their > Folders > >http://support.microsoft.com/?id=201771 > > > > > > > >-- > >Regards, > >Bernard Cheah > >http://support.microsoft.com/ > > > > > >"bimosekin" <bimosekin@hotmail.com> wrote in message > >news:060601c30022$c3408760$a301280a@phx.gbl... > >> Fine, lets go by your definition > >> userA >> c:\userA > >> userB >> c:\userB > >> etc. > >> > >> How do I configure it so that the user goes directly to > >> their respective folder at logon? > >> > >> bimosekin > >> > >> >-----Original Message----- > >> >directoryA or userA ? > >> >userA >> c:\userA > >> > > >> >try again ... > >> > > >> >-- > >> >Regards, > >> >Bernard Cheah > >> >http://support.microsoft.com/ > >> > > >> > > >> >"bimosekin" <bimosekin@hotmail.com> wrote in message > >> >news:00d001c30002$c119e460$3001280a@phx.gbl... > >> >> The home directories will be inform of: > >> >> > >> >> userA >> c:\directoryA > >> >> userB >> c:\directoryB > >> >> userC >> c:\directoryC > >> >> anonymous >> c:\inetput\ftproot > >> >> > >> >> Users A - C have their respective virtual directories > >> >> configured under the default FTP Site. What happen > at > >> >> present is when they use "ftp.exe", it goes straight > to > >> >> the c:\inetpub\ftproot. I woull like this to go to > >> >> respective directory depending on which user login. > >> >> > >> >> Regards, > >> >> bimosekin > >> >> > >> >> >-----Original Message----- > >> >> >Where do the user be place then ? > >> >> >ftproot ? any error msgs ? > >> >> > > >> >> >is the ftproot permission same as the > >> >> >physical folder redirect root folder ? > >> >> > > >> >> > > >> >> >-- > >> >> >Regards, > >> >> >Bernard Cheah > >> >> >http://support.microsoft.com/ > >> >> > > >> >> > > >> >> >"bimosekin" <bimosekin@hotmail.com> wrote in message > >> >> >news:059301c2ff64$56d11270$a501280a@phx.gbl... > >> >> >> BB, > >> >> >> > >> >> >> coming back on this subject. How can I configure > >> >> >> different directory entry point on user's basis. > I > >> >> have > >> >> >> already created different virtual directories and > >> >> >> respective users having NTFS permission. so I will > >> like > >> >> >> their login to go to their respective directory in > >> case > >> >> >> they did not indicate any at login, especially > when > >> >> they > >> >> >> are using ftp.exe client. > >> >> >> > >> >> >> bimosekin > >> >> >> > >> >> >> >-----Original Message----- > >> >> >> >My guess the default-ftp directory serve as > >> >> >> >the entry point.. > >> >> >> > > >> >> >> >filemon will show you this as well. > >> >> >> > > >> >> >> > > >> >> >> >-- > >> >> >> >Regards, > >> >> >> >Bernard Cheah > >> >> >> >http://support.microsoft.com/ > >> >> >> > > >> >> >> > > >> >> >> >"bimosekin" <bimosekin@hotmail.com> wrote in > >> message > >> >> >> >news:000201c2fa03$b0bdf480$a401280a@phx.gbl... > >> >> >> >> Thanks, I will try this to really get the > glimps > >> of > >> >> >> >> filemon. However, I have located the problem. > >> The > >> >> user > >> >> >> do > >> >> >> >> have appropriate permission to its FTP- > directory, > >> >> but do > >> >> >> >> not have any on the default-FTP directory. The > >> >> funny > >> >> >> >> thing however is that both directory are > >> >> independent of > >> >> >> >> each other. > >> >> >> >> > >> >> >> >> Rgds. > >> >> >> >> >-----Original Message----- > >> >> >> >> >I'm sure when you do a 'CD' it will show > >> >> >> >> >the directory you are using by ftp.exe > >> >> >> >> >and the status is either success, denied or > not > >> >> found > >> >> >> >> >and etc. > >> >> >> >> > > >> >> >> >> >you should run filemon on the ftp server. then > >> ftp > >> >> >> >> >locally or from remote server. > >> >> >> >> > > >> >> >> >> > > >> >> >> >> >-- > >> >> >> >> >Regards, > >> >> >> >> >Bernard Cheah > >> >> >> >> >http://support.microsoft.com/ > >> >> >> >> > > >> >> >> >> > > >> >> >> >> >"bimosekin" <bimosekin@hotmail.com> wrote in > >> >> message > >> >> >> >> >news:06d601c2f861$de481fa0$a301280a@phx.gbl... > >> >> >> >> >> Thanks for the patience, however, filemon > does > >> >> not > >> >> >> >> report > >> >> >> >> >> anything about the logins and subsequet > >> >> commands. It > >> >> >> >> >> only logs the "open" and "bye" command, > >> anything > >> >> in > >> >> >> >> >> between is notlogged. > >> >> >> >> >> > >> >> >> >> >> >-----Original Message----- > >> >> >> >> >> >IIS FTP only support anonymous and basic. > No > >> >> windows > >> >> >> >> >> integrated. > >> >> >> >> >> >The things I'm wondering is when you set > the > >> >> >> additional > >> >> >> >> >> anonymous > >> >> >> >> >> >settings, some user works while some are > not. > >> >> if it > >> >> >> >> >> works, meaning > >> >> >> >> >> >the 'some other users' have some permission > >> and > >> >> >> rights > >> >> >> >> >> issue. > >> >> >> >> >> > > >> >> >> >> >> >You should try the filemon utility, it will > >> >> shows > >> >> >> you > >> >> >> >> >> related > >> >> >> >> >> >access issues. > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> >-- > >> >> >> >> >> >Regards, > >> >> >> >> >> >Bernard Cheah > >> >> >> >> >> >http://support.microsoft.com/ > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> >"bimosekin" <bimosekin@hotmail.com> wrote > in > >> >> message > >> >> >> >> >> >news:03ef01c2f792$f0ae8410 > >> $a601280a@phx.gbl... > >> >> >> >> >> >> BB, > >> >> >> >> >> >> > >> >> >> >> >> >> Thanks. The "users" group already have > the > >> >> >> >> permission > >> >> >> >> >> >> mentioned in the KB: "Log on Locally" and > >> >> Access > >> >> >> this > >> >> >> >> >> >> computer from the netwrok", and all the > >> >> >> user_accounts > >> >> >> >> >> are > >> >> >> >> >> >> in this group. The FTP is configured for > >> both > >> >> >> >> >> Anonymous > >> >> >> >> >> >> and Windows integrated. > >> >> >> >> >> >> > >> >> >> >> >> >> I have anyway decided to do away with > >> >> >> the "Additional > >> >> >> >> >> >> Restrictions for Anonymous Connections" > >> >> option. > >> >> >> The > >> >> >> >> >> most > >> >> >> >> >> >> funny thing now is that the problem still > >> >> persist, > >> >> >> >> >> which > >> >> >> >> >> >> was not the case before. > >> >> >> >> >> >> > >> >> >> >> >> >> I no longer Know what exactly is going > on. > >> >> >> >> >> >> > >> >> >> >> >> >> bimoseekin > >> >> >> >> >> >> > >> >> >> >> >> >> > >> >> >> >> >> >> >-----Original Message----- > >> >> >> >> >> >> >Try > >> >> >> >> >> >> >http://support.microsoft.com/?id=200475 > >> >> >> >> >> >> > > >> >> >> >> >> >> >if no luck, get filemon from > >> >> sysinternals.com, > >> >> >> >> >> >> >run it, then try to access, look > >> for 'access > >> >> >> denied' > >> >> >> >> >> >> >entry, then granted related rights. > >> >> >> >> >> >> > > >> >> >> >> >> >> > > >> >> >> >> >> >> >-- > >> >> >> >> >> >> >Regards, > >> >> >> >> >> >> >Bernard Cheah > >> >> >> >> >> >> >http://support.microsoft.com/ > >> >> >> >> >> >> > > >> >> >> >> >> >> > > >> >> >> >> >> >> >"bimosekin" <bimosekin@hotmail.com> > wrote > >> in > >> >> >> message > >> >> >> >> >> >> >news:029001c2f750$169b0e20 > >> >> $a101280a@phx.gbl... > >> >> >> >> >> >> >> Bernard, > >> >> >> >> >> >> >> > >> >> >> >> >> >> >> Yes, the error msgs is 530 "User > cannot > >> >> log in, > >> >> >> >> home > >> >> >> >> >> >> >> directory inaccessible. Login failed" > >> >> >> >> >> >> >> > >> >> >> >> >> >> >> This could not be the case since the > >> user > >> >> is > >> >> >> in a > >> >> >> >> >> group > >> >> >> >> >> >> >> that has the same access and > >> permissions, > >> >> and > >> >> >> >> there > >> >> >> >> >> is > >> >> >> >> >> >> no > >> >> >> >> >> >> >> where anyone is denied access. > >> >> >> >> >> >> >> > >> >> >> >> >> >> >> What steps should I take to rectify > >> this? > >> >> >> >> >> >> >> > >> >> >> >> >> >> >> Thanks, > >> >> >> >> >> >> >> bimosekin > >> >> >> >> >> >> >> > >> >> >> >> >> >> >> >-----Original Message----- > >> >> >> >> >> >> >> >What will be the error msgs ? 530 ? > >> >> >> >> >> >> >> >have you try using ftp.exe and login > as > >> >> >> >> >> >> >> >that user at that workstation ? > >> >> >> >> >> >> >> > > >> >> >> >> >> >> >> > > >> >> >> >> >> >> >> >-- > >> >> >> >> >> >> >> >Regards, > >> >> >> >> >> >> >> >Bernard Cheah > >> >> >> >> >> >> >> >http://support.microsoft.com/ > >> >> >> >> >> >> >> > > >> >> >> >> >> >> >> > > >> >> >> >> >> >> >> >"bimosekin" <bimosekin@hotmail.com> > >> wrote > >> >> in > >> >> >> >> >> message > >> >> >> >> >> >> >> >news:046d01c2f553$0284bf20 > >> >> $2f01280a@phx.gbl... > >> >> >> >> >> >> >> >> In trying to harden security on our > >> >> >> >> W2K/IIS5.1, I > >> >> >> >> >> >> >> enable > >> >> >> >> >> >> >> >> the enabled the "Additional > >> >> Restrictions for > >> >> >> >> >> >> Anonymous > >> >> >> >> >> >> >> >> Connections" by setting the option > >> >> to "2 - > >> >> >> No > >> >> >> >> >> access > >> >> >> >> >> >> >> >> without explicit anonymous > >> permission, > >> >> on > >> >> >> >> >> the "local > >> >> >> >> >> >> >> >> security" configuration. > >> >> >> >> >> >> >> >> > >> >> >> >> >> >> >> >> This is working fine, however, I > have > >> >> some > >> >> >> >> users' > >> >> >> >> >> >> >> account > >> >> >> >> >> >> >> >> on the system who connect through > >> FTP. > >> >> The > >> >> >> >> funny > >> >> >> >> >> >> >> thing is > >> >> >> >> >> >> >> >> that some succeeds while some > fails, > >> >> even > >> >> >> when > >> >> >> >> >> they > >> >> >> >> >> >> >> are in > >> >> >> >> >> >> >> >> the same group. These users' have > >> >> >> appropriate > >> >> >> >> >> NTFS > >> >> >> >> >> >> >> >> permission on their respective FTP > >> >> folder. > >> >> >> They > >> >> >> >> >> can > >> >> >> >> >> >> >> >> connect again once I reset this > >> option > >> >> >> >> to "0". I > >> >> >> >> >> >> have > >> >> >> >> >> >> >> >> make sure that "everyone" do not > have > >> >> denied > >> >> >> >> >> >> permission > >> >> >> >> >> >> >> >> anywhere, and there is no where the > >> >> failing > >> >> >> >> >> users' > >> >> >> >> >> >> have > >> >> >> >> >> >> >> >> restriction permission on their > >> >> respective > >> >> >> >> >> folder. > >> >> >> >> >> >> >> >> > >> >> >> >> >> >> >> >> Where should I check again? > >> >> >> >> >> >> >> > > >> >> >> >> >> >> >> > > >> >> >> >> >> >> >> >. > >> >> >> >> >> >> >> > > >> >> >> >> >> >> > > >> >> >> >> >> >> > > >> >> >> >> >> >> >. > >> >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> >. > >> >> >> >> >> > > >> >> >> >> > > >> >> >> >> > > >> >> >> >> >. > >> >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> >. > >> >> >> > > >> >> > > >> >> > > >> >> >. > >> >> > > >> > > >> > > >> >. > >> > > > > > > >. > >
- Next message: Arnaldo Neto: "How do I configure SSL in the Intranet unless solicity certify"
- Previous message: jim c: "IIS Lock down tool configuration"
- In reply to: bimosekin: "Re: Additional Restrictions - option"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
