Re: Setting up FTP site in Windows 2000

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 04/20/05


Date: Wed, 20 Apr 2005 19:28:03 GMT

On 20 Apr 2005 03:50:10 -0700, paulsmith5@hotmail.com wrote:

>Hi,
>
>I wish to set up FTP so that a group of users have access to a specific
>location within my overall FTP site. Lets suppose that I have a
>directory on my pc called App1 and I have created a new virtual
>directory in my default FTP site that maps to it (therefore to access
>it I would navigate to ftp://ipaddress/app1). Now consider the user
>group - call it App1FTPUsers. Every member of App1FTPUsers should be
>required to login and have read only rights - i.e. they should only be
>allowed download files and browse certain folders. Individual members
>of App1FTPUsers should only be able to access specific folders, for
>example User1 should only be able to access a directory within App1
>called User1 (e.g. ftp://ipaddress/app1/user1) and User2 should only be
>able to access a directory within App1 called User2 (e.g.
>ftp://ipaddress/app1/user2) etc. No member of App1FTPUsers should be
>able to access anywhere outside of ftp://ipaddress/app1. Furthermore, I
>would like to retain the ability for certain other users ouside of the
>App1FTPUsers group (e.g. the local administrator etc.) to write to the
>directories involved.
>
>Please could somebody help me with the steps I should take to achieve
>this. I have set up the ftp virtual directory but have done nothing
>about the security settings i.e. currently the App1FTPUsers group does
>not exist,

So create the group and add whatever users get access to this section
to the group.

>I have Allow Anonymous Connections set to true for my FTP
>site

Remove anonymous access.

>my FTP home directory has Read and Log Visits checkboxes checked
>- Write is unchecked. Everyone has full control on all the folders that
>are mapped to in ftp://ipaddress/app1.

Remove the Everyone group from the folder permissions. Assign only
the rights specifically needed, in this case Read for the App1FTPUsers
group. Probably want full permissions for admins as well. These are
NTFS file/folder permissions, not in the MMC for the FTP site.

> I am using Windows 2000 and IIS
>6.0.

No you're not. W2K has IIS5, IIS6 comes with Server 2003.

>The FTP server is not a domain controller.

Doesn't need to be.

Also see:

HOW TO: Set Up an FTP Server in Windows 2000
http://support.microsoft.com/?id=300662

How To Set Up an FTP Site So That Users Log Onto Their Folders:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;201771

HOW TO: Create a Secure FTP Directory that Uses Password
Authentication:
http://support.microsoft.com/?id=239120

Jeff