IIS FTP Sites

1. IIS FTP Sites Setting Up an FTP Server Katie Kalata

2. FTP Architecture N IE IE N • FTP, provides a way to transfer binary files over a TCP/IP network • FTP is still more efficient than HTTP • FTP uses Transmission Control Protocol (TCP) as its transport for all communications and data exchanges between the client and server • TCP is a connection-oriented protocol • TCP provides reliability and error-recovery.

4. N FTP Architecture • FTP uses two ports for file transfer • one to send files • one to receive them • one is the FTP server • one is the FTP client (logs onto the server) • The FTP client gives the server commands for • downloading files • uploading files • creating server directories • changing server directories

5. FTP Clients • True “dedicated” FTP Clients • WS_FTP32 (shareware) - student disk • log on with user name and password • Browser & other programs • ftp://<site>.[<subdir>...].<file> • Put method • built into http protocol version 1.1 • needs Write permission set

6. Default FTP Site • At IIS installation a Default FTP site is created • default directory structure • c:\Inetpub\FTPROOT

7. Default FTP Site • There are 5 FTP Property Sheets (similar to WWW) • Master, Default, and File Properties are configurable • FTP Site • Security Accounts • Messages • Home Directory • Directory Security

8. Master Property Sheet Config • Locate the FTP Master Property Sheet • Right Click on computer icon • Select FTP Service instead of the WWW Service • Click on Edit.

9. FTP Site Property Sheet • Identification is the Name of the FTP Site • IP and TCP ports are configurable • Default TCP port is 21 • You cannot configure host header like you can with WWW Sites!!!

10. FTP Site Property Sheet • Connections is the number of simultaneous connections • Can limit the timeout for inactive sessions • Always enable logging for FTP sites • Current Sessions allows you to view a list of currently connected FTP users

11. Security Accounts Property Sheet • Can allow or prevent anonymous connections • Note that the username is the default anonymous user that was installed during IIS installation • The Anonymous account is IUSR_MachineName • Browse to browse for a Windows NT user account. • Can create an FTP account for each ftp site with specific NT user account

12. Security Accounts Property Sheet • Can force anonymous connections so that users cannot log in with their NT accounts • Automatic Password Synchronization to automatically synchronize the anonymous password settings NT Why would you not want them to use their NT account when they log in as anonymous?

13. Security Accounts Property Sheet • Disable either or both of these options causes: • validate user by NT • user name and password must be sent • Security Options for the NT Anonymous User that IIS uses is created automatically • No FTP clients that can encode or encrypt your user ID and password - it must be an NT account

14. Security Accounts Property Sheet • Set up IS account “right” to "Log on locally" to the NT system. • If you disable the Allow Only Anonymous Connections option, set this account “right” for every account that will log in

15. Security Accounts Property Sheet • Can designate valid NT accounts as FTP operators • Can use this ftp site to a specific website. • If you want a user to be able to have access to all the ftp sites make the user a member of the NT Administrators group or give them the “rights”

16. Security Accounts Property Sheet To create this type of account rights installation: • Open user Manager for Domains • Create the new user account in (Menu | New User ...) • Select the user account (groups or multiple items - use Ctrl) • Select Policies | User Rights • Log on locally is a required right for all accesses against the server by outside users. • From the Right: drop-down list box, select the Log on locally privilege.

17. Security Accounts Property Sheet • Verify that the user is listed in the Grant to: list box. • select Add: and then either select the group you want to grant access to, or select Show Users and find the specific user you want to have this right. • Select Add to give the right to the user. • Click OK. • The user is added to the Grant to: list box in the User Rights Policy dialog box.

18. Security Accounts Property Sheet Other Security Options: • FTP is the most open protocol that allows access to your server • NTFS File and Directory Rights • User Rights applied are the most restrictive case • To prevent file uploads, deselect the Write privileges for the virtual directory. • Can control access by IP address

19. Messages Property Sheet • Create the dialogue message boxes that are displayed to browsers • Welcome • Exit • Maximum Connections • Default is blank

20. Home Directory Property Sheet • Identify the path to the ftp share in the Local Path or Browse • Default directory c:\Inetpub\ftproot

21. Home Directory Property Sheet Read • read or download files stored in either the home directory or a virtual directory. Write • upload files to the enabled folder • change the content of a write-enabled file. • browser must support the PUT feature of the HTTP 1.1

22. Home Directory Property Sheet Log Access • Enables record visits to this folder in a log file Folder listing style • Browsers expect UNIX • UNIX gives maximum compatibility We will cover logs in the next unit

23. Home Directory Property Sheet Common FTP Site Configurations • Stop all services • Public FTP • read-only access to all public directories • FTP upload directory • write permissible • read nonpermissible

24. Directory Security Property Sheet • Can restrict or grant access using IP address

25. Configure FTP Services HTMLA • To configure and administer the FTP Services use: • MMC/ISM • HTMLA, • WSH