Microsoft KB Archive/313820

= How to enable UPN logon for FTP in IIS 5.0 =

Article ID: 313820

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q313820



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx





SUMMARY
The name of a user in the form of user@domain.com is known as the user principal name (UPN). This step-by-step article describes how to allow UPN logon for the Microsoft File Transfer Protocol (FTP) service.

Enable UPN logon for FTP using IIS 5.0
Note that you can only enable UPN logon for FTP in a Windows 2000 domain environment. That is, you must have Active Directory running, and the user must be in a domain account in that directory.

Before you begin, verify that you are not experiencing the problem that is described in the following Knowledge Base article, and request the hotfix in the article if necessary:

299273 UPN logon option does not work after you apply fix from MS01-026 security bulletin

You can use either the Adsutil.vbs utility or the Mdutil.exe utility to allow UPN logon for the FTP service.

Enable UPN logon for FTP with Adsutil.vbs
To use the Adsutil.vbs file to enable UPN logon for FTP, you must add the DefaultLogonDomain entry to the FTP service properties in the metabase and set the value to the backslash character (\). For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

184319 FTP Service's DefaultLogonDomain not available in MMC

Enable UPN logon for FTP with Mdutil.exe
To enable UPN logon for all local FTP sites, type the following at a command prompt:

mdutil.exe set msftpsvc/DefaultLogonDomain \

To enable UPN logon for the first FTP site, type the following at a command prompt:

mdutil.exe set msftpsvc/1/DefaultLogonDomain \

Note You cannot enable UPN logon for FTP by setting a backslash (\) for the root, as follows:

mdutil set /msftpsvc/1/root/DefaultLogonDomain \

For more information about Mdutil.exe, click the following article number to view the article in the Microsoft Knowledge Base:

240225 Description of Adsutil and MetaEdit utilities used to modify the metabase

