Microsoft KB Archive/310723

= How to configure FTP folders and permissions for domain authentication in IIS =

Article ID: 310723

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q310723



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



IN THIS TASK
SUMMARY
 * MORE INFORMATION
 * Disable Anonymous FTP Access in IIS 5.0
 * Modify the DefaultLogonDomain in the IIS Metabase

REFERENCES



SUMMARY
This article describes how to configure the IIS FTP server for FTP authentication and how to automatically use the domain user database rather than your local user accounts database, so that your users can access FTP folders by using their familiar login without having to explicitly specify their domain information.

Back to top

MORE INFORMATION
NOTE: These procedures are designed to assist Web server administrators that host FTP sites that require users to use their domain user name and password to access their FTP folders. If you follow the procedures outlined in this article, you will affect public access to FTP sites. Therefore, you should not use these procedures if you are hosting public FTP sites.

Important Warning: FTP passwords are sent over networks in &quot;clear text&quot; and are therefore easily stolen, especially on the Internet. For this reason, many administrators set up FTP sites for anonymous read-only access, and use file sharing if local network write access is needed or use the FrontPage Server Extensions for Internet publishing.

Back to top

Disable Anonymous FTP Access in IIS 5.0
When you disable Anonymous FTP access, users must always enter a valid user name and password when they access your FTP site. (This configuration is more secure when you allow users to upload files to your server.)  Open the Internet Services Manager. To do this, follow the steps for your version of IIS:  For IIS 4.0:  On the Start menu, point to Programs, and then click Windows NT 4.0 Option Pack. Click Microsoft Internet Information Server, and then click Internet Service Manager.  For IIS 5.0:  On the Start menu, point to Programs, and then click Administrative Tools.</li> Click Internet Services Manager.</li></ol> </li></ul> </li> In the console tree, right-click the FTP site that you want to configure, and then click Properties.</li> On the Security Accounts tab, click to uncheck the Allow Anonymous Connections check box.</li> Click Yes if you are prompted to continue.</li> Click OK.</li></ol>

Back to top

Modify the DefaultLogonDomain in the IIS Metabase
Run the Adsutil tool at the command prompt by using the following syntax, depending on whether you want to set the DefaultLogonDomain domain for all FTP sites, for only the default FTP site, or for any other site: <ul> To set the DefaultLogonDomain domain for all FTP sites, run the following command:

adsutil set msftpsvc/DefaultLogonDomain &quot;DomainName&quot;

</li> To set the DefaultLogonDomain domain for only the default FTP site, run the following command:

adsutil set msftpsvc/1/DefaultLogonDomain &quot;DomainName&quot;

Note This command uses the Adsutil tool. If this command fails, you can use the following command instead:

mdutil.exe set /msftpsvc/1/DefaultLogonDomain &quot;DomainName&quot;

This command uses the Mdutil tool from the Windows NT Option Pack CD.</li> To set the DefaultLogonDomain domain for any other site, run the same command that you run for the default FTP site, but change the 1 parameter to the appropriate service number.</li></ul>

Back to top

<div class="references_section">