Article ID: 310723
Article Last Modified on 11/21/2006
APPLIES TO
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Server 4.0
This article was previously published under Q310723
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
IN THIS TASK
SUMMARY
This article describes how to configure the IIS FTP server for FTP authentication and how to automatically use the domain user database rather than your local user accounts database, so that your users can access FTP folders by using their familiar login without having to explicitly specify their domain information.
Back to top
MORE INFORMATION
NOTE: These procedures are designed to assist Web server administrators that host FTP sites that require users to use their domain user name and password to access their FTP folders. If you follow the procedures outlined in this article, you will affect public access to FTP sites. Therefore, you should not use these procedures if you are hosting public FTP sites.
Important Warning: FTP passwords are sent over networks in "clear text" and are therefore easily stolen, especially on the Internet. For this reason, many administrators set up FTP sites for anonymous read-only access, and use file sharing if local network write access is needed or use the FrontPage Server Extensions for Internet publishing.
Back to top
Disable Anonymous FTP Access in IIS 5.0
When you disable Anonymous FTP access, users must always enter a valid user name and password when they access your FTP site. (This configuration is more secure when you allow users to upload files to your server.)
- Open the Internet Services Manager. To do this, follow the steps for your version of IIS:
- For IIS 4.0:
- On the Start menu, point to Programs, and then click Windows NT 4.0 Option Pack.
- Click Microsoft Internet Information Server, and then click Internet Service Manager.
- For IIS 5.0:
- On the Start menu, point to Programs, and then click Administrative Tools.
- Click Internet Services Manager.
- For IIS 4.0:
- In the console tree, right-click the FTP site that you want to configure, and then click Properties.
- On the Security Accounts tab, click to uncheck the Allow Anonymous Connections check box.
- Click Yes if you are prompted to continue.
- Click OK.
Modify the DefaultLogonDomain in the IIS Metabase
Run the Adsutil tool at the command prompt by using the following syntax, depending on whether you want to set the DefaultLogonDomain domain for all FTP sites, for only the default FTP site, or for any other site:
- To set the DefaultLogonDomain domain for all FTP sites, run the following command:
adsutil set msftpsvc/DefaultLogonDomain "DomainName"
- To set the DefaultLogonDomain domain for only the default FTP site, run the following command:
adsutil set msftpsvc/1/DefaultLogonDomain "DomainName"
Note This command uses the Adsutil tool. If this command fails, you can use the following command instead:
This command uses the Mdutil tool from the Windows NT Option Pack CD.mdutil.exe set /msftpsvc/1/DefaultLogonDomain "DomainName"
- To set the DefaultLogonDomain domain for any other site, run the same command that you run for the default FTP site, but change the 1 parameter to the appropriate service number.
REFERENCES
For more information about using, configuring, and troubleshooting the FTP service in IIS, click the following article numbers to view the articles in the Microsoft Knowledge Base:
184319 FTP service's DefaultLogonDomain not available in MMC
200475 Error message in IIS: "530 User <Username> cannot log in. Login failed."
168908 How to authenticate a user against all trusted domains
175638 FTP login using domain and trusted domain accounts
Keywords: kbhowto kbhowtomaster KB310723
