Microsoft IIS 6.0Administrator's Consultant
|
When you install FTP Service for IIS, a default FTP site is created. Typically, the default FTP site is installed in %SystemDrive%\Inetpub\Ftproot. By adding subdirectories to this location, you can create the FTP site’s directory structure. By adding files to this directory or to subdirectories, you provide content for users to download. Users can access the FTP site using the FTP server name or by typing an appropriate URL in their browsers.
The default FTP site isn’t configured for isolated user directories. If you want to use this feature of IIS 6, you should create a new FTP site, specifying the type of user isolation you want to use. If you want the FTP site to use a new IP address, you must configure the IP address before installing the site. For details, refer to Chapter 16, “Managing TCP/IP Networking,” in the Microsoft Windows Server 2003 Administrator’s Pocket Consultant (Microsoft Press, 2003).
Creating Non-Isolated FTP Sites
You can create FTP sites that don’t use isolation by completing the following steps:
-
In the IIS snap-in, access the node for the computer you want to work with, right-click FTP Sites, choose New from the shortcut menu, and then select FTP Site. If the computer isn’t shown, connect to it as discussed in the “Connecting to Other Servers” section of Chapter 2 and then perform this task.
-
The FTP Site Creation Wizard starts. Click Next. In the Description field, type a descriptive name for the FTP site, such as Corporate FTP Server. Click Next.
-
As shown in Figure 9-1, use the IP Address drop-down list to select an available IP address. Select (All Unassigned) to allow FTP to respond on all unassigned IP addresses that are configured on the server. Multiple FTP sites can use the same IP address if the sites are configured to use different port numbers.
Figure 9-1: Set the IP address and port values for the new FTP site. Note FTP has no equivalent of HTTP host headers. This means you can’t use host header names with FTP sites.
-
The TCP port for the FTP site is assigned automatically as port 21. If necessary, type a new port number in the TCP Port field. Multiple sites can use the same port if the sites are configured to use different IP addresses. Click Next.
-
The following options are available:
-
Do Not Isolate Users With this setting, users log on to the server and aren’t mapped transparently to separate isolated user directories. Depending on directory settings, users might be able to view and access the directories of other users. Users writing files to the same directory could also accidentally overwrite another user’s files.
-
Isolate Users This mode isolates users by local and domain user account names. Here, users log on to the server root directory using their Windows account. When the logon is authenticated, they’re mapped transparently to their isolated user directory and won’t be able to overwrite other users’ files.
-
Isolate Users Using Active DirectoryWith this setting, IIS authenticates user credentials using Active Directory. If authenticated, users are mapped transparently to their isolated user directory based on the values of FTPRoot and FTPDir and won’t be able to overwrite other users’ files.
As shown in Figure 9-2, select Do Not Isolate Users and then click Next.
Figure 9-2: Set user isolation mode for the FTP site. Caution You can’t change the user isolation mode after an FTP site has been created. Because of this, you should carefully determine the mode you need to use and then develop an implementation plan to support this mode.
-
-
The FTP Site Home Directory page lets you set the home directory for the FTP site. Click Browse to search for a folder. This folder must be created before you can select it. If necessary, click Browse and then Make New Folder in the Browse For Folder dialog box. Click Next.
-
You can set access permissions for the FTP site. Normally, you’ll want to set Read permissions only. The standard permissions are the following:
-
Read Allows users to download documents, which means that their clients can transfer documents from the server
-
Write Allows users to upload documents, which means that their clients can transfer documents to the server
-
-
Click Next and then click Finish. The FTP site is created automatically. The new FTP site may or may not be started. You should update the site’s properties before you make it accessible to users.
Creating Isolated FTP Sites Without Active Directory
You can create isolated FTP sites that don’t use Active Directory by completing the following steps:
-
In the IIS snap-in, access the node for the computer you want to work with, right-click FTP Sites, choose New from the shortcut menu, and then select FTP Site. If the computer isn’t shown, connect to it as discussed in the “Connecting to Other Servers” section of Chapter 2 and then perform this task.
-
The FTP Site Creation Wizard is started. Click Next. In the Description field, type a descriptive name for the FTP site, such as Corporate FTP Server. Click Next.
-
As shown previously in Figure 9-1, use the IP Address drop-down list to select an available IP address. Select (All Unassigned) to allow FTP to respond on all unassigned IP addresses that are configured on the server. Multiple FTP sites can use the same IP address if the sites are configured to use different port numbers.
-
The TCP port for the FTP site is assigned automatically as port 21. If necessary, type a new port number in the TCP Port field. Multiple sites can use the same port if the sites are configured to use different IP addresses. Click Next.
-
Select Isolate Users and then click Next.
-
The FTP Site Home Directory page lets you set the home directory for the FTP site. Click Browse to search for a folder. This folder must be created before you can select it. If necessary, click Browse and then Make New Folder in the Browse For Folder dialog box. Click Next.
-
You can set access permissions for the FTP site. Normally, you’ll want to set Read permissions only. The standard permissions are the following:
-
Read Allows users to download documents, which means that their clients can transfer documents from the server
-
Write Allows users to upload documents, which means that their clients can transfer documents to the server
-
-
Click Next and then click Finish. The FTP site is created automatically. The new FTP site may or may not be started. You should update the site’s properties before you make it accessible to users.
-
If anonymous access to the FTP site is allowed, create a directory called LocalUser under the root directory and then create a subdirectory of LocalUser called Public.
-
If users access the FTP site using local user accounts, create a directory called LocalUser under the root directory and then create subdirectories for each user account that will be used. These directories should be named the same as the user account (%UserName%).
-
If users access the FTP site using domain user accounts, create directories for the domain under the root directory and then create subdirectories under the domain directories for each user. These directories should be named the same as the user account (%UserName%).
Creating Isolated FTP Sites with Active Directory
You can create isolated FTP sites that use Active Directory by completing the following steps:
-
In the IIS snap-in, access the node for the computer you want to work with, right-click FTP Sites, choose New from the shortcut menu, and then select FTP Site. If the computer isn’t shown, connect to it as discussed in the “Connecting to Other Servers” section of Chapter 2 and then perform this task.
-
The FTP Site Creation Wizard is started. Click Next. In the Description field, type a descriptive name for the FTP site, such as Corporate FTP Server. Click Next.
-
As shown previously in Figure 9-1, use the IP Address drop-down list to select an available IP address. Select (All Unassigned) to allow FTP to respond on all unassigned IP addresses that are configured on the server. Multiple FTP sites can use the same IP address if the sites are configured to use different port numbers.
-
The TCP port for the FTP site is assigned automatically as port 21. If necessary, type a new port number in the TCP Port field. Multiple sites can use the same port if the sites are configured to use different IP addresses. Click Next.
-
Select Isolate Users Using Active Directory and then click Next.
-
Type the user name of an account with administrator privileges that can be used to access the Active Directory domain, so that users can be authenticated, such as ADATUM\Administrator. To search for an account to use, click Browse.
-
Enter the password for the specified account.
-
Enter the default domain to be used, such as adatum.com, or click Browse to use the Browse For Domain dialog box to search for a domain to use.
-
Click Next. When prompted, confirm the password for the previously specified account.
-
Set access permissions for the FTP site. Normally, you’ll want to set Read permissions only, but since you can’t change this option later, be sure to plan accordingly. The standard permissions are the following:
-
Read Allows users to download documents, which means that their clients can transfer documents from the server
-
Write Allows users to upload documents, which means that their clients can transfer documents to the server
-
-
Click Next and then click Finish. The FTP site is created automatically.
Tip Note that you didn’t have to specify a root directory for the FTP site. Sites isolated using Active Directory don’t have an actual home directory. Instead, users map directly to their isolated directories using an arbitrary (not actual) root directory. Because of this, the site’s Properties dialog box doesn’t have a Home Directory tab and any options on this tab can’t be set.
|