Quick Start Articles provide fast answers to frequently asked questions. Quick Start Article



Similar documents
Setting Up Your FTP Server

My Secure Backup: How to reduce your backup size

AXIS 70U - Using Scan-to-File

5. At the Windows Component panel, select the Internet Information Services (IIS) checkbox, and then hit Next.

Information Security Practice II. Installation and set-up of Web Server and FTP accounts

Using Microsoft Expression Web to Upload Your Site

HIC.SOAP Network User Instructions last updated June 22, :39 AM

SSH Secure Client (Telnet & SFTP) Installing & Using SSH Secure Shell for Windows Operation Systems

Capture Pro Software FTP Server System Output

Content Management System

REDUCING YOUR MICROSOFT OUTLOOK MAILBOX SIZE

Computer Programming In QBasic

Legal and Copyright Notice

Manual Password Depot Server 8

ESA FAQ. Self Administration Frequently Asked Questions

Troubleshooting / FAQ

Hosting Users Guide 2011

The Social Accelerator Setup Guide

How to make a VPN connection to our servers from Windows 7

FTP Service Reference

Windows Server Password Recovery Techniques Courtesy of Daniel Petri

MSSQL quick start guide

Contents. Using Web Access Managing Shared Folders Managing Account Settings Index... 39

Outlook 2007: Managing your mailbox

Samsung Drive Manager FAQ


IIS, FTP Server and Windows

Virtual Office Remote Installation Guide

Microsoft FTP Configuration Guide for Helm 4

Creating and Managing Shared Folders

Deployment of Keepit for Windows

MelbourneOnline Hosted Exchange Setup

2011 ithemes Media LLC. All rights reserved in all media. May be shared with copyright and credit left intact.!

Managing documents, files and folders

MS Outlook to Unix Mailbox Conversion mini HOWTO

Data Warehouse Troubleshooting Tips

Capture Pro Software FTP Server Output Format

Scanning Guide for Current Colour Machines

BILLINGTRACKER MULTI-USER SETUP AND TROUBLESHOOTING GUIDE INSTRUCTIONS FOR SETTING UP BILLINGTRACKER PRO IN MULTI-USER MODE:

Spector 360 Deployment Guide. Version 7.3 January 3, 2012

Team Foundation Server 2010, Visual Studio Ultimate 2010, Team Build 2010, & Lab Management Beta 2 Installation Guide

A Roadmap for Securing IIS 5.0

SHARING FILE SYSTEM RESOURCES

Configuring the Active Directory Plug-in

Lepide Exchange Recovery Manager

DESIGN A WEB SITE USING PUBLISHER Before you begin, plan your Web site

Before you install ProSeries software for network use

So you want to create an a Friend action

EaseUS Todo Backup user guide. EaseUS Todo Backup. Central Management Console. User guide - 1 -

MS SQL Express installation and usage with PHMI projects

Sentral servers provide a wide range of services to school networks.

Outlook Today. Microsoft Outlook a different way to look at E. By Microsoft.com

Understanding Files and Folders

Windows XP File Management

e-config Data Migration Guidelines Version 1.1 Author: e-config Team Owner: e-config Team

TECHNICAL NOTE. The following information is provided as a service to our users, customers, and distributors.

Many home and small office networks exist for no

v4: How to create a BartPE Rescue CD for Macrium Reflect

Setting Up a Dreamweaver Site Definition for OIT s Web Hosting Server

AdminToys Suite. Installation & Setup Guide

WarFTP V1.82 Tutorial

FILE TRANSFER PROTOCOL (FTP) SITE

CrushFTP User Manager

Hyper-Cluster. By John D. Lambert, Microsoft SQL Server PFE

How to Setup and Connect to an FTP Server Using FileZilla. Part I: Setting up the server

Enterprize Setup Checklist

Scan to FTP White Paper Ricoh Americas Corporation May 2007

ilaw Installation Procedure

PLEASE NOTE: The client data used in these manuals is purely fictional.

How to make a VPN connection to our servers from Windows 8

Introduction to MS WINDOWS XP

Compiere 3.2 Installation Instructions Windows System - Oracle Database

CIFS Permissions Best Practices Nasuni Corporation Natick, MA

Outlook Connector Installation & Configuration groupwaresolution.net Hosted MS Exchange Alternative On Linux

CRM CUSTOMER RELATIONSHIP MANAGEMENT

Xerox Multifunction Devices

E-Notebook SQL 12.0 Desktop Database Installation Guide. E-Notebook SQL 12.0 Desktop Database Installation Guide

The FTP Monitor application performs the following main functions:

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Outlook Data File navigate to the PST file that you want to open, select it and choose OK. The file will now appear as a folder in Outlook.

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Demonstration of Windows XP Privilege Escalation Exploit

HowTo. Planning table online

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

Chapter7 Setting the Receiving PC for Direct Upload. Setting the Receiving PC for Direct Upload For Windows For Macintosh...

Transferring Your Internet Services

Using Internet or Windows Explorer to Upload Your Site

StorageCraft ShadowStream User Guide StorageCraft Copyright Declaration

Quick Start Guide for the SupportDesk Web Interface

Security Guidelines for MapInfo Discovery 1.1

Lotus Notes 6.x Client Installation Guide for Windows. Information Technology Services. CSULB

Installation Guide - Client. Rev 1.5.0

This document details the following four steps in setting up a Web Server (aka Internet Information Services -IIS) on Windows XP:

[Setup procedure for Windows 95/98/Me]

Chapter 2 Editor s Note:

Transcription:

FullControl Network Inc. Quick Start Article "The Ins and Outs of FTP OVERVIEW: ARTICLE: AUTHOR: QS41352 The 10 second description for those coming in brand new is: For those running a version of Windows that includes IIS (Internet Information Services), you already have Microsoft FTP available to you. This is included in Windows NT/2000/2003/XP. Except for Windows NT, use the IIS snap-in found in Start -> Administrative Tools -> Internet Information Services. If you don't have that installed, it can be installed from Add/Remove Programs in the control panel. For some people using Windows XP you won't see Administrative Tools off your Start Menu. You can still find them in your control panel. TEAM UPDATE: MARCH 2007 APPLICABLE: WINDOWS OS Getting Started: There are 4 basic rules of FTP: #1: If the virtual directory name = user name, then the path of the virtual directory takes effect. #2: The username used to log in needs List Permissions to the root FTP site folder. #3: A Virtual Directory created in IIS FTP is not seen by a FTP Program #4: If both a Virtual Directory and Physical Directory exist, the Virtual Directory takes precedence. Rule #1: If the virtual directory name = user name, then the path of the virtual directory takes effect. Microsoft FTP doesn't have an interface like most of us would expect, where you can add a user and point to a particular folder. Instead, it has a strange way of handling this. If the Virtual Directory name is exactly the same as a Windows Users, then the Virtual Directory will catch the user rather than the root FTP account.

If you have lots of IP addresses, you can assign one IP address per user and setup multiple sites and then rely on the NTFS permissions to grant or deny access to particular sites. (Note: Windows XP only allows 1 FTP site.) But, even if you do this, there may come a time when you want to use the same IP address for multiple users who will be destined for different locations. For those trying to run a web server with multiple sites and one IP address, you'll benefit the most from this rule. Let s start with an example: Let's say you have this directory structure: C:\websites\domainA.com C:\websites\domainB.com C:\websites\domainB.com\graphics And you have 3 users. - Mike needs access to the root of domaina.com - Sue needs access to the root of domainb.com - Joe needs access to the graphics folder of domainb.com! Important: The trick with MS FTP is that if the Virtual Directory name is the same as a Windows Username, the user will be "caught" by the Virtual Directory and directed to the folder specified in the Virtual Directory. Example in MS-FTP Behind the scenes, the Mike Virtual Directory is pointing to C:\websites\domainA.com, Sue is pointing to C:\websites\domainB.com and Joe is pointing to C:\websites\domainB.com\graphics. - If you logged in as Mike, then the Mike virtual directory would "catch" it and you would be dropped into the C:\websites\domainA.com folder. - Same with Joe or Sue. They would be caught by their corresponding Virtual Directories. Now, let's say you had another user called Jane. If you logged in as Jane then the settings on the Default FTP Site will handle her because there isn't a Virtual Directory to catch her and direct her elsewhere. Microsoft FTP doesn't have an interface like most of us would expect, where you can add a user and point to a particular folder. Instead, it has a strange way of handling this. If the Virtual Directory name is exactly the same as a Windows Users, then the Virtual Directory will catch the user rather than the root FTP account. If you have lots of IP addresses, you can assign one IP address per user and setup multiple sites and then rely on the NTFS permissions to grant or deny access to particular sites. (Note: Windows XP only allows 1 FTP site.) But, even if you do this, there may come a time when you want to use the same IP address for multiple users who will be destined for different locations. For those trying to run a web server with multiple sites and one IP address, you'll benefit the most from this rule. Let s start with an example:

Let's say you have this directory structure: C:\websites\domainA.com C:\websites\domainB.com C:\websites\domainB.com\graphics And you have 3 users. - Mike needs access to the root of domaina.com - Sue needs access to the root of domainb.com - Joe needs access to the graphics folder of domainb.com! Important: The trick with MS FTP is that if the Virtual Directory name is the same as a Windows Username, the user will be "caught" by the Virtual Directory and directed to the folder specified in the Virtual Directory. Example in MS-FTP Behind the scenes, the Mike Virtual Directory is pointing to C:\websites\domainA.com, Sue is pointing to C:\websites\domainB.com and Joe is pointing to C:\websites\domainB.com\graphics. - If you logged in as Mike, then the Mike virtual directory would "catch" it and you would be dropped into the C:\websites\domainA.com folder. - Same with Joe or Sue. They would be caught by their corresponding Virtual Directories. Now, let's say you had another user called Jane. If you logged in as Jane then the settings on the Default FTP Site will handle her because there isn't a Virtual Directory to catch her and direct her elsewhere. Rule #2: username used to log in needs List Permissions to the root FTP site folder. Even if the Virtual Directory is pointing to a different location, the user that is logging in always needs List permissions to the folder specified in Default FTP Site. Yes, it seems strange, but even in IIS 6.0, this is still the case. So, each user must have read/write permissions, C:\websites\domainA.com needs read/write for Matt. C:\websites\domainB.com needs read/write for Sue. C:\websites\domainB.com\graphics needs read\write for Joe. The none obvious consideration is if the path of Default FTP Site was C:\websites then that folder needs "List" permissions for all 3 users. Otherwise they won't be able to log in at all. Tip #1: Set the root FTP account to a dummy location if assigning multiple users

If the path of the Default FTP Site is C:\websites then you have a fairly large security issue with this setup. If you log in as Mike for example, you'll have the option to move up a folder (..) (well, most FTP programs will give you that option). If you do, you'll be dropped into the folder of the Default FTP Site root. (c:\websites). As I just mentioned, you are forced to give List permissions for all users which means that every user can view the names of all the sites. If you ever slip up and give too many permissions at the NTFS level your users can potentially access other people's sites. Fortunately there is an easy solution. Just consider your Master FTP Site root a dummy location that isn't meant to be used for anything practical. Point it to c:\ftproot\dummyfolder or something similar. Give List permissions to the everyone group on that folder and make sure it's completely empty. Now, you've solved the security issue. If Mike connects with their FTP program and moves up a folder or does a chgdir to '\' he will be dropped into c:\ftproot\dummyfolder which is completely empty. You'll never have to worry about users gaining access to c:\websites which is a folder that you want to keep your users out of. And, in all this, don't forget that every user that will be logging into your FTP account needs to have a Virtual Directory assigned or else they will immediately be placed into the dummyfolder location. Now, we ve covered managing multiple users with a single IP address, required permissions for setting up FTP and given a tip on keeping users out of your confidential folders Rule #3: A Virtual Directory created in IIS FTP is not seen by a FTP Program If you want to create a virtual folder that points to a different location on a server, one of the first things you will notice is that if you create the virtual directory in IIS FTP and then use a FTP client to log in, you won't see the folder! You can use ChgDir if our FTP client supports it and type in the name of the virtual directory but that is often times not good enough. You want to actually see it. Consider the following folder structure where c:\websites\mysite\ is the FTP root path: c:\websites\mysite\ c:\websites\mysite\images\ c:\websites\mysite\bin\ c:\websites\mysite\admin\ Now, let's create a virtual directory in IIS FTP called downloads which will point to: h:\downloads\ When logging into your FTP account, you will see images, bin and admin but you won't see downloads. Why is that? Since virtual directories aren't always used for their original purpose, as you saw in Rule #1, they do not automatically appear. The other reason is that FTP programs will scan the files and folders on disk to determine what to display. Since virtual directories don't reside at the folder level, they won't be shown with the rest of the folders.

Tip #2: Create an empty physical directory to have a virtual directory appear in a FTP program Since the FTP client program will check for files and folders on disk, simply create an empty folder on disk where the virtual directory should show up. In the example above, it means creating an empty folder called c:\websites\mysite\downloads\. Now, after you log into this FTP account with your FTP program, you will see images, bin, admin and downloads. If you double click on downloads you will be taken to e:\downloads because the virtual directory in IIS FTP will take precedence. Rule #4: If both a Virtual Directory and Physical Directory exist, the Virtual Directory takes precedence. In the example above, you created a virtual folder which redirects to another location on the server, and a physical folder so that it will show up in my FTP program. Even if you put files in the empty downloads folder, you won't be able to access them by double clicking on the downloads folder. Instead of being directed to c:\websites\mysite\downloads\ (physical folder) you will be directed to h:\downloads\ (virtual folder). In summary, when creating a virtual directory that should show up in the FTP client program, make sure to create an empty physical directory to match. The Doorway Folder Trick: Below is a picture of a fresh server build on Windows Server 2003 with the Default FTP Site.

We ve changed the FTP root path to c:\websites which points to 7 sites that you'll virtually manage. You can see the site names below. Now, in this illustration you have two different site administrators, Scott and Matt. Scott needs access to all 7 sites but Matt should only have access to microsoft.com and msn.com. Now, in this illustration you have two different site administrators, Scott and Matt. Scott needs access to all 7 sites but Matt should only have access to microsoft.com and msn.com. It is possible to do this using NTFS permissions at the disk level. You simply give the Scott user read and write to all the folders and Matt read and write to microsoft.com and msn.com. But, there are some disadvantages and security concerns using NTFS permissions alone. What if an administrator on the server changes the permissions on one of the directories by mistake, not realizing that they have given Matt access to a site he isn t supposed to have access to? Or, even more subtle, what if you create an 8th site that Matt isn t supposed to have permissions for? When the 8th site is created, it will inherit its permissions from c:\websites which needs to at least have "List" permissions for Matt so that he can log in. Now Matt has, at the very least, the ability to view all files and directories in the new directory, unless the administrator remembers to tighten the permissions every time. (Yes, for those brave souls out there willing to work with and maintain more unique settings, you can set NTFS permissions so newly created sub-folders don t inherit all permissions, but if you have more than one administrator on that server, it s too easy to mess up at some point in the future.) Another disadvantage to doing it that way is that you might not want Matt to see all the folder names in the site, or maybe you just want things to be easy for Matt so he doesn t have to worry about a large list of sites or folders that he doesn t have access to anyway. So, with that in mind, let s create an FTP account for Matt. You want one that only displays microsoft.com and msn.com in his FTP program.

It's actually quite simple really. The trick is to create what we ll call a doorway folder. A doorway folder is simply a folder that will serve as the first step or the doorway for a particular user. The trick is to create a set of physical folders and virtual directories that will work together to display to Matt what you want him to see. First: Create the users Depending on your situation, you may have existing Windows users set up for Scott and Matt already. But, in case this is a new account for a new user, be sure to create a user called Matt and another called Scott. These can be Local users from within Local Users and Groups or Active Directory users, depending on your environment. Second: Create the physical folders Next you ll create a folder that holds the physical, but blank, sub-directory to match the real ones you want the user to have access to. This is simply so that the FTP client program displays the two folders. Let s call the root folder FTProot and the subfolder Matt, although either of these folders could be named anything. Now create two empty folders named microsoft.com and msn.com. The security permissions on the folders need to give Matt at least List permissions. Don t forget that Matt will need read and write permissions to c:\youbsites\microsoft.com and c:\youbsites\msn.com and he will need list permissions to c:\ftproot\dummyfolder and list permissions to c:\ftproot\matt. Third: Create the virtual directories Back to the virtual directories... In IIS, create a virtual directory called Matt. This should point to d:\ftproot\matt. Off the Matt virtual directory, create 2 more virtual directories o microsoft.com should point to c:\youbsites\microsoft.com o o msn.com should point to c:\youbsites\microsoft.com Spelling on these virtual directory names needs to be identical to the folders created in the second step above. Don t forget to check read and write when creating the virtual directories if you want Matt to be able to read and write to the FTP account.

That s it!! RELATED ARTICLES: FTP Isolation: HTTP://WWW.MICROSOFT.COM/TECHNET/PRODTECHNOL/WINDOWSSERVER2003/LIBRARY/II S/C0918F70-7A62-4D91-A05A-6DB6EC4A3BB2.MSPX?MFR=TRUE

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information