Guest Nandan Posted June 21, 2008 Posted June 21, 2008 Hi , I have a Windows Server 2003 R2 Enterprise box which is an ADC and runs SMS 2003 SP3 primary site, a FTP web site and ISA 2006 to protect the FTP as well provide Web Proxy services. My FTP site is running quite nicely though I've heard the above mentioned setup is not good and can cause lots of unexplained problems. I have set up the FTPROOT directory to one of the partitions and what I have done to authenticate FTP users is this 1. I Created an OU called FTP accounts on the ADC and then create normal user accounts . 2.I Create FTP folders with the name of the client as the folder name .the same folder name is used to create the user account in the OU FTP accounts. 3. Once the user accounts have been created, i then proceed to set permissions on the individual folders inside the FTP root. eg- Suppose client is Siemens. so the FTP user account would be siemens. The new folder inside the FTP root directoy would also be siemens and then I proceed to give Domain\siemens Read\Write\Modify permissions to the siemens folder. I also deny permission to delete the folder,change user permissions or take ownership. this done when the user ftp's into the FTP site through IE 6 and authenticates ,it takes him directly to the correct folder ,leading the user to think he is at the home folder. He cannot traverse up as only the required folder is being shown . My real issue is that when the user FTP's in from Mozilla,Opera ,Safari,Unix or even IE7 or IE8 ,it takes him to the FTPROOT directory!!, in my case E: . This shows him all the other folder names and lets him see al the other FTP folders and since our company has rival companies as clientswho think they are the only ones whom we do business with,it's a real business killer!!! Is this because I have allowed the user group EVERYONE to list folder contents at the FTP root directory( E:) . Is there any way to limit the view of the FTP clients to just their folder. When I removed the everyone -list folder contents from the root,then nobody was able to log in to the FTP site. Also is IIS Lockdown tool good for my FTP site? Please help guys!!!
Guest Meinolf Weber Posted June 21, 2008 Posted June 21, 2008 Re: FTP site on an ADC Hello Nandan, Answered to microsoft.public.windows.server.active_directory. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Hi , > I have a Windows Server 2003 R2 Enterprise box which is an ADC and > runs SMS 2003 SP3 primary site, a FTP web site and ISA 2006 to protect > the FTP as well provide Web Proxy services. My FTP site is running > quite nicely though I've heard the above mentioned setup is not good > and can cause lots of unexplained problems. > I have set up the FTPROOT directory to one of the partitions and what > I have done to authenticate FTP users is this > > 1. I Created an OU called FTP accounts on the ADC and then create > normal user accounts . > 2.I Create FTP folders with the name of the client as the folder > name .the same folder name is used to create the user account in the > OU FTP accounts. > 3. Once the user accounts have been created, i then proceed to set > permissions on the individual folders inside the FTP root. > eg- Suppose client is Siemens. so the FTP user account would be > siemens. The new folder inside the FTP root directoy would also be > siemens and then I proceed to give Domain\siemens Read\Write\Modify > permissions to the siemens folder. > I also deny permission to delete the folder,change user permissions or > take ownership. > this done when the user ftp's into the FTP site through IE 6 and > authenticates ,it takes him directly to the correct folder ,leading > the user to think he is at the home folder. He cannot traverse up as > only the required folder is being shown . > > My real issue is that when the user FTP's in from > Mozilla,Opera ,Safari,Unix or even IE7 or IE8 ,it takes him to the > FTPROOT directory!!, in my case E: . > This shows him all the other folder names and lets him see al the > other FTP folders and since our company has rival companies as > clientswho think they are the only ones whom we do business with,it's > a real business killer!!! > > Is this because I have allowed the user group EVERYONE to list folder > contents at the FTP root directory( E:) . Is there any way to limit > the view of the FTP clients to just their folder. > When I removed the everyone -list folder contents from the > root,then nobody was able to log in to the FTP site. > Also is IIS Lockdown tool good for my FTP site? > Please help guys!!!
Recommended Posts