FTP IP permissions

[Krash878]

Hello,


I set up a FTP site on our server. I went to the folder that I designated for FTP and built permissions. I built a user group called FTP that only has access to the FTP site.

Right now it works.

My boss would like to have me enable an IP filter along with the User Name and password. In the IIS properties page is a tab that says security with an enable option and add option for IP addresses. The problem is that it is all grayed out and can not be used. How can I get around this?

Krash

 

[GlenJohnson]

Are you signed in with admin rites? Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.

 

[Krash878]

Yes, I am signed on as Administrator.

Krash

 

[Krash878]

It is the directory Security tab.

I want to deny all ips except the ones listed


Krash

 

[GlenJohnson]

Go to your tcp/ip settings, go to advanced, go to options, and there is a setting for TCP/IP filtering. You can DENY ALL or PERMIT ONLY. Would this work for you, or would it be to strict? Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.

 

[Krash878]

I think that is going to be too strict. I just need to filter for the FTP site.


When you go to Administrative tools, Internet Services Manager, and then to the default FTP Site and check the properties you will see the tabs

FTP Site/Security Accounts/Messages/Home Directory/Directory Security

In the Directory Security is the options that I want to use.

Also none rights that I assigned in the Shared folders properties show up here in Security Accounts.

Thanks

Krash

 

[yesti]

you have to specify the 'ftp' user you created in the 'security accounts' 'username' box. or else you think you are using your 'ftp' user you created, but it is probably IUSR_Machinename. when users login as anonymous, the account you specify will be used (and permissions you gave that account). it is probably best to use anonymous access unless you are on an encrypted line because passwords are sent clear text for user accounts.

about the directory security, that is interesting. i have access to that tab using a domain admin account over terminal services. but you said you are logged into the console as administrator so that should give you access. sorry can't help with that.

 

[Krash878]

Does it matter if the FTP site is on a workstation and not a domain. The workstation is part of a domain but is not the domain controller.

I just rebuilt it on our domain and all of the options were there. I just can not get them to work on any workstation that is part of a domain.

I set up a workstation off of the domain as part of a workgroup and it worked the right way there.

So does it matter if the site is not on the domain machine or not?

Krash

 

[yesti]

It should not matter. Our ftp server is on the domain. It is a bad idea to have your ftp server double as a domain controller as if the ftp service is compromised the machine may be open season.

Were there any event logs generated by the ftp service, or iis?

 

[Krash878]

No,

It just will not let me click on the options. They are greyed out.

Krash