| FTP is one of several utilities bundled within TCP/IP, and it is an accepted means to transfer files to and from remote computers. Unlike previous IIS versions of FTP, the service includes FTP user isolation and isn't installed by default with IIS. To install FTP, perform the following steps: 1. | Double-click Add or Remove Programs within the Control Panel.
| 2. | In the Add or Remove Programs dialog box, click Add/Remove Windows Components.
| 3. | Within the Windows Components Wizard, scroll down and then highlight Application Server.
| | | 4. | Click Details, and then in the Application Server window, shown in Figure 11.12, highlight IIS.
Figure 11.12. IIS Web application server settings. 
| 5. | Click Details again and then select File Transfer Protocol (FTP) Service.
| 6. | Click OK twice.
| 7. | Click Next and wait for Windows Server 2003 to install FTP.
| 8. | Click Finish when you're done.
|
Isolating FTP Users for Content Protection IIS now can isolate FTP users so that FTP content is protected. This is an especially useful feature for ISPs and ASPs servicing a large number of users. Each FTP user can have his own separate directory in which to upload and download files to the Web or FTP server. As users connect, they see only their directory as the top-level directory and can't browse other FTP directories. Permissions can be set on the FTP home directory to allow create, modify, or delete operations. FTP user isolation is based on an FTP site rather than at the server level and is either enabled or disabled. However, sites that need to enable FTP user isolation aren't forced to strictly use this feature. You can enable anonymous access in conjunction with FTP user isolation by creating a virtual directory within the FTP site and allowing read-only access. The only limitation to mixing the FTP user isolation and anonymous access is that information can be downloaded only from the public or read-only virtual directory. Note FTP user isolation and Active Directory can be used together where an AD container (not the entire AD) can be used to authenticate users and isolate them from other FTP directories. In this scenario, it is extremely important to thoroughly lock down the FTP server and communications. For example, it is recommended to use either IPSec or SSL to secure communications when using AD and FTP user isolation. FTP user isolation is enabled during the creation of the FTP site. When you reach the user isolation page, select Isolate Users and follow the remaining prompts. You'll notice a warning message stating that after isolation is enabled, you can't switch the site to non-isolation.
Creating an FTP Site By default, the Default FTP Site is created and enabled. However, to create a new FTP site (in addition to the Default FTP Site), do the following: | | 1. | Right-click on the FTP Sites folder and select New, FTP Site. You can also select FTP Site (From File) if you have an XML file for an FTP site creation.
| 2. | In the FTP Site Creation Wizard, click Next and then provide a description for the FTP site. Click Next to continue.
| 3. | Set the IP address and port for FTP to use. By default, FTP uses port 21. Click Next to continue.
| 4. | In the next window, select the appropriate FTP user isolation setting. You can choose from not isolating users, isolating users with local accounts on the Web server, or isolating users using Active Directory. Click Next to continue.
Note FTP user isolation settings can't be changed after initial configuration. | 5. | Specify the path to the FTP home directory and then click Next.
| 6. | Set permissions to the FTP site (read or write access) and click Next to continue.
| 7. | Click Finish.
|
FTP Properties Page As you can see in Figure 11.13 and Figure 11.14, you can access two separate properties pages for FTP. The first properties page appears after you right-click the FTP Sites folder. The second properties page is for a specific FTP site. Figure 11.13. FTP Sites Properties page. 
Figure 11.14. FTP configuration settings. 
The FTP Sites folder properties page is used to configure global properties for FTP sites. If multiple FTP sites are created, these settings will be the default configurations for the sites. Within the FTP Sites folder properties are the following configuration tabs: FTP Site tab This configuration tab has limited functionality. FTP site connections and logging configuration parameters can be set here. Security Accounts tab This tab allows you to configure authentication with anonymous accounts and user accounts. Unchecking the default Allow Anonymous Connections option, as shown in Figure 11.15, brings up a warning window stating that passwords may be vulnerable while transmitting across a network unless encryption or SSL is used. Selecting Yes allows you to continue. However, you can't set up the accounts, encryption, or SSL from this tab. Messages tab FTP messages can be displayed as users connect or disconnect from the FTP site. From a security perspective, your organization may require a warning message such as Use of this FTP Site is by permission only. All uploads and downloads must adhere to the data transmission policies of Company ABC. In addition, messages can be displayed when a user can't connect because of a maximum user limitation such as You have been disconnected because a maximum user limit has been reached. Please try again later. Messages are not required; they are intended to help the users of the FTP site. Home Directory tab Similar to the Web Site Home Directory tab, the FTP Home Directory tab can be used to set permissions on the FTP site directory. The style of the directory listing (either Unix or MS-DOS) can be set. The MS-DOS setting is the default. Directory Security tab Under this tab, TCP/IP access restrictions can be set based on the IP address. IP addresses or groups of IP addresses can be granted or denied access to the FTP directories.
Figure 11.15. Security Accounts configuration tab. 
The differences between the FTP Sites folder properties and a specific Web site are minimal. The following tabs in the FTP site properties are different: FTP Site tab The difference with this tab is your ability to set descriptions and define an IP address and port for the site. Home Directory tab This tab allows you to set the location for FTP content.
|
