Chapter 3: The FTP Service

File Transfer Protocol (FTP) is a service that Internet Information Services (IIS) 6 offers with Windows Server 2003 (WS03). A number of FTP features enable the administrator to configure multiple FTP sites on a server and define the web user's interaction with the service. Administration may be performed by using the Microsoft Management Console (MMC) snap-in for IIS or by using a script.

Managing the FTP Service

The Computer Management MMC snap-in is a good choice for administering the FTP service in WS03, because it offers many other snap-ins useful for performing other WS03 administrative tasks in addition to administering IIS. A VBScript named iisftp.vbs is also provided with IIS, which offers command-line control over the FTP services.

Computer Management should be used by administrators who are accustomed to using the MMC for managing their Windows servers. The Computer Management snap-in may be used to administer a server remotely since it can run on a workstation and connect to the server that needs to be administered.

The iisftp.vbs script provides nearly the same functionality to the administrator as the IIS mode of the Computer Management MMC snap-in, including the ability to manage a host remotely. The iisftp script allows the administrator to automate tasks via the script or in conjunction with other scripts. The script may be used to make programmatic manipulations of the FTP server based on scripted logic and may be launched from the scheduler or user interaction.

Let's get started with the Computer Management MMC snap-in:

  1. From the Start menu, choose All Programs | Administrative Tools | Computer Management.

  2. Click the Services And Applications icon.

  3. Click the Internet Information Services (IIS) Manager, and then click the folder icon labeled FTP Sites.

  4. If the FTP Sites folder does not appear in the MMC, then the FTP service probably hasn't been installed. Installing the FTP services is required as a deliberate undertaking, as it is not a default selection while installing IIS on WS03. To add FTP services, first open the Control Panel.

  5. Choose the Add And Remove Programs applet in the Control Panel.

  6. Choose Add And Remove Windows Components from the left side of the Add And Remove Programs applet. The Windows Component Wizard will start.

  7. Select Application Server in the list of Components in the Windows Component Wizard. Then click the Details button.

  8. In the Application Server window, select Internet Information Services from the list of Subcomponents Of Application Server. Then click the Details button.

  9. In the Internet Information Services window, File Transport Protocol (FTP) Service will appear as a selection in the list of Subcomponents Of Internet Information Services. Click this selection to install FTP Services.

You can expand all related icons for the nodes of interest in the MMC to expose the hierarchical relationship of the services and the instances of site configurations. Once the FTP service is installed, you can expand the FTP Sites node to reveal the FTP sites created on the host. Click on any of the FTP site nodes (if any exist) and you will see virtual directories for the respective FTP site, if any exist. When the FTP services are initially installed, a default FTP site named Default FTP Site is created for you.

To use the iisvbs.vbs script, open a command window by choosing Start | Run, type CMD, and click OK. Run the iisvbs script in the command window that opened. If you run the iisftp.vbs script directly from the Run window, the command window will open, execute the command, and close when it is completed, thereby offering no feedback as to the success or failure of the usage. Opening the command window first and entering the iisvbs command will enable the script to print feedback of the execution status to the command window. It will remain open after execution is complete so that you can see the execution feedback.

In the command window, type iisftp along with the switches and arguments that follow the name of the script and define what the script should do. Because the iisftp.vbs script file resides under the \Windows\System32\ directory, the PATH variable set for the server covers that location, so you don't need to type the full path to the script. To obtain help on iisftp, the expected switches, their arguments, and what they cause iisftp to do, run iisftp along with the switch and argument, /?, as shown next. The script, iisftp, will display help in the command window and define the script's switches, expected arguments for the switch, and what they cause the iisftp script to do.

iisftp /?

start sidebar
Windows Script Host Background

Windows Script Host (WSH) is the software on a Windows operating system that processes scripts. Scripts may be executed to produce output that is written to pop-up dialog windows or to command windows. The WSH executable that processes a script using a windowed output is called Wscript.exe. The WSH executable that processes a script using a command window output is called Cscript.exe. Windows will use either Wscript.exe or Cscript.exe as the default WSH executable for processing scripts. The default may be changed at any time using the following command syntax:

<WSH script executable> //h: <WSH script executable>

For example, to set WSH to use command windows as the default script executable, run the following command:

CScript //h: CScript 

Some scripts require the use of one script executable versus the other. For the administrator, the CScript executable is the likely preferred choice. For the iisftp script, however, the use of the CScript is a requirement. As a result, if the WS03 server is set to use Wscript by default, a dialog box may appear when iisftp is run for the first time, which indicates that the script cannot be run using WScript and that it requires CScript. A second dialog box will appear after the first is closed, offering to change the default setting of the WS03 server to use CScript as the default. If you click the Yes button, the CScript executable will be set as the default WSH executable and the iisftp script will run the next time CScript is run.

end sidebar

Viewing FTP Service Status

In MMC Detail view, as shown in Figure 3-1, the right pane displays detailed information about the item selected in the left pane. List view, the default view setting, shows only icons and names representing the items subordinate to the selected node in the left pane of Computer Management.

click to expand
Figure 3-1: MMC, showing details of FTP Sites node

Here's how to change the view setting: Right-click the right pane to open the context menu. Then choose View | Detail, and the right pane should change to show more details about the subordinate entities to the selected node in the left pane.

If, for example, the node for FTP Sites is selected in the left pane, as shown in Figure 3-1, the right pane will display all the FTP sites that are created on the host, plus the following information:

  • Description Name of the FTP instance

  • Identifier The ID number assigned to the FTP instance by IIS

  • State If the site is running, whether it's stopped or paused

  • IP Address IP address assigned to the FTP instance

  • Port Port of the FTP instance

  • Status Information about the configuration of the FTP instance

The iisftp script provides a query function that will offer output similar to that offered by clicking the FTP Sites node and viewing the right pane of the MMC in Detail view. Run the iisftp script with the following syntax to determine the status of the FTP sites:

iisftp /query

The resulting output from this command for the server shown in Figure 3-1 is shown in Figure 3-2. A tabular listing appears in the command window for all the FTP sites configured on the host. A description of each site is provided, along with the IIS ID number, status, assigned IP address, and the port for each respective FTP site instance.

click to expand
Figure 3-2: Results of iisftp script querying the local host

Starting and Stopping FTP Sites

FTP sites are identified by 'earth-globe' icons under the FTP Sites folder icon in the MMC. As shown in Figure 3-1, the FTP sites named Default FTP Site, FTP away, and odd have these earth-globe icons. If the FTP site is not running, the icon displays a small, red 'x-globe' on the earth-globe icon as seen with the FTP site named FTP away in Figure 3-1. You can start, stop, or pause FTP sites by right-clicking the site node in the MMC, and then choosing Start, Stop, or Pause to perform the respective action to the FTP site selected.

Starting an FTP site enables the server to respond to requests to log in, access resources, or place resources. If the FTP instance is stopped, it will refuse any request for a connection, which means that any user requesting to open a session with the FTP server will not be allowed to log in and the server will not respond with any message. If users are currently logged in and engaged in uploading or downloading files and the site is stopped, all transactions will cease immediately.

Selecting Pause, on the other hand, will acknowledge a connection when a user attempts to connect, but the connection will immediately be closed before the user can log in. If Pause is selected while users are connected, transactions will be allowed to complete and users logged in will be able to engage in new transactions, but users requesting access to the site will not be allowed access to the server.

You can also use the iisftp script to start, pause, and stop an instance of an FTP site, using the respective /start, /pause, or /stop switch. For example, to start the FTP site named default FTP site, the following command can be used, and the script will return a message indicating a successful start or indicating the nature of the failure:

iisftp /start "default ftp site"

Current Sessions

In an FTP site's User Sessions window, which can be accessed from the MMC, you can determine who is logged in and manage existing sessions. Here's how to access the window that provides session maintenance:

  1. Open the properties for a given FTP site by right-clicking the FTP site node in the MMC and choose Properties.

  2. In the Properties window, choose the FTP Site tab.

  3. Click the Current Sessions button near the lower-left corner of the window to open the FTP User Sessions window, where all current connections are displayed.

  4. In this window, the administrator can disconnect a selected user or all of the users, as shown in Figure 3-3. This window can remain open indefinitely, and clicking the Refresh button will cause the MMC to update the current users displayed and the time that they have been connected.

    click to expand
    Figure 3-3: FTP User Sessions window, showing a few active sessions

    Note 

    The iisftp script offers no capability to manage current sessions. All the administration of current sessions must be handled through the MMC.

Managing FTP Site Contents Using the MMC

If the node for an FTP site is selected in the left pane of the MMC, the right pane will display virtual FTP sites, if any have been configured. The files or contents of the selected FTP site are not displayed in the right pane (even though this might be expected, since this is the native functionality found with a web site node in the MMC).

An administrator can examine and manage the contents of a given FTP site instance within the MMC using a number of the following functions:

  • Explore Displays files in the MMC right pane, similar to how Windows Explorer would display the files

  • Open Opens an instance of Windows Explorer at the physical file path

  • Permissions Opens the Windows File Permissions dialog box

  • Browse Displays files in the right pane of the MMC as the respective service would display

  • Export List Saves a list of filenames, pathnames, and their respective status to a text file

These functions are all accessible in the MMC by right-clicking the FTP site or a node subordinate to an FTP in the left pane of the MMC. In the context-sensitive menu that appears, the first four commands manage the content of the FTP site. The Export List command is not grouped with the other commands and resides further down the menu.

Note 

The preceding list is not a comprehensive list of commands within the context-sensitive menu. The menu also offers other commands that aid in the administration of IIS FTP.

Explore and Browse

The Explore and Browse commands of the MMC let you view and manage content. The Explore command causes the MMC to act as a proxy to the Windows Explorer. Files in the selected FTP site node are displayed using the display properties for the currently logged on user's Explorer settings. In addition, file attribute data indicates whether the file is archived or read-only. The display of content using this command is similar to the display the user sees when viewing contents in Windows Explorer.

The Browse command differs from the Explore command in that it displays the contents in the context of the IIS service permissions and configurations that apply to the selected node. In the case of FTP, file information is provided based on the attributes that FTP uses, such as filename, type, and modified date. Windows security or attribute information is not provided when the files are displayed using the Browse command, as they would be when using the Explore command. If a given FTP site does not allow anonymous access, the credentials for accessing the site may be requested when the Browse command is selected.

Open

The Open command extends the Explore command slightly so that an instance of Windows Explorer is opened for the physical file location on the server for the selected node.

Permissions

When a user logs in to an FTP site, he or she either authenticates as anonymous or uses a specific login name and password. Access to a given resource on the FTP server is dictated by the FTP service in conjunction with the Windows file permissions. If an FTP site allows anonymous access, a user will access resource under the credentials of a Windows account assigned as the surrogate user for anonymous users. If a user accesses an FTP site under specific domain, login, and password credentials, the server will verify these credentials against the indicated domain and enforce access based on the settings for the user's credentials and the Windows file permissions.

The FTP service does provide some access control, given that users can be allowed read or write privileges. Windows security operates as a subordinate system to the FTP service; the most restrictive policies of each are enforced if conflicting settings are encountered.

Export List

The Export List command saves a list of FTP sites or virtual directories at the currently select node into a tab-delimited text file. You can export a list from the FTP Sites node or from a given FTP site node or virtual directory node. The fields of the export file correlate to the view for the selected node in the right pane of the MMC. For example, in the case of a virtual directory, the fields are as follows:

  • Name Name of the file or virtual directory

  • Path Physical path of the file or virtual directory

  • Status Status of the file or virtual directory (for example, error message related to virtual directory)

Choosing the Export List command on the FTP Sites node will list all the FTP sites on the host. The following example shows the output for the FTP Sites node on a server:

Description   Identifier   State   IP address   Port   Status Default FTP Site (Stopped)   1   Stopped   * All Unassigned *   21 ftp away (Stopped)   7545646   Stopped   * All Unassigned *   21 odd (Stopped)   812816   Stopped   * All Unassigned *   22 doc site   984253357   Running   * All Unassigned *   21

The Export List file will not list files or content located in a subdirectory of the physical path of the FTP site or virtual directory. This feature offers an administrator a means for documenting the contents of a system and communicating the content to others via e-mail or printed hard copy.

Refresh

Whenever the status of a given FTP site changes, the MMC may not reflect the exact status of the host. If sites are being changed or added via a script or other programmatic means, the view may not reflect the most accurate information and should be refreshed. In this case, you can refresh the Detail view by right-clicking the right pane and selecting the Refresh command. The host's status will be queried when the Refresh command is invoked to make sure that the view in the right pane is valid.




IIS 6(c) The Complete Reference
IIS 6: The Complete Reference
ISBN: 0072224959
EAN: 2147483647
Year: 2005
Pages: 193

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net