How To Open Iis Manager In Windows Server 2003
In a previous commodity we saw that Internet Data Services 6 (IIS 6) is a powerful platform for building and hosting web sites for both the Net and corporate intranets. IIS 6 is also equally useful for setting upward FTP sites for either public or corporate utilise, and in this article we"ll walk through the process of creating and configuring FTP sites using both the GUI (IIS Manager) and scripts included in Windows Server 2003. The specific tasks we"ll walk through in this article are:
- Creating an FTP Site
- Decision-making Access to an FTP Site
- Configuring FTP Site Logging
- Stopping and Starting FTP Sites
- Implementing FTP User Isolation
For sake of interest, we"ll over again explain these tasks in the context of a fictitious company called TestCorp every bit it deploys FTP sites for both its corporate intranet and for anonymous users on the Net.
Preliminary Steps
As mentioned in the previous article, IIS is not installed past default during a standard installation of Windows Server 2003, and if you installed IIS using Manage Your Server every bit described in the previous article this installs the Www service merely non the FTP service. And then before nosotros can create FTP sites we kickoff have to install the FTP service on our IIS automobile. To practise this, nosotros need to add together an additional component to the Application Server role we assigned our machine when nosotros used Manage Your Server to install IIS.
Brainstorm by opening Add or Remove Programs in Control Console and selecting Add/Remove Windows Components. Then select the checkbox for Application Server:
Click Details and select the checkbox for Cyberspace Data Services (IIS):
Click Details and select the checkbox for File Transfer Protocol (FTP) Services.
Click OK twice and and then Next to install the FTP service. During installation you"ll need to insert your Windows Server 2003 product CD or browse to a network distribution point where the Windows Server 2003 setup files are located. Click Finish when the sorcerer is washed.
Creating an FTP Site
As with web sites, the simplest arroyo to identifying each FTP site on your machine is to assign each of them a divide IP accost, so allow"southward say that our server has three IP addresses (172.sixteen.11.210, 172.xvi.xi.211 and 172.16.11.212) assigned to it. Our offset chore volition be to create a new FTP site for the Human Resource section, but before we do that let"southward offset examine the Default FTP Site that was created when we installed the FTP service on our machine. Open IIS Managing director in Administrative Tools, select FTP Sites in the panel tree, and right-click on Default FTP Site and select Properties:
Just like the Default Web Site, the IP accost for the Default FTP Site is set to All Unassigned. This ways any IP address non specifically assigned to another FTP site on the motorcar opens the Default FTP Site instead, so correct at present opening either ftp://172.16.eleven.210, ftp://172.xvi.xi.211 or ftp://172.sixteen.11.212 in Cyberspace Explorer will brandish the contents of the Default FTP Site.
Let"s assign the IP address 172.16.11.210 for the Man Resources FTP site and brand D:\60 minutes the folder where its content is located. To create the new FTP site, right-click on the FTP Sites node and select New –> FTP Site. This starts the FTP Site Creation Magician. Click Side by side and type a description for the site:
Click Next and specify 172.16.11.210 every bit the IP address for the new site:
Click Side by side and select Do non isolate users, since this will exist a site that anyone (including guest users) will be free to access:
Click Next and specify C:\HR equally the location of the root directory for the site:
Click Next and exit the admission permissions set at Read but equally this site will only be used for downloading forms for present and prospective employees:
Click Adjacent and and then Cease to complete the sorcerer. The new Human Resources FTP site tin now be seen in IIS Manager nether the FTP Sites node:
To view the contents of this site, go to a Windows XP desktop on the same network and open the URL ftp://172.sixteen.11.210 using Internet Explorer:
Note in the status bar at the bottom of the IE window that y'all are connected as an bearding user. To view all users currently continued to the Human Resources FTP site, correct-click on the site in Internet Service Director and select Properties, so on the FTP Site tab click the Electric current Sessions button to open the FTP User Sessions dialog:
Note that bearding users using IE are displayed equally [email protected] under Connected Users.
At present let"s create another FTP site using a script instead of the GUI. Nosotros"ll create a site called Help and Support with root directory C:\Support and IP address 172.16.11.211:
Hither's the result of running the script:
The script we used here is Iisftp.vbs, which like Iisweb.vbs and Iisvdir.vbs which we discussed in the previous article is one of several IIS administration scripts available when y'all install IIS on Windows Server 2003. A full syntax for this script tin be establish here. Once you create a new FTP site using this script you can further configure the site using IIS Manager in the usual manner.
Notation: At this point you could add structure to your FTP site by creating virtual directories, and this is washed in the same way equally was described in the previous article for working with web sites.
Controlling Access to an FTP Site
Just similar for spider web sites, there are iv ways yous tin control access to FTP sites on IIS: NTFS Permissions, IIS permissions, IP accost restrictions, and hallmark method. NTFS permissions are ever your first line of defense but we can't embrace them in detail here. IIS permissions are specified on the Home Directory tab of your FTP site's backdrop sheet:
Note that access permissions for FTP sites are much simpler (Read and Write only) than they are for spider web sites, and by default just Read permission is enabled, which allows users to download files from your FTP site. If you let Write admission, users will be able to upload files to the site as well. And of course access permissions and NTFS permissions combine the aforementioned style they do for spider web sites.
Like spider web sites, IP address restrictions can exist used to allow or deny access to your site by clients that take a specific IP accost, an IP address in a range of addresses, or a specific DNS proper noun. These restrictions are configured on the Directory Security tab only as they are for web sites, and this was covered in the previous commodity and so we won't discuss them further hither.
FTP sites also take fewer authentication options than web sites, every bit can be seen by selecting the Security Accounts tab:
By default Allow anonymous connections is selected, and this is fine for public FTP sites on the Internet just for private FTP sites on a corporate intranet you may want to clear this checkbox to forestall anonymous access to your site. Clearing this box has the event that your FTP site uses Basic Authentication instead, and users who try to access the site are presented with an authentication dialog box:
Note that Basic Authentication passes user credentials over the network in clear text then this means FTP sites are inherently insecure (they don't back up Windows integrated authentication). Then if you lot're going to deploy a private FTP site on your internal network make sure you close ports 20 and 21 on your firewall to block incoming FTP traffic from external users on the Internet.
Configuring FTP Site Logging
As with web sites, the default logging format for FTP sites is the W3C Extended Log File Format, and FTP site logs are stored in folders named
%SystemRoot%\system32\LogFiles\MSFTPSVCnnnnnnnnnn
where nnnnnnnnnn is the ID number of the FTP site. And just every bit with web sites, you can utilise the Microsoft Log Parser, part of the IIS 6.0 Resource Kit Tools, to analyze these FTP site logs.
Stopping and Starting FTP Sites
If an FTP site becomes unavailable yous may need to restart information technology to go it working over again, which y'all can practice using IIS Manager past right-clicking on the FTP site and selecting Terminate and and then Start. From the command-line you can blazon net end msftpsvc followed by net start msftpsvc or apply iisreset to restart all IIS services. Remember that restarting an FTP site is a last resort as whatever users currently connected to the site will be disconnected.
Implementing FTP User Isolation
Finally, let'southward conclude by looking at how to implement the new FTP User Isolation feature of IIS in Windows Server 2003. When an FTP site uses this characteristic, each user accessing the site has an FTP home directory that is a subdirectory under the root directory for the FTP site, and from the perspective of the user their FTP domicile directory appears to be the peak-level folder of the site. This means users are prevented from viewing the files in other users' FTP dwelling directories, which has the advantage of providing security for each user'due south files.
Let's create a new FTP site called Staff that makes utilise of this new feature, using C:\Staff Folders every bit the root directory for the site and 172.16.xi.212 for the site's IP address. Starting time the FTP Site Cosmos Wizard as we did previously and step through it until yous reach the FTP User Isolation page and select the Isolate users option on this page:
Continue with the wizard and be sure to give users both Read and Write permission so they can upload and download files.
Now allow's say you have two users, Bob Smith (bsmith) and Mary Jones (mjones) who have accounts in a domain whose pre-Windows 2000 name is TESTTWO. To give these users FTP home directories on your server, first create a subfolder named \TESTTWO beneath \Staff Folders (your FTP root directory). Then create subfolders \bsmith and \mjones beneath the \Accounts folder. Your folder structure should now expect like this:
C:\Staff Folders
\TESTTWO
\bsmith
\mjones
To test FTP User Isolation permit's put a file name Bob'south Document.doc in the \bsmith subfolder and Mary's Document.doc in the \mjones subfolder. Now go to a Windows XP desktop and open Internet Explorer and endeavour to open up ftp://172.16.eleven.212, which is the URL for the Staff FTP site we simply created. When you lot exercise this an authentication dialog box appears, and if y'all're Bob then you tin can enter your username (using the DOMAIN\username course) and password similar this:
When Bob clicks the Log On button the contents of his FTP habitation directory are displayed:
Annotation that when yous create a new FTP site using FTP User Isolation, you lot tin can't convert information technology to an ordinary FTP site (1 that doesn't take FTP User Isolation enabled). Similarly, an ordinary FTP site tin't be converted to 1 using FTP User Isolation.
We all the same need to explore i more option and that'southward the third option on the FTP User Isolation page of the FTP Site Creation Wizard, namely Isolate users using Agile Directory. Since we've run out of IP addresses let's first delete the Help and Support FTP site to free upwards 172.sixteen.11.211. One style we can do this is by opening a command prompt and typing iisftp /delete "Help and Support" using the iisftp.vbs command script. So offset the FTP Site Creation Wizard again and select the third option mentioned higher up (we'll name this new site Management):
Click Next and enter an ambassador account in the domain, the password for this business relationship, and the full proper name of the domain:
Click Adjacent and confirm the password and complete the wizard in the usual way. You'll notice that you weren't prompted to specify a root directory for the new FTP site. This is because when y'all use this approach each user's FTP domicile directory is divers by ii environment variables: %ftproot% which defines the root directory and can be anywhere including a UNC path to a network share on some other motorcar such as \\test220\docs, and %ftpdir% which tin can be fix to %username% so that for example Bob Smith'southward FTP home directory would exist \\test220\docs\bsmith and this folder would have to be created beforehand for him. You could set these environs variables using a logon script and assign the script using Group Policy, but that'south beyond the scope of this nowadays article.
Summary
In this article I've explained how to create and configure FTP sites in various means on IIS 6. With the exception of FTP User Isolation, everything we've covered here also applies to IIS 5 on Windows 2000. If you desire to larn more than almost IIS 6 and its capabilities, see my book IIS six Assistants (Osborne/McGraw-Hill).
Source: https://techgenix.com/Creating-Configuring-FTP/
Posted by: ortiztaide1983.blogspot.com
0 Response to "How To Open Iis Manager In Windows Server 2003"
Post a Comment