Pages

Thursday, January 12, 2012

CONFIGURING FTP IN ISOLATION MODE (IIS6)

1. Installing IIS6 FTP on Windows Server 2003:

If using the new style Start menu: Click on “Start”, “Control Panel”, “Add or Remove Programs” and select the “Add/Remove Windows Components” tab on the left-hand side.

If using the "Classic" style Start menu: Click on “Start”, “Settings”, “Control Panel”, “Add or Remove Programs” and select the “Add/Remove Windows Components” tab on the left-hand side.

In the “Windows Components Wizard”, highlight the “Application Server” and press the “Details” button. The screen below will be displayed (Fig 1).
Figure 1
Figure 1 - The Application Server Screen
Highlight the “Internet Information Services (IIS)” option and press “Details” (as shown in Fig 1 above).
Figure 2
Figure 2 - The Internet Information Services (IIS) Screen
On the next screen (Fig 2 above) we highlight “File Transfer Protocol (FTP) Service”.
Click “OK” to close each window and “Next” to install the newly-selected components. You will be asked to insert your Windows Server 2003 disk. Click “Finish” once the installation is complete.
You have now installed the FTP service.
 
 

 
 
Figure 3
Figure 3 - Setting up your FTP Root Directory
2. The FTP Root Directory

In order to use FTP in "Isolation" mode, we need to construct the FTP Root so that users are "Dropped" into their correct home directory.

The structure illustrated above contains two subdirectories, "localuser" and my domain "simongibson" which contain home directories for each user. These user sub-directories must match their respective username exactly. If not, the user will not be able to log onto your FTP server.

Create the directory structure above to match your configuration. The "FTPRoot" directory can be placed anywhere on your system.
 
 

 
 
Figure 4
Figure 4 - Where to find the IIS Manager
3. Where to find the IIS Manager:

If you are using the new style Start menu, you can reach the Internet Information Services console by clicking “Start”, “Administrative Tools” and selecting “Internet Information Services (IIS) Manager” from the list in figure 4 above.
If you are using the “Classic” style Start Menu, you can reach the console by clicking “Start”, “Programs”, “Administrative Tools” and select “Internet Information Services (IIS) Manager” from the list in figure 4 above.
 
 

 
 
Figure 5
Figure 5 - Removing the Default FTP Site in IIS 6
4. Removing the Default FTP Site in IIS 6:

The first task is to remove (delete) the Default FTP Site. This site does not use Isolation and matches IIS5 FTP sites in terms of functionality and security. As we are going to use Isolation, we will need to create a fresh FTP site.

Simply right-click on the Default FTP Site and press "Delete" in the menu that appears.
 
 

 
 
Figure 6
Figure 6 - Creating a fresh FTP Site in IIS.
5. Creating a fresh FTP site:

To create a new FTP site, simply right-click on "FTP Sites" and select "New" and "FTP Site...". Then, press "Next" to begin the FTP Site Creation Wizard.
 
 

 
 
Figure 7
Figure 7 - FTP Site Creation Wizard: FTP Site Description
6. FTP Site Creation Wizard: FTP Site Description

This is the name that will appear in the "FTP Sites" list in IIS. I'm going to use my imagination and call this site "FTP".

Click Next.
 
 

 
 
Figure 8
Figure 8 - FTP Site Creation Wizard: IP Address and Port Settings
7. FTP Site Creation Wizard: IP Address and Port Settings

Simply select your server's IP address from the list (this is usually the only one listed).

You can also change the TCP Port if required but this is not recommended.

Click Next.
 
 

 
 
Figure 9
Figure 9 - FTP Site Creation Wizard: FTP User Isolation
8. FTP Site Creation Wizard: FTP User Isolation

This screen allows you to choose the type of Isolation you want to use:-

"Do not isolate users"
Although this option allows users to be "dropped" into their own home directory (if one exists under the FTP root that exactly matches their username), it's NOT able to stop them moving up out of their directory and into those belonging to other users.

"Isolate users"
This option Isolates users based on the directory structure under the FTP root directory (see Step 2). This is the easiest of the two Isolation methods and the method we will use in this tutorial.

"Isolate users using Active Directory"
This option Isolates users by getting their "FTP Home Directory" from the Active Directory. The advantage of this is that new users can be added without the need to modify your FTP site. However, the "FTP Home Directory" can not be entered using the Active Directory snap in and must be configured from the command line by using a VBScript utility.

As shown in Figure 9 above, select "Isolate Users" and press "Next".
 
 

 
 
Figure 10
Figure 10 - FTP Site Creation Wizard: FTP Site Content Directory
9. FTP Site Creation Wizard: FTP Site Content Directory

This step defines the FTP Root directory. Select the FTP Root directory you created in Step 2 (Figure 3).
 
 

 
 
Figure 11
Figure 11 - FTP Site Creation Wizard: FTP Site Access Permissions
10. FTP Site Creation Wizard: FTP Site Access Permissions

This step allows you to define read or write access for your FTP site. In this case, I intend to allow files to be uploaded so I've ticked the "Write" box.

Click Next then click Finish to complete the Wizard.

Your FTP Site is now ready for use. To test it, simply open Internet Explorer and enter the URL ftp://192.168.0.1 (or your Server's IP address if different). You should then log in and be automatically "Dropped" into your home directory.

No comments: