1. server application: Step-by-Step FTP server creation in IIS
As a dedicated FTP site tool, SERV-U is undoubtedly the most commonly used, but in many cases, especially the company server does not want to install such or such third-party software, after all, as the number of installed software increases, the number of vulnerabilities increases and security becomes increasingly insecure.
How can this problem be solved? In fact, careful people will find that the IIS component in Windows actually contains the function of setting up an FTP site. Only by setting up FTP in IIS can we better work closely with the system. Today, I will show you how to create an FTP server in Windows2003 + IIS6.
1.1 preparations
Since we use IIS to establish FTP, we should install this component in windows. Of course, many readers may wonder why they have installed the IIS component but find that FTP is not set up. This is because the FTP function is not integrated into IIS by default. The following describes how to complete these preparations. I completed this operation in Windows2003 + IIS6 environment.
Step 1: Go to "start-> all" in the taskbarProgram-> Control Panel-> add or delete programs "to install IIS components. (1)
Step 2: Select "Add/delete Windows Components" on the left of the add or delete programs window ". After a while, the Windows component Wizard will pop up. Select "Application Server" and click "details" in the lower right corner. (2)
TIPS: by default, all our applications, such as DHCP, DNS, and IIS, are included in the application server options.
Step 3: In the application server settings window, find "Internet Information Service (IIS)" and click "details" in the lower right corner. (3)
Step 4: by default, the FTP function component is not installed in the IIS component details, so we need to add it. Check the file transfer protocol (FTP) service and click "OK. (4)
Step 5: Confirm again and install IIS component files to the local hard disk. (5)
Step 6: During installation, an error message is displayed, indicating that the ftpctrs2.dll file cannot be copied. This file is responsible for FTP functions. (6) Place the Windows system CD to the optical drive, and point the path to the i386 directory through the Browse button. Confirm the installation and proceed. (7)
Step 7: after a short wait, the system will complete the installation of Windows Components. Click "finish. (8)
Step 8: Next, go to "start-> All Programs-> Management Tools" in the taskbar and find the Internet Information Service (IIS) manager. This is the FTP component we used to build. So far, we have completed the preparatory work for the establishment of the FTP server, and the next step will be the specific configuration work. (9)
1.2 use IIS to create an FTP server
Using IIS to create an FTP server is not very complex and easy to operate. It is similar to using IIS to create a website. The virtual directories involved are the same as the virtual directories on the website.
Step 1: Go to "start-> All Programs-> Management Tools" on the taskbar and find the Internet Information Service (IIS) manager, open the manager and you will find that there is an "ftp site" option at the bottom. We use it to create an FTP server. (10)
Step 2: By default, the FTP site has a default FTP site. We only need to put the resources in the ftproot folder in the inetpub directory under the system directory. For example, if the system is on the drive F, you only need to put the shared resources in the F: \ Inetpub \ ftproot directory. When you log on to the default FTP site, you will see the resources in the directory. (11)
Step 3: If you do not want to use the default settings or the default path, you can modify it by right-clicking "Default FTP site" and selecting "new-> FTP site ". (12)
Step 4: In the startup FTP site creation wizard, We Can Customize settings for the FTP server. Click "Next" to continue. (13)
Step 5: Set a name for the FTP site, which is set to soft FTP. (14)
Step 6: Set an available IP address for the FTP site. You can select the actual IP address. If you are not sure, you can select "all unallocated ", in this way, the system uses all valid IP addresses as the address of the FTP server. At the same time, the port number of the FTP server to open the service to the outside is also set here, the default value is 21. (15)
Step 7: Set FTP user isolation. The Chinese help information here is clearly written. If the user is not isolated, the user can access the FTP home directory of another user, if you select isolated users, users cannot access each other's directory resources. In addition, AD isolated users are mainly used to use ad in the company's network. In most cases, the company does not have ad, and users need to be isolated for security reasons, so we choose the second item "isolate users ". (16)
Step 8: select the Home Directory of the FTP site. You can modify the directory ftproot in the inetpub directory under the system directory by default. Click "Browse" on the right to set it to another directory, for example, "d: \ manuscript ". (17)
Step 9: Set the user access permissions. There are only two permissions available for us to set, namely "read" and "write". We can set them according to the actual situation. (18)
Step 10: complete all FTP site settings. Of course, if there is one or more problems during the setup process, a detailed prompt will be provided at the end of the setup wizard to help us troubleshoot the problem effectively. (19)
Step 2: Go back to Internet Information Service (IIS) manager and right-click "softe FTP" at the FTP site and choose start to enable the FTP. (20)
TIPS: If the prompt "21" appears in actual use, it indicates that port 21 of the local computer has been occupied by other services or programs. In this case, we need to modify the FTP just created, set its service port from 21 to another port not occupied by the program by right-clicking the FTP name and selecting "properties", (22) add the unused port number to the TCP port under the FTP site identifier in the FTP site tag, for example, 33. After confirming, modify the settings. (23) Right-click again and select "start" to take effect. (24)
1.3 check FTP status
After FTP is established according to the method described above, how can we check whether it works properly? It cannot be noticed in the Internet Information Service (IIS) manager. (25)
Step 1: In general, if we want to set up the established FTP, it is done through the "attribute" of the FTP site. Right-click the FTP site and choose Properties ". (26)
Step 2: In the "Security Account" tab in the FTP Properties window, we can set whether the FTP allows anonymous logon, or select the account used for anonymous logon. (27)
Step 3: Go to "start"> "run"> "Enter cmd" on another computer connected to the network to check the FTP working status. Of course, if you have other FTP client logon tools, it is more convenient to use them for detection. Enter FTP 10.91.30.45 in command line mode and press Enter. The IP address is the Server IP address used to create the FTP service. Enter the Administrator name on the computer 10.91.30.45 when the user prompt appears, and enter the password of the system administrator in the next password to log on. (28)
TIPS: of course, because the anonymous logon function is enabled on the FTP by default, you can enter anonymous in the user name and enter an email address in the password. (29)
Step 4: When we use the net user command on the FTP server to create a new account, we can also use this account to log on to the created FTP. (30)
Step 5: Enter the new account name softer and the new password 111111 at login to successfully enter the account. This indicates that the current FTP server is working normally. (31)
1.4 initial experience of management functions
After FTP is established, the default status cannot be maintained. Otherwise, what is the difference with those third-party software? Therefore, we need to effectively manage FTP resources and users.
Step 1: If you find the information displayed when you log on to the FTP server boring, you can use the "message" tab of "site attribute" to customize a welcome message and exit notice. (32)
Step 2: In the "home directory tag" of "site properties", You can reset the FTP site directory path and read and write permissions. (33)
Step 3: Also in the "Directory Security" tab of "site properties", we can set the IP address range to allow and deny access to the FTP server. (34) The operation is simple. Here we will not explain it in detail. The information of the Access Denied addresses will be clearly displayed in the address list. (35)
Step 4: What if I want to allow the Administrator account on the FTP server to access a directory that does not allow the account named softer on the server to access? In this case, you need to perform operations on the permissions. Right-click the site name and select "permission" to set the site name. (36)
TIPS: If the directory of the released FTP resource is on an NTFS file disk, you can set it through the corresponding user access permissions. If it is in another format such as FAT32, the permission cannot be set and an error message is displayed. (37)
Some readers may be confused here. Which one has set user permissions? In fact, FTP established in IIS is closely related to Windows accounts. That is to say, this FTP does not have the function of creating an independent account, after FTP is created, we can log on using the Windows system account. The FTP account and the Windows operating system account are completely consistent. This is different from the typsoft FTP and SERV-U that have previously been introduced, and the ftp access accounts created by these software are independent from Windows OS accounts.
1.5 FTP also supports virtual directories
It is common to use multiple virtual directories for IIS publishing websites. Therefore, you can also use virtual directories to create FTP under IIS, which achieves the same effect as the virtual directories of IIS websites. To create an FTP virtual directory, follow the steps described below.
Step 1: Go to "start-> All Programs-> Management Tools" on the taskbar and find the Internet Information Service (IIS) manager, open the manager and right-click on any FTP site and choose new> virtual directory ". (38)
Step 2: the "virtual directory creation wizard" is automatically opened. Click "Next" to continue. (39)
Step 3: Set a name for the created virtual directory in the virtual directory alias setting window. This name is very important. If our IP address is 10.91.30.45 and the virtual directory name is softer, enter ftp: // 10.91.30.45/softer to access the Home Directory released by the FTP virtual directory. Therefore, aliases are very important and need to be kept in mind. (40)
Step 4: Set the Home Directory of the site content in the virtual directory, and click the Browse button to find the path to be released. (41)
Step 5: Set the virtual directory access permission. (42)
Step 6: complete the virtual directory creation wizard. You can access the created FTP through FTP: // 10.91.30.45/softer virtual directory address. (43)
TIPS: Because the FTP home directory selected an NTFS disk, right-click the created virtual directory FTP site and choose "permission". The permission assignment window appears, you can grant different permissions to different users of the system based on the actual situation. (44)
Summary: In the past, IIS was a powerful tool for website publishing, and its FTP function was ignored by many people. In fact, its compatibility is very good, saving the trouble of installing third-party tools. However, iis ftp also has some disadvantages. On the one hand, its vulnerabilities still exist, just like the previous Windows Components. In terms of user account management, too much reliance on the Windows operating system's own account causes some inherent defects in the management and establishment of accounts, which is why it has never been warm.