FTP7.5 server configuration and IIS cooperation

Several key points of FTP7.5 server configuration and management of user authorization with IIS and support of Chinese rules. There are many articles on FTP7.5 installation and configuration, but they do not explain several important links, the following are some of my configuration experiences (the configuration has been successfully completed through the experiment ):
 
1. When installing the FTP service, you must install the IIS Management Service and FTP extension. Otherwise, authorization with IIS management users may fail.
 
2. It is very important to enable FTP to support uploading of Chinese directories and naming rules for file names (downloading is supported by default ):
 
In the advanced settings of the FTP site attribute, you must change the default value of TRUE to FALSE to allow UTF8, which indicates whether UTF8 activity and UTF8 file name naming rules are allowed, my understanding is that during client download, the client program will parse the downloaded file name encoding, so there will be no garbled characters in the downloaded file name, And the uploaded file will be parsed by the file encoding processing module on the server, setting FALSE is ambiguous, but the effect is the same as the OPTS UTF8 command configured on the SERV-U server.
 
Iii. Real-time level of FTP service permission rules:
 
1. FTP site authorization rules (belong to the FTP service process level), which can be accessed when the rules exist (IIS and FTPSVR services do not need to be restarted after the rules are established)
 
2. IIS manager permission (the file directory permission corresponding to the site (implicit). The FTPSVR service must be restarted for user permission and rejection. It is estimated that the permission of the file system is a problem)
 
3. For IIS manager users (IIS user pool management) to disable, enable, or delete existing users, the FTPSVR service must be restarted to change the overall rule.
 
Therefore, in this order, when users access FTP are enabled, they are enabled in order of 3-2-1. If users are rejected or deleted, they must be configured in the order of 1-2-3, in order to effectively ensure the security of the overall FTP service rules, we hope that the IIS development team will be able to strengthen this aspect in the future.
 
4. If you do not want to restart the FTPSVR service after the password of the IIS administrator is changed, you must use the new password to log on before the old password becomes invalid. You are confused about the processing mechanism of IIS user authorization.
 
Appendix: Description of the CONFIG directory and file permissions under the INETSVR directory
 
Because the IISmanagerauth user authentication module used by FTPSVR is a COM component running, the handle process is network service. You must have the read permission on the preceding directory and the two configuration files under it. After the ftpsvr service is configured, the following statement must be executed:
 
CACLS "% SystemDrive % \ Windows \ System32 \ inetsrv \ config"/G "Network Service": R/E
CACLS "% SystemDrive % \ Windows \ System32 \ inetsrv \ config \ administration. config"/G "Network Service": R/E
CACLS "% SystemDrive % \ Windows \ System32 \ inetsrv \ config \ redirection. config"/G "Network Service": R/E
 
The FTP file directory mentioned on the Internet requires full permissions on the network service. After the experiment, you do not need to add permissions. It may be that the IIS manager permission has granted the implicit access permission to the IIS administrator, this is somewhat like the effect of application pool user permissions. In addition, after an FTP user account is created, users in the IIS Management User pool can still log on to FTP after being deleted. This is because the service has not been restarted, it depends on the real-time performance of the rules I mentioned above, so it is best to keep users.
 
From fengxin