You are on page 1of 3

Configure FTP Server Authentication (IIS 6.

0)
Internet Information Services (IIS) supports the following File Transfer
Protocol (FTP) authentication methods:

• Anonymous FTP
authentication
• Basic FTP authentication

Available authentication settings must be set at the site level for FTP sites.
FTP service is not enabled by default in IIS 6.0.

Important
If you change the security settings for your FTP site or virtual directory, your
Web server prompts you for permission to reset the security settings for the
child nodes of that site or directory. If you choose to accept these settings,
the child nodes inherit the security settings from the parent site or directory.
Requirements

• Credentials: Membership in the Administrators group on the local computer.


• Tools: Iis.msc.

Recommendation

As a security best practice, log on to your computer using an account that is


not in the Administrators group, and then use the Run as command to run
IIS Manager as an administrator. At the command prompt, type runas
/user:administrative_accountname mmc
%systemroot%\system32\inetsrv\iis.msc.

Procedures
Enable Anonymous FTP Authentication

If you select Anonymous FTP authentication to secure FTP resources, all


requests for that resource are accepted without prompting the user for a user
name or password. For Anonymous authentication, IIS automatically creates
a Windows user account called IUSR_computername, where computername
is the name of the server on which IIS is running. If you have both
Anonymous FTP authentication and Basic FTP authentication enabled, IIS
tries to use the Anonymous FTP authentication user account first.

To enable the Anonymous FTP authentication method

1. In IIS Manager, right-click the FTP site, directory, virtual directory, or file
you want to configure, and click Properties.
2. Click the Security Accounts tab.
3. Select the Allow anonymous connections check box.
4. To allow your users to gain access by Anonymous authentication only,
select the Allow only anonymous connections check box.
5. In the User name and Password boxes, enter the Anonymous logon
user name and password you want to use, and then click OK
The user name is the name of the anonymous user account, which is
typically designated as IUSR_computername.
Note If the default IUSR_computername account will not be used for
Anonymous FTP authentication, you must create a Windows user account
appropriate for the authentication method. For more information about
creating a new user account, see the procedure Create a Service Account
in this section.
6. Set the appropriate NTFS permissions for the anonymous account.
7. For more information about setting NTFS permissions, see the procedure
Configure NTFS Permissions earlier in this appendix.

Enable Basic FTP Authentication

If you select the Basic FTP authentication method to secure your FTP
resources, users must log on with a user name and password corresponding
to a valid Windows user account. If the FTP server cannot verify a user's
identity, the server returns an error message. Basic FTP authentication
provides only low security because the user transmits the user name and
password across the network in an unencrypted form.

To enable the Basic FTP authentication method

1. Create a Windows user account appropriate for the authentication


method. If appropriate, add the account to a Windows user group.
For more information about creating a new user account, see the
procedure Create a Service Account earlier in this appendix.
2. Configure NTFS permissions for the directory or file for which you want to
control access.
For more information about setting NTFS permissions, see the procedure
Configure NTFS Permissions earlier in this appendix.
3. In IIS Manager, right-click the FTP site, directory, virtual directory, or file
you want to configure, and click Properties.
4. Click the Security Accounts tab.
5. Clear the Allow anonymous connections check box, and then click OK.