wrote:

>I have Windows 2000 Server SP4 rus
>and when I am set NTFS permissions to folder on my ftp for some group
>for example FTP_USERS it's dont't work, but if I'm add a user from the group
>and set NTFS permissions only to him
>rules is work (Users Are added to other group too)

"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:40ef81e5.90446595@msnews.microsoft.com...
> On Fri, 25 Jun 2004 16:38:55 -0700, "mmac" <no@thanks.com> wrote:
>
> >It seems like MY bank works that way! Although I don't think they volunteer,
> >I think they are forced to be there!
> >
> >If I understand the FTP articles correctly, I can only have one user logon
> >that would connect them directly to their folder. How would I have fred,
> >barney and wilma be able to automatically connect to the same directory? . .
> >. .or is it only the VIRTUAL directory that had to match the username...
> >Hmmm.... I just thought about that.
>
> Each user has a virtual folder that points to the same physical
> folder. So Joe would have a home directory like c:\ftphomes\joe and
> Mary would have a home directory like c:\ftphomes\mary, but both would
> have a virtual foldet that pointed to c:\allusers or wherever you want
> the shared data.
>
> In W2K see:
>
> HOW TO: Create a Virtual Directory in Internet Information Services
> (IIS)
> http://support.microsoft.com/?id=172138
>
> Jeff
>
>
> >Is FTP as secure as anything else on the web? I see in my logs lots of
> >attempts to enter the FTP site, mostly from odd names like DATA, WWW, WEB,
> >SYSTEM etc.
> >
> >"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
> >news:40e871c7.20789583@msnews.microsoft.com...
> >> On Fri, 25 Jun 2004 09:40:51 -0700, "mmac" <no@thanks.com> wrote:
> >>
> >> >Good point, I'm not trying to set up a banking site.
> >>
> >> Some bank. Operating with one voluneter working one day a week...
> >>
> >> >I just mean that each
> >> >user should be restricted to his own space, but that it would be possible
> >to
> >> >set it up so that multiple users able to access the same directories but
> >no
> >> >others. I can't do that with win2k without having them all use the same
> >> >logon/password.
> >>
> >> Sure you can. Use virtual folders and the proper NTFS permissions.
> >>
> >> > Web editing apps like Dreamweaver and HomeSite etc would be able to edit
> >> >thier web sites using FTP.
> >> > And that the outside world would have a harder time breaking in than I
> >> >believe is the case now under win2k.
> >>
> >> Not sure I follow that...
> >>
> >> > I have 2k3 available but havent updated yet. working one day a week
> >means
> >> >that I have to plan this out so I can get done by the time to go to work
> >the
> >> >next day!
> >>
> >> Server 2003 has a user isolation mode that helps, but you'll still
> >> need to use virtual folders to point two users to the same physical
> >> folder. Might start with:
> >>
> >> HOW TO: Set Up an FTP Server in Windows Server 2003
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;323384
> >>
> >> How To Set Up an FTP Site So That Users Log Onto Their Folders:
> >> http://support.microsoft.com/default.aspx?scid=kb;EN-US;201771
> >>
> >> HOW TO: Create a Secure FTP Directory that Uses Password
> >> Authentication:
> >> http://support.microsoft.com/?id=239120
> >>
> >> Jeff
> >>
> >>
> >> >"Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
> >> >news:OK%23xJmkWEHA.1756@TK2MSFTNGP12.phx.gbl...
> >> >> "mmac" <mmac@junkmail.bin> wrote in message
> >> >> news:exLiCgkWEHA.2852@TK2MSFTNGP12.phx.gbl...
> >> >> > I would like to impliment a secure FTP drop for my web clients.
> >> >> > I believe that I can't do this with win2k/2k3 (am I wrong?)
> >> >> > What is the best option for me that would take the simpliest route
> >and
> >> >> cause me
> >> >> > no issues?
> >> >> > I am the sole volunteer and I can only give one day a week so I would
> >> >like
> >> >> this
> >> >> > top be as simple as possible.
> >> >>
> >> >> Perhaps we should start by having you describe what it is that you mean
> >by
> >> >> "secure"? Do you mean that each user will be unable to access files
> >that
> >> >he
> >> >> or she shouldn't acess? Do you mean that the users should be unaware
> >of
> >> >> each others' presence? Do you mean that all traffic should be
> >encrypted?
> >> >> What are you looking for, in terms of security?
> >> >>
> >> >> Alun.
> >> >> ~~~~
> >> >>
> >> >>
> >> >
> >>
> >
>

""Alun Jones [MSFT]"" <alunj@online.microsoft.com> wrote in message
news:U0ZhdCTXEHA.2272@cpmsftngxa10.phx.gbl...
> > From: "mmac" <mmac@junkmail.bin>
> >
> > OK that makes sense.
> > I'll give it a go.
> > So I am also hearing in this thread that secure FTP isn't really
> necessary for
> > my application? It's meant more for encryption than anything else?
>
> Like I said, it really depends on what you mean by "secure FTP".
>
> To some people, FTP as described by the basic standards document is not
> secure, because it doesn't encrypt usernames and passwords. In practice,
> you're not going to find many people that have the ability to make good on
> that, because it means they must somehow put themselves, and their
> monitoring machines, on the network path between your server and your
> client. [Either by intercepting the current path, or by changing your
path
> to go to them first] This is about as likely, in the average case, as a
> telephone wiretap - and you use the phone all the time without scrambling
> technology.
>
> To others, the only security they need is the knowledge that the user name
> and password are required by the server in order to log on, and that users
> so authenticated are kept to the right places. Basic FTP provides that.
>
> But there are standards for providing encryption and authentication
through
> other mechanisms (such as SSL) that are supported by a number of third
> party clients and servers - you can even get proxies / wrappers that can
> turn IIS into such an encrypting server.
>
> Alun.
> ~~~~
>

> From: "mmac" <mmac@junkmail.bin>
>
> OK that makes sense.
> I'll give it a go.
> So I am also hearing in this thread that secure FTP isn't really
necessary for
> my application? It's meant more for encryption than anything else?

On Mon, 28 Jun 2004 10:39:30 -0700, "mmac" <no@thanks.com> wrote:

>Thank you , that was quite clear and understandable. I'll leave well enough
>alone for now and read up on SSL (since I need to set that up for my
>exchange OWA anyway. ) Once I figure that out I'll see if it would fit for
>FTP. Though from your explanaition I hardly need it.

>""Alun Jones [MSFT]"" <alunj@online.microsoft.com> wrote in message
>news:U0ZhdCTXEHA.2272@cpmsftngxa10.phx.gbl...
>> > From: "mmac" <mmac@junkmail.bin>
>> >
>> > OK that makes sense.
>> > I'll give it a go.
>> > So I am also hearing in this thread that secure FTP isn't really
>> necessary for
>> > my application? It's meant more for encryption than anything else?
>>
>> Like I said, it really depends on what you mean by "secure FTP".
>>
>> To some people, FTP as described by the basic standards document is not
>> secure, because it doesn't encrypt usernames and passwords. In practice,
>> you're not going to find many people that have the ability to make good on
>> that, because it means they must somehow put themselves, and their
>> monitoring machines, on the network path between your server and your
>> client. [Either by intercepting the current path, or by changing your
>path
>> to go to them first] This is about as likely, in the average case, as a
>> telephone wiretap - and you use the phone all the time without scrambling
>> technology.
>>
>> To others, the only security they need is the knowledge that the user name
>> and password are required by the server in order to log on, and that users
>> so authenticated are kept to the right places. Basic FTP provides that.
>>
>> But there are standards for providing encryption and authentication
>through
>> other mechanisms (such as SSL) that are supported by a number of third
>> party clients and servers - you can even get proxies / wrappers that can
>> turn IIS into such an encrypting server.
>>
>> Alun.
>> ~~~~
>>
>