Sunday, January 27, 2013

Monday, January 14, 2013

How to manually add an FTP account

How to manually add an FTP account

This article will outline the procedure for manually creating an FTP account in Windows Server 2003.
For Virtual and Dedicated Servers which do not utilize the HELM Control Panel, adding an FTP account is still very easy to accomplish.
First, we will need to create the user account within Windows. Right-click on My Computer and choose the 'Manage' option.

Within the Computer Management window, expand the Local Users and Groups section, and then click on the Users folder, displaying a list of all current users on the server.

Next, right-click inside the blank space, and choose New User from the menu. Be sure not to click on an existing user, and it will display only options for that user. You can also get to the New User creation screen by clicking Action from the file menu and choosing New User.

On the New User creation screen, you will be given multiple options for creating the new user. They are as follows:
  • User Name: This is the exact user name which will be entered when connecting via FTP. For now, let's name the user 'ftp_access'
  • Full Name: This optional field can contain the user's full name if the User Name is an abbreviation.
  • Description: This field can contain a description of what the account will be used for. This field is also optional.
  • Password: This will be your desired password when connecting. It must be entered twice for verification.
You will also be given different options for the password, such as forcing the user to change their password the next time they log on, granting the user the ability to change their own password, setting the password to never expire, or setting the account as disabled as soon as it is created. Most of these options are relevant only when the user is logging onto the server directly and not via FTP connection. For now, let's just set the password to never expire.
Once your desired options are set for the new user, click on Create.

As you can see, the new user can now be seen in the main list. Go ahead and close the Computer Management window.

Now, we need to set the folder permissions for the new user. You can use either an existing folder or create a new one. For now, let's create a new folder called 'Upload', located in the root of the 'C:' drive. You can do this by right-clicking in the blank space anywhere within Windows Explorer and choosing 'New --> Folder', and then entering your desired name for the folder.

Next, we need to set the permissions for the folder so the new user can access it. Right-click on the new folder and choose Sharing and Security.

The new dialog box will default to the Sharing tab. Click on the Security tab. As you can see, only the 'Administrators' group and the 'SYSTEM' user. Please take care to not alter the 'SYSTEM' user's permissions, as this will make the folder unreadable by Windows. Click on the Add button.

On the Select Users and Groups window, type in the User Name of the user we created, and click on 'Check Names'.

It should be able to find the user right away, and you can confirm this as the Computer Name will be displayed before it. Click OK.

You should now see the created user in the list of users with permissions for the specified folder. By default, the user will have the following permissions for the folder:
  • Read & Execute
  • List Folder Contents
  • Read
These are commonly referred to as 'Read-Execute-List', or 'RXL', permissions. These permissions will only allow the user to connect to the folder, view it's contents and download any files within it. To allow the user permission to Upload files, they must be granted the 'Modify' permission. This will also allow the user to remove or alter files within the folder. Let's grant this user the ability to change files by highlighting the user in the list and placing a check-mark next to 'Modify'. You will notice the 'Write' permission is automatically selected when Modify permissions are granted.
Once the options are set, click OK.

There is another folder specified by Internet Information Services (IIS) which the user needs to have permissions for before the FTP account will function properly. The folder name is 'C:\Inetpub\ftproot', and you can assign the user Read-Execute-List permissions for this folder in the same manner as outlined above.
Now, we need to create an FTP Virtual Directory within IIS. You can open IIS by navigating to 'Start --> Administrative Tools --> Internet Information Service (IIS) Manager.
Once the IIS is open, click the plus sign to expand the server name, and you should see the 'FTP Sites' folder. Click on the Default FTP Site within it to see a list of accounts already present on the server.

Right-click anywhere within the blank area beneath the existing accounts, and navigate to 'New --> Virtual Directory'.

You will first see a welcome windows for the Virtual Directory creation wizard. Click Next to proceed.

Next, enter the exact user name for the user created previously. This is vital for the FTP site to function properly. Once entered, click Next.

The next page will ask for the directory you wish to allow the user access to. We created 'C:\Uploads' previously, so let's enter that. You can also browse to it by using the Browse button. Once the folder path has been entered, click Next.

Now, you will have the option to allow Write access for the user. Though we have already set the folder permissions for this user to have the ability to modify permissions, the FTP Virtual Directory also needs the Write permission specified. Place a check-mark next to 'Write' and click Next.

You have now completed the wizard. Click Finish.

As you can see, the created FTP user now has it's own Virtual Directory under the Default FTP site. This wil enable the user to connect via FTP to any IP address on the server with the created username, using any FTP client program.

If you have any questions about this procedure or setting up and using FTP accounts, please don't hesitate to contact our Technical Support Department, and they will be more than happy to assist you.

References  : http://support.microsoft.com/kb/201771