Configure FTP Server Authentication Internet Information Services (IIS) supports the following File Transfer Protocol (FTP) authentication methods:
Available authentication settings must be set at the site level for FTP sites. FTP service is not enabled by default in IIS 6.0.
Requirements
Recommendation As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type runas /user:administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc. ProceduresEnable Anonymous FTP Authentication If you select Anonymous FTP authentication to secure FTP resources, all requests for that resource are accepted without prompting the user for a user name or password. For Anonymous authentication, IIS automatically creates a Windows user account called IUSR_computername, where computername is the name of the server on which IIS is running. If you have both Anonymous FTP authentication and Basic FTP authentication enabled, IIS tries to use the Anonymous FTP authentication user account first.
Enable Basic FTP Authentication If you select the Basic FTP authentication method to secure your FTP resources, users must log on with a user name and password corresponding to a valid Windows user account. If the FTP server cannot verify a user's identity, the server returns an error message. Basic FTP authentication provides only low security because the user transmits the user name and password across the network in an unencrypted form.
|