Creating FTP only accounts, but not allowed to login to machine

[DeadSeaSquirrels]

I want to know if there is a way to create a user login for my FTP server (IIS ftp server), but one that doesn't allow that same user to login to my local machine. Like come to my house and login to my machine. The only way I know how to create a user login for the FTP server, is to disable anonymous on the FTP server, and then create a user, the normal way like creating a user for your desktop login. That user then is allowed to login to the FTP server, but they can still login to my local machine too...and I don't want that. Is this possible.

Also shouldn't there be a directory under C:\Inetpub\wwwroot for each user that is declared on the machine, and that is their homepage? Isn't that how web servers work? If I am confused please let me know.

 

[TheOmegaCode]

Can't you set stuff up like that under your local security policy? Check for something that has to do with the rights of the users and I think you can deny local login...

 

[mikecel79]

Yep Local Security Policy will handle that. You want to deny the "Right to Logon Locally" to the selected user.

 

[DeadSeaSquirrels]

Thanks, is it the deny logon locally option? under the "User Rights Assignment" folder? If so done and done. I have one further question though, in the options for setting this up there are two columns. One reads "Local Policy Setting" and one reads "Effective Policy Setting." What do those mean?

And I see a lot of text saying that if you are within a domain then the policy specified on the local computer may be overriden by something else that takes precedence. I am just wondering, I don't know much about networking within a domain name, with a main server an all. But if you are within a domain, are all policies of the computers within that domain controlled by an administrative computer somewhere else. So lets say you are in a network, with all 2000 machines, and they are all set to domain Tangerine, within that network is there like a head computer that will control all the users who can logon to that network, and logon to any machine, and also control all these little things like the feature I just asked about? How does working within a domain network work anyway? If you guys have the time and don't mind me asking.

 

[mamisano]

Here is how I set up file access to my HTTP Server, should be the same for FTP.

I created a group called InternetFileAccess. I created a new user (or a current user) and added him to that group and REMOVED him from the "Users" group.

Then, give the proper read/write FTP folder permissions to the group InternetFileAccess.

I had that issue when running IIS on my WinXP machine. I would have like 10 people listed under the Login screen, the process above fixed that

 

[mikecel79]

A Windows domain has one or more Domain Controllers that handle all the security for machines joined to the domain. With Windows 2000 they have group policy which is incredibly powerful and allow you to apply policies (like the local security policy) across all your machines in the domain. If your really interested in it check out Microsoft Active Directory Site There is TONS of information about domains and AD there.

BTW if you were joined to a domain the Local Security Policy gets applied last so it would be overridden if another policy was being applied first. That's what the effective setting is there for. If you were on a domain some changes made to the local policy may not take effect. The effective setting is there to show you which ones will

 

[DeadSeaSquirrels]

Thanks...would you mind me asking more information as they come up?

 

[mikecel79]

Nope no problem. You can IM me if you need a quicker response.