Ū„-1@ -€GŽ£1|”ˆ%ˆ%ššššššČ֚֚֚֚ öšRH›4֚|›OĖœåžhM”M”M”M”sĄ”4ō”$¢¢¢¢¢¢¢¢4Į¢@8¢Uš8¢8¢°½ INCLUDE d:\\ntdocs\\xlannt\\xltcp\\doc\\07a_ftp.art art_duo07_eps \!IMPORT D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\DUO07.EPS \* mergeformat xe "FTP Server service:description"\\€TCPIP.DOC-1001 Chapter SEQ CHAPTER \R 77 xe "aa"\\€TCPIP.DOC-1326 Using the Microsoft FTP Server Service xe "aa"\\€TCPIP.DOC-1327 The Microsoft FTP Server service allows other computers using the FTP utility to connect to this computer and transfer files. The FTP Server service supports all Windows NT ftp client commands. Non-Microsoft versions of FTP clients may contain commands that are not supported. The FTP Server service is implemented as a multithreaded Win32 service that complies with the requirements defined in Requests for Comments (RFCs) 959 and 1123. xe "aa"\\€TCPIP.DOC-1329 The FTP Server service is integrated with the Windows NT security model. Users connecting to the FTP Server service are authenticated based on their Windows NT user accounts and receive access based on their user profiles. For this reason, it is recommended that the FTP Server service be installed on an NTFS partition so that the files and directories made available via FTP can be secured. xe "aa"\\€TCPIP.DOC-1330 Caution xe "aa"\\€TCPIP.DOC-1331 The FTP Server protocol relies on the ability to pass user passwords over the network without data encryption. A user with physical access to the network could examine user passwords during the FTP validation process. xe "aa"\\€TCPIP.DOC-1332 The following topics are included in this chapter: xe "aa"\\€07A_FTP.DOC-1001 SYMBOL 117 \f "MSIcons" \s 9.5 \h  Installing the FTP Server service xe "aa"\\€07A_FTP.DOC-1002 SYMBOL 117 \f "MSIcons" \s 9.5 \h  Configuring the FTP Server service xe "aa"\\€07A_FTP.DOC-1003 SYMBOL 117 \f "MSIcons" \s 9.5 \h  Administering the FTP Server service xe "aa"\\€07A_FTP.DOC-1004 SYMBOL 117 \f "MSIcons" \s 9.5 \h  Advanced configuration parameters for FTP Server service xe "aa"\\€07A_FTP.DOC-1005 For information about using performance counters to monitor FTP Server traffic, see Chapter 8, “Using Performance Monitor with TCP/IP Services.” xe "aa"\\€TCPIP.DOC-1333 Installing the FTP Server Service xe "Control Panel Network option:installing:FTP Server service"xe "Installing:FTP Server service"xe "FTP Server service:installing"\\€07A_FTP.DOC-1006 These procedures assume that you have installed any necessary devices and device drivers. INCLUDE D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\07A_FTP.ART art_key_eps \!IMPORT D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\KEY.EPS \* mergeformat xe "aa"\\€TCPIP.DOC-1334 You must be logged on as a member of the Administrators group for the local computer to install and configure the FTP Server service. xe "aa"\\€TCPIP.DOC-1335 SYMBOL 219 \f "MSIcons" \s 11 \h To install the FTP Server service xe "aa"\\€TCPIP.DOC-1336 1. Choose the Network option in Control Panel. xe "aa"\\€TCPIP.DOC-1337 2. In the Network Settings dialog box, choose the Add Software button to display the Add Network Software dialog box. xe "aa"\\€TCPIP.DOC-1339 3. In the Network Software box, select TCP/IP Protocol And Related Components, and then choose the Continue button. When the Windows NT TCP/IP Installation Options dialog box appears, check the FTP Server Service option, and then choose the OK button. 4. When the message prompts you to confirm that you are familiar with FTP security, choose the Yes button to continue with FTP Server service installation. xe "aa"\\€TCPIP.DOC-1340 INCLUDE D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\07A_FTP.ART art_xsgw37_eps \!IMPORT D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\XSGW37.EPS \* mergeformat xe "aa"\\€TCPIP.DOC-1342 5. When prompted for the full path to the Windows NT distribution files, provide the appropriate location, and then choose the Continue button. xe "aa"\\€TCPIP.DOC-1343 6. After the necessary files are copied to your computer, the FTP Service dialog box appears so that you can continue with the configuration procedure as described in the next section. The FTP Server service must be configured in order to operate. xe "aa"\\€07A_FTP.DOC-1007 Note For disk partitions that do not use the Windows NT file system (NTFS), you can apply simple read/write security by using the FTP Server tool in the Control Panel as described in the following section. xe "aa"\\€TCPIP.DOC-1345 Configuring the FTP Server Service xe "Control Panel Network option:configuring:FTP Server service [begin]"xe "FTP Server service:configuring:options [begin]"\\€TCPIP.DOC-1346 After the FTP Server service software is installed on your computer, you must configure it to operate. When you configure the FTP Server service, your settings result in one of the following: xe "aa"\\€07A_FTP.DOC-1008 SYMBOL 117 \f "MSIcons" \s 9.5 \h  No anonymous FTP connection allowed. In this case, each user must provide a valid Windows NT username and password. To configure the FTP Server service for this, make sure the Allow Anonymous Connection box is cleared in the FTP Service dialog box. xe "aa"\\€07A_FTP.DOC-1009 SYMBOL 117 \f "MSIcons" \s 9.5 \h  Allow both anonymous and Windows NT users to connect. In this case, a user can choose to use either an anonymous connection or a Windows NT username and password. To configure the FTP Server service for this, make sure only the Allow Anonymous Connection box is checked in the FTP Service dialog box. xe "aa"\\€07A_FTP.DOC-1010 SYMBOL 117 \f "MSIcons" \s 9.5 \h  Allow only anonymous FTP connections. In this case, a user cannot connect using a Windows NT username and password. To configure the FTP Server service for this, make sure both the Allow Anonymous Connections and the Allow Anonymous Connections Only boxes are checked in the FTP Service dialog box. xe "aa"\\€07A_FTP.DOC-1011 If anonymous connections are allowed, you must supply the Windows NT username and password to be used for anonymous FTP. When an anonymous FTP transfer takes place, Windows NT will check the username assigned in this dialog box to determine whether access is allowed to the files. xe "aa"\\€07A_FTP.DOC-1012 SYMBOL 219 \f "MSIcons" \s 11 \h To configure or reconfigure the FTP Server service xe "aa"\\€TCPIP.DOC-1348 1. The FTP Service dialog box appears automatically after the FTP Server service software is installed on your computer. xe "aa"\\€07A_FTP.DOC-1013 – Or – xe "aa"\\€TCPIP.DOC-1349 If you are reconfiguring the FTP Server service, choose the Network option in Control Panel. In the Installed Network Software box, select FTP Server, and then choose the Configure button. xe "aa"\\€TCPIP.DOC-1350 INCLUDE D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\07A_FTP.ART art_xsgw38_eps \!IMPORT D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\XSGW38.EPS \* mergeformat xe "aa"\\€07A_FTP.DOC-1014 The FTP Service dialog box displays the following options: xe "aa"\\€TCPIP.DOC-1352 Item xe "aa"\\€TCPIP.DOC-1353 Description     xe "aa"\\€TCPIP.DOC-1354 Maximum Connections xe "aa"\\€TCPIP.DOC-1355 Specifies the maximum number of FTP users who can connect to the system simultaneously. The default value is 20; the maximum is 50. A value of 0 means no maximum, that is, an unlimited number of simultaneous users. When the specified number of concurrent users are logged onto the FTP server, any subsequent attempts to connect will receive messages defined by the administrator. For information about defining custom messages, see “Advanced Configuration Parameters for FTP Server Service” later in this chapter.  xe "aa"\\€TCPIP.DOC-1356 Idle Timeout xe "aa"\\€TCPIP.DOC-1357 Specifies how many minutes an inactive user can remain connected to the FTP Server service. The default value is 10 minutes; the maximum is 60 minutes. If the value is 0, users are never automatically disconnected.   xe "aa"\\€TCPIP.DOC-1352 Item xe "aa"\\€TCPIP.DOC-1353 Description     xe "aa"\\€TCPIP.DOC-1358 Home Directory xe "aa"\\€TCPIP.DOC-1359 Specifies the initial directory for users.  xe "aa"\\€TCPIP.DOC-1360 Allow Anonymous Connections xe "aa"\\€TCPIP.DOC-1361 Enables users to connect to the FTP Server using the user name anonymous (or ftp, which is a synonym for anonymous). A password is not necessary, but the user will be prompted to supply a mail address as the password. By default, anonymous connections are not allowed. Notice that you cannot use a Windows NT user account with the name anonymous with the FTP Server. The anonymous user name is reserved in the FTP Server for the anonymous logon function. Users logging on with the username anonymous receive permissions based on the FTP Server configuration for anonymous logons.  xe "aa"\\€TCPIP.DOC-1362 Username xe "aa"\\€TCPIP.DOC-1363 Specifies which local user account to use for FTP Server users who log on under anonymous. Access permissions for the anonymous FTP user will be the same as the specified local user account. The default is the standard Guest system account. If you change this, you must also change the password.  xe "aa"\\€TCPIP.DOC-1364 Password xe "aa"\\€TCPIP.DOC-1365 Specifies the password for the user account specified in the Username box.  xe "aa"\\€TCPIP.DOC-1366 Allow Only Anonymous Connections xe "aa"\\€TCPIP.DOC-1367 Allows only the user name anonymous to be accepted. This option is useful if you do not want users to log on using their own user names and passwords because FTP passwords are unencrypted. However, all users will have the same access privilege, defined by the anonymous account. By default, this option is not enabled.   xe "FTP Server service:configuring:options [end]"\\€TCPIP.DOC-1351 2. Default values are provided for Maximum Connections, Idle Timeout, and Home Directory. Accept the default values, or change values for each field as necessary. xe "aa"\\€TCPIP.DOC-1368 3. Choose the OK button to close the FTP Service dialog box and return to the Network Settings dialog box. xe "aa"\\€TCPIP.DOC-1369 4. To complete initial FTP Server service installation and configuration, choose the OK button. xe "aa"\\€TCPIP.DOC-1370 A message reminds you that you must restart the computer so that the changes you made will take effect. xe "aa"\\€TCPIP.DOC-1371 Note xe "aa"\\€TCPIP.DOC-1372 When you first install the FTP Server service, you must also complete the security configuration as described in the following procedure for users to access volumes on your computer. xe "aa"\\€TCPIP.DOC-1373 SYMBOL 219 \f "MSIcons" \s 11 \h To configure FTP Server security xe "FTP Server service:configuring:security"\\€TCPIP.DOC-1374 1. After the FTP Server has been installed and you have restarted Control Panel, start the FTP Server option in Control Panel. Windows NT Server users can also use the FTP menu in Server Manager. xe "aa"\\€TCPIP.DOC-1386 INCLUDE D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\07A_FTP.ART art_xsgw40_eps \!IMPORT D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\XSGW40.EPS \* mergeformat 2. In the FTP User Sessions dialog box, choose the Security button. xe "aa"\\€TCPIP.DOC-1375 INCLUDE D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\07A_FTP.ART art_xsgw39_eps \!IMPORT D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\XSGW39.EPS \* mergeformat xe "aa"\\€TCPIP.DOC-1376 3. In the Partition box of the FTP Server Security dialog box, select the drive letter you want to set security on, and then check the Allow Read or Allow Write check box, or both check boxes, depending on the security you want for the selected partition. xe "aa"\\€07A_FTP.DOC-1015 Repeat this step for each partition. xe "aa"\\€07A_FTP.DOC-1016 Setting these permissions will affect all files across the entire partition on file allocation table (FAT) and high-performance file system (HPFS) partitions. On NTFS partitions, this feature can be used to remove read or write access (or both) on the entire partition. Any restrictions set in this dialog box are enforced in addition to any security that might be part of the file system. That is, an administrator can use this dialog box to remove permissions on specific volumes but cannot use it to grant permissions beyond those maintained by the file system. For example, if a partition is marked as read-only, no one can write to the partition via FTP regardless of any permissions set in this dialog box. xe "Control Panel Network option:configuring:FTP Server service [end]"\\€TCPIP.DOC-1377 4. Choose the OK button when you are finished setting security access on partitions. xe "aa"\\€TCPIP.DOC-1378 The changes take effect immediately. The FTP Server service is now ready to operate. xe "aa"\\€TCPIP.DOC-1379 Administering the FTP Server Service INCLUDE D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\07A_FTP.ART art_xtc7_1_eps \!IMPORT D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\XTC7_1.EPS \* mergeformat xe "Administering:FTP Server service [begin]"xe "FTP Server service:administering [begin]"\\€TCPIP.DOC-1380 After initial installation is complete, the FTP Server service is automatically started in the background each time the computer is started. Remote computers can initiate an FTP session while the FTP Server service is running on your Windows NT computer. Both computers must be running the TCP/IP protocol. INCLUDE D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\07A_FTP.ART art_key_eps \!IMPORT D:\\NTDOCS\\XLANNT\\XLTCP\\DOC\\KEY.EPS \* mergeformat xe "aa"\\€TCPIP.DOC-1385 You must be logged on as a member of the Administrators group to administer the FTP Server. xe "aa"\\€TCPIP.DOC-1381 Remote users can connect to the FTP Server using their account on the FTP Server, an account on the FTP Server’s domain or trusted domains (Windows NT Server only), or using the anonymous account if the FTP Server service is configured to allow anonymous logons. xe "aa"\\€07A_FTP.DOC-1017 When making any configuration changes to the FTP Server (with the exception of security configuration), you must restart the FTP Server by either restarting the computer or manually stopping and restarting the server, using the net command or Services icon in Control Panel. xe "FTP Server service:starting or stopping"\\€07A_FTP.DOC-1018 SYMBOL 219 \f "MSIcons" \s 11 \h To start or stop the FTP Server service SYMBOL 183 \f "Symbol" \s 11 \h  Use the Services option in Control Panel, or at the command prompt use the commands net stop ftpsvc followed by net start ftpsvc. xe "Disconnecting:users from FTP Server service"\\€07A_FTP.DOC-1019 Restarting the service in this way disconnects any users presently connected to the FTP Server without warning—so use the FTP Server option in Control Panel to determine if any users are connected. Pausing the FTP Server (by using the Services option in Control Panel or the net pause command) prevents any more users from connecting to the FTP Server but does not disconnect the currently logged on users. This feature is useful when the administrator wants to restart the server without disconnecting the current users. After the users disconnect on their own, the administrator can safely shut down the server without worrying that users will lose work. When attempting to connect to a Windows NT FTP Server that has been paused, clients receive the message “421  Service not available, closing control connection.” xe "aa"\\€07A_FTP.DOC-1020 Using FTP Commands at the Command Prompt xe "Command prompt:using FTP commands"xe "FTP:using commands at the command prompt"xe "FTP Server service:using FTP commands at the command prompt"\\€07A_FTP.DOC-1021 When you install the FTP service, a set of ftp commands are automatically installed that you can use at the command prompt. For a summary list of these commands, see the ftp entry in Chapter 11, “Utilities Reference.” xe "aa"\\€07A_FTP.DOC-1022 SYMBOL 219 \f "MSIcons" \s 11 \h To get help on ftp commands 1. Double-click the Windows NT Help icon in the Program Manager group. 2. In the Windows NT help window, click the Command Reference Help button. 3. Click the ftp commands name in the Commands window. 4. Click an ftp command name in the Command Reference window to see a description of the command, plus its syntax and parameter definitions. xe "aa"\\€TCPIP.DOC-1383 Managing Users xe "FTP Server service:managing users"\\€TCPIP.DOC-1384 Use the FTP Server option in Control Panel to manage users connected to the FTP Server and to set security for each volume on the FTP Server. For convenience on Windows NT Server computers, the same dialog box can be reached from Server Manager by choosing the FTP menu command. xe "aa"\\€TCPIP.DOC-1387 In the FTP User Sessions dialog box, the Connected Users box displays the names of connected users, their system’s IP addresses, and how long they have been connected. For users who logged on using the anonymous user name, the display shows the passwords used when they logged on as their user names. If the user name contained a mail host name (for example, ernesta@trey-research.com) only the username (ernesta) appears. Anonymous users also have a question mark (?) over their user icons. Users who have been authenticated by Windows NT security have no question mark. xe "Disconnecting:users from FTP Server service"\\€TCPIP.DOC-1388 The FTP Server allows you to disconnect one or all users with the disconnect buttons. Users are not warned if you disconnect them. xe "aa"\\€TCPIP.DOC-1389 The FTP Server displays users’ names as they connect but does not update the display when users disconnect or when their connect time elapses. The Refresh button allows you to update the display to show only users who are currently connected. xe "aa"\\€TCPIP.DOC-1390 Choosing the Security button displays the FTP Service Security dialog box, where you can set Read and Write permissions for each partition on the FTP Server, as described earlier in this chapter. You must set the permissions for each partition you want FTP users to have access to. If you do not set partition parameters, no users will be able to access files. If the partition uses a secure file system, such as NTFS, file system restrictions are also in effect. xe "aa"\\€07A_FTP.DOC-1023 In addition to FTP Server partition security, if a user logs on using a Windows NT account, access permissions for that account are in effect. xe "aa"\\€07A_FTP.DOC-1024 Controlling the FTP Server and User Access xe "FTP Server service:maximum connections"\\€07A_FTP.DOC-1025 A network administrator can control several of the FTP Server configuration variables. One such variable, Maximum Connections, can be set by using the Network option in Control Panel to define a value between 0 and 50. Any value from 1 to 50 restricts concurrent FTP sessions to the value specified. A value of 0 allows unlimited connections to be established to the FTP Server until the system exhausts the available memory. xe "Messages, displaying in FTP Server service"xe "FTP Server service:displaying custom messages"\\€07A_FTP.DOC-1026 You can specify a custom message to be displayed when the maximum number of concurrent connections is reached. To do this, enter a new value for MaxClientsMessage in the Registry, as described in “Advanced Configuration Parameters for FTP Server Service” later in this chapter. xe "aa"\\€07A_FTP.DOC-1027 Annotating Directories xe "Annotating directories for FTP Server service"xe "FTP Server service:annotating directories"\\€07A_FTP.DOC-1028 You can add directory descriptions to inform FTP users of the contents of a particular directory on the server by creating a file called ~FTPSVC~.CKM in the directory that you want to annotate. Usually you want to make this a hidden file so directory listings do not display this file. To do this, use File Manager or type the command attrib +h ~ftpsvc~.ckm at the command prompt. xe "aa"\\€07A_FTP.DOC-1029 Directory annotation can be toggled by FTP users on a user-by-user basis with a built-in, site-specific command called ckm. On most FTP client implementations (including the Windows NT FTP client), users type a command at the command prompt similar to quote site ckm to get this effect. xe "aa"\\€07A_FTP.DOC-1030 You can set the default behavior for directory annotation by setting a value for AnnotateDirectories in the Registry, as described in “Advanced Configuration Parameters for FTP Server Service” later in this chapter. xe "aa"\\€07A_FTP.DOC-1031 <