Indiana University
University Information Technology Services
  
What are archived documents?

How do I set up Windows NT 4.0, 2000, or XP Professional to accept FTP transfers?

Note: FTP, though efficient for transferring files, lacks any significant security features. Usernames, passwords, and files are sent across the network unencrypted (i.e., in plaintext). In addition, there are no built-in safeguards to ensure that computers connecting to yours via FTP are who they claim to be. For information about secure file transfer options, see the following Information Technology Security Office page:

http://itso.iu.edu/Secure_File_Transfer_Alternatives

For your Windows workstation to be able to accept FTP connections, you must install and activate an FTP server. Follow the appropriate instructions below:

Windows 2000 and XP

Setting up an FTP server in Windows XP Professional or 2000 involves the installation of Internet Information Services (IIS) and, thus, requires administrative rights. This suite of Windows components handles all the functions formerly handled by Windows NT's Peer Web Services. IIS, and consequently FTP server capability, is not included in Windows XP Home Edition.

Note: At Indiana University, the University Information Security Office (UISO) recommends that you normally refrain from running your Windows computer as an administrator. For more, see What is the principle of least privilege?

Note: IIS is known to have serious security flaws and has been targeted by several computer viruses, including Code Red and Nimda. If you install IIS on your computer, UITS strongly advises that you also install any security update patches available from Microsoft. The appropriate patches for Windows 2000 are available at the following URL: http://support.microsoft.com/kb/300972 Microsoft claims that Windows XP already blocks the viruses in question, but you should check frequently for any updates that may be released. See the following site for IIS updates: http://technet.microsoft.com/en-us/windowsserver/2000/bb735378.aspx

Installing IIS

  1. For Windows XP Professional systems running in the default Start menu configuration, click Start, then Control Panel, then Add or Remove Programs. In Windows 2000 (or in XP if it is set to classic Start menu view), click Start, then Settings, then Control Panel, and then double-click Add/Remove Programs.

  2. Click Add/Remove Windows Components.

  3. Double-click Internet Information Services. This will open another window listing the IIS subcomponents.

  4. Check the box next to File Transfer Protocol (FTP) Server. The Common Files and Internet Information Services Snap-In boxes will also check by default. Make sure no other boxes are checked, and then click OK.

Note: Windows may prompt you for your Windows CD at this point.

Configuring the FTP server

  1. On the desktop, double-click My Computer, and then double-click the hard drive on which you have Windows installed.

    Note: The Windows XP default desktop view and Start menu are different from the Windows Classic View (e.g., in Windows 2000). Therefore, navigating to certain items can be different. In the interest of broad applicability, most Knowledge Base instructions assume you are using Classic View. For information about switching your Windows XP default view to Classic View, see In Windows XP, how do I switch to the Windows Classic View, Classic theme, or Classic Control Panel?

  2. Open the folder inetpub. Right-click the ftproot folder and select Properties.

  3. Click the Sharing tab. Select the radio button Share this folder and click Permissions. From the list that appears, select Everyone, and then click Remove.

  4. Click the Add... button. In the drop-down list, select your computer's name. In the list of user groups that appears in the center scrollbox, select Users. Click Add, then OK. In the Permissions window, set the access level. If a user needs only to download files from your computer, set the access to Read. To give upload permission, also check Change. Click OK.

  5. Create user accounts for each of the individuals who will need to access your server. You can do so by opening the Control Panel and then double-clicking the Users and Passwords icon. For each user, you will need to provide a username and domain. At Indiana University, the username should be the Network ID, and the domain should be ADS .

  6. In the main Control Panel window, double-click Administrative Tools, and then double-click the Computer Management icon. A new window will open. On the left, beside Services and Applications, click the + (plus sign), and then click the + (plus sign) beside Internet Information Services.

  7. Right-click Default FTP server and select Properties. Under "Services", make sure that Allow anonymous connections is not checked. This will prevent unauthorized access to your workstation. Click OK, and then close all windows.

Windows NT 4.0

Note: For security and support reasons, UITS recommends using Windows 2000 Professional or Windows XP Professional, rather than NT Workstation 4.0, on Indiana University's network. Microsoft retired both mainstream and extended support for this version in June 2004, which means security updates are no longer being developed. For more information, see Microsoft's Windows Desktop Product Lifecycle Guidelines page at:

http://support.microsoft.com/?LN=en-us&pr=lifecycle

In Windows NT 4.0, the FTP server is included in Microsoft Peer Web Services, which is available on the NT 4.0 CD but is not installed by default. Once you install and configure Peer Web Services, the FTP server will be active.

These instructions assume that you want to grant FTP access to a limited selection of users within your domain. UITS does not recommend allowing anonymous or general FTP access to your computer.

Make sure you have the NT 4.0 installation media and Service Pack 3.0 (or higher). Throughout the process, please use the default locations when creating directories or saving files.

  1. Log into your domain, but make sure that you have administrative rights to your local workstation (you may need to log out and log back in as the local administrator).

  2. Install Microsoft Peer Web Services:

    1. Click Start. From the menu that appears, choose Settings, then Control Panel. Double-click the Network icon.
    2. Click the Protocols tab. If "TCP/IP Protocol" is present in the list, continue to the next step. If "TCP/IP Protocol" is not displayed in the list, you will need to add it by clicking Add... . From the list that appears, choose TCP/IP Protocol, and then click OK.
    3. Click the Services tab. Click Add... . From the list that appears, click Microsoft Peer Web Server, and then click OK.
    4. Type the path for the Windows NT source files. For example, if you are using the Windows NT CD-ROM in drive D:, type: d:\i386
    5. Click OK to start the Microsoft Peer Web Services Setup.
    6. Make sure you uncheck the boxes for the other services listed. The only boxes that should be checked are FTP services and the Internet Service Manager. Do not check Internet Service Manager for HTML. Unless you have a specific need to change the directory, just use the default offered. (This installation creates a directory called Inetpub, and within it, an FTP directory called ftproot.)

  3. Install (or reinstall) Service Pack 3.0 (or higher) and reboot. The NT service packs are available from Microsoft at: http://www.microsoft.com/msdownload/

    If you see a message warning you that the version of a file being copied to your workstation is older than the version currently on your workstation, click Yes to keep the existing file.

  4. Configure the ftproot directory to allow sharing:

    1. Click Start. From the menu that appears, choose Programs, then Windows NT Explorer.
    2. Select the resident drive and then the Inetpub directory.
    3. Right-click the ftproot directory. Next, click Sharing... , then the Shared as: radio button, then Permissions... . From the list that appears, select Everyone, and then click Remove.
    4. Click Add... . At IU, change the directory to ADS, and then click Show Users. In the space provided, type your username, and then click Add. At the bottom of the window, set the type of access to Full Control. Click OK. (To stop sharing a resource, right-click the file or folder and select Sharing... . Under the Sharing tab, click the Not Shared radio button, and then click OK.)
    5. Close Windows NT Explorer.

  5. Create and configure local accounts on your workstation for your authorized FTP users:

    1. Click Start. From the menu that appears, choose Programs, then Administrative Tools, and then User Manager.
    2. From the User menu, select New User... .
    3. Enter the appropriate information in the "Username:", "Password:", and "Confirm Password:" fields. (The other fields are optional.) Uncheck User Must Change Password at Next Logon, and then click OK. The account should show up in the "Username" list in the User Manager window.
    4. Repeat for each authorized user, and then close the window.
    5. Modify the local account's permissions:

      1. Click Start. From the menu that appears, choose Programs, then Microsoft Peer Web Services, then Internet Services Manager.
      2. Highlight your workstation's name. Next, right-click to pull down the Properties menu. Select Service Properties. Under "Services", make sure that Allow anonymous connections is not checked. This will prevent unauthorized access to your workstation.
      3. Select Directories, highlight the directory you'd like to make available, and click Edit Properties. Check both the Read and Write boxes.
      4. Click OK to return to Internet Services Manager. Close the window.

Your computer should be ready to accept FTP connections.

This is document ahmz in domain all.
Last modified on November 26, 2007.
Please tell us, did you find the answer to your question?