Mario,
Here is a different
way:
There is a knowledge
base article published by Microsoft that covers the
following:
Although members of the Domain Admins group
can successfully FTP to a Windows 2000-based Internet Information Services (IIS)
server, members of the Domain Users group may be unable to do so.
In
this case it is FTP-ing to W2K IIS server, but it would apply to a WS_FTP Server
that is part of that Domain as well.
The
article further says, This behavior can occur because the Users group does not by default have
the Log on Locally user right, which is required to connect to resources hosted
on an IIS server, or in this case the WS_FTP Server.
The
steps outlined in this article solves the problem of users having to be part of
the Admin group to connect.
Also,
by following the instructions in this KB, you do not have to make the WS_FTP
Server machine a member of the Administrator's Group in the Active Directory
Users and Computers settings.
According to Microsoft, this behavior is by
design.
Here
is the article:
BTW,
you mentioned
"my W2K specialist tells me that I am giving full rights to the
WS_FTP Server process. For example it could easily delete a part of the Active
Directory as it has the rights!"
-how would the
WS_FTP Server process delete a part of the Active Directory? And actually
the instruction is to edit the FTP Server computer's (not Process)
membership, to add Administrator.
Mark Singh
Ipswitch,
Inc.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of OOSTERS Mario
Sent: Thursday, January 08, 2004 11:30 AM
To: [EMAIL PROTECTED]
Subject: [WS_FTP Forum] Security Active Directory problemHowdie,I have been running a case with the WS_FTP-Server support team about having problems authenticating with a remote Active Directory( 530 Invalid userid/password while I could see the users in the WS_FTP Server Manager). The problem was apparently that the my W2K server running WS_FTP server did not have sufficient rights. Ipswitch proposed me to adapt in my Active Directory the following.Click: Start > Programs > Administrative Tools > Active Directory Users and Computers.1. Click on the Computers folder in the tree to the left.You will see a list of machines within the domain. Right click on the nameof the member server that WS_FTP Server is installed on and choose properties.2. Click on the Member Of tab.3. Click the Add button.4. Select Administrators, click Add.5. Click OK in the windows to close them.This makes the problem go away, the problem is know that my W2K specialist tells me that I am giving full rights to the WS_FTP Server process. For example it could easily delete a part of the Active Directory as it has the rights! Of course, we would like to avoid this and I am wondering if nobody else found out a way to minimize the rights and still make this work. I am asking this to the list as the R&D of Ipswitch apparently doesn't has been testing Active Directory together with security settings.Mario OostersSenior Network Engineer @ Groupe SRue des Ursulines 2A, 1000 BrusselBelgiumTel : ++ 32 2 507 15 77Fax : ++32 2 507 15 75
