Steps - Continued from Page 1
5) Create an FTP user group (on a non-domain server [single server with Active Directory], this will be a "local group;" on an Active Directory domain, this will be a "Global Security group").
Assuming we have an Active Directory domain: From Windows 2003 Active Directory Users and Computers, create a Group called "FTP Users."
6) Create an FTP-authorized user (alternatively, you can add existing users to the "FTP Users" group)
Assuming a new user: From AD Users and Computers, create a user called "mseng" (for Microsoft Engineering).
Set a complex password for the "mseng" user (8 or more characters, containing an upper-case, a lower-case, at least one number and at least one special character. Set the user account per your policy - i.e., if you never expire nor force password changes on external FTP users, then set the account password to "never expire."
Add the "mseng" user to the "FTP Users" group.
7) Add FTP Users group for access to the folder. In Windows 2003, navigate to the folder c:\patches, right-click the folder, go to the Security tab and add the "FTP Users" group to this "c:\patches" folder - ensure that you select "modify" access to the c:\patches folder, so that any future users added to the "FTP Users" group will be allowed to write to this folder.
8) Test the FTP user and connectivity from both an internal and external workstation. Here we assume that, from your inside network, you have gone to http://www.whatismyip.com and obtained the IP address of your outside interface - or that you made note of the address while you were setting up the FTP inbound rules on your firewall. We will assume also that you know the internal IP address of your server - for the internal FTP test. Either way, we will refer to the destination FTP server address the "FTP-server-IP."
First, create a 'test' file on your local FTP client workstation (the one from which you will be initiating the FTP connection).
Click Start, browse to Run, type the word "command" and press <Enter> - this will take you to the command line interface
Type "cd/d c:\" and press <Enter> - this will take you to the top of the C:\ drive
Create a 'myfile.txt' file at the top of your C: drive, with just a single word, such as 'test' in the text file (use 'notepad' to create it).
a) Internally - go to a workstation on your internal network, go to a command line, type FTP and press <Enter>, then follow the steps after "b" below
b) Externally - go to a workstation outside your network, go to a command line, type FTP and press <Enter>, then follow the steps below
From the command line, type FTP and press <Enter> - this will take you into the FTP client interface
This will take you to the FTP client interface prompt, similar to this: ftp>
From the ftp client prompt, type "open FTP-server-IP" (where the FTP-server-IP is the internal or external IP address
ftp> open FTP-server-IP <Enter> (where FTP-server-IP might be your internal server IP, such as 192.168.1.14 [if you are testing internally]; or it might be something like 188.8.131.52 [if you are testing from outside your network, FTPing into your network])
Username: mseng <Enter> (or "mydomain\mseng" [where 'mydomain' is the AD domain name of your internal domain)
Password: whatever-complex-password-you-set-for-the-account <Enter>
Now, do both a "put" (file send to the server) and a "get" (file retrieve from the server)
ftp> put myfile.txt myfile.txt <Enter> (you should see a message showing that a file was successfully created)
ftp> get myfile.txt c:\newfile.txt <Enter> (you should see a message showing that a file was successfully retrieved [newfile.txt file created])
Exit from FTP:
ftp> bye <Enter>
That's about all there is to it. You've installed, configured and tested FTP and allowed it through your firewall.
Microsoft documentation on setup/install of SBS 2003 can be found here.
A detailed MSDN Article on setting up FTP can be found here.