Thursday, March 22, 2007

FTP on a Windows Domain...the easy way.

At the company I work for, we have a "plethora" of clients and vendors we have to swap files with. Some of these files are Photoshop files, so they can be Gigs in size on occasion. When moving files this large it only make sense to host your own FTP server. This way, you can move files TO the FTP via a 100mb or Gigabit link, depending on your network. This cuts the time in half for getting a file to or from a client\vendor, since you will always be retrieving the file or putting the file on the FTP with a big pipe. You also want the ability to easily control access to different folders on your FTP, and easily create FTP users and passwords. Unfortunately, creating users in active directory and assigning permissions is the LONG way down this road. I don't know about you, but I like to keep my active directory clean and organized, and creating containers for FTP users and mixing that up with the users on my LAN just doesn't seem like a good idea. There is always the possibility for error, and you might give one of these people access to something that they shouldn't. For example, you might create user Joe Blow with the intention of giving him FTP access to a single folder, but by mistake he is a member of the "Domain users" group, which depending on your network might give him access to your company portal. Now I know what you are saying: "Just create an FTP user template, test it, and create all subsequent users that way." Alright, that would work, but there is a much easier way, and it's called Serv-U FTP Server.

Serv-U is available as a free download as the Personal Edition, but this will limit you to 5 users, which is unacceptable for a business. The Standard Edition gives you the ability to have 100 users on a single domain, with 25 concurrent connections, which is more a corporations speed. Here's an example of how easy it is to use Serv-U to set up a password protected folder for Joe Blow:

Make sure port 21 is forwarded through your firewall to the server hosting Serv-U
Install Serv-U on a server in your DMZ
Create a folder on the root of the server hosting Serv-U named "Joe_FTP"
Start up Serv-U and go to the "Users" node
Right click "users" to create a new user
Create the username for Joe Blow and click Next
Create the password for Joe Blow and click Next
Name the directory you would like Joe to have access to, in this case we would enter: c:\joe_ftp
Make sure "Lock user in home directory" is checked to keep Joe out of anything else and click Finish
Go to the "Directory Access" tab for Joe's account
Give Joe whatever permissions you feel are necessary. For example, if Joe only needs to retrieve a file from his folder, just give him the "Read" permission.

And that's it! To further simplify the process, install Serv-U on your desktop and during the install point it to the server hosting the Serv-U FTP site so you can create users from your workstation! You can also create a "Master" FTP folder on the FTP server and map that folder to your desktop so you can create directories as needed all in one fell swoop from your personal desktop.

This process simplifies the burden of creating FTP folders and user accounts, all while keeping everything separate from your active directory. This is only the tip of the iceberg, since you can also control FTP access with Serv-U by IP address, as well as add time limits, create bandwidth restrictions, enable upload and download ratios etc.

1 comment:

Unknown said...

noob
newb
noobie
ownd
pwnd
owned
raped
hax
haxor
turn ur scripts off
u suk
blow me
ur g@y

Just wanted 2 c if U would bug out LOL!