Configuring Anonymous FTP Authentication
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
You can configure your FTP server to allow anonymous access to FTP resources. If you select Anonymous FTP authentication for a resource, all requests for that resource are accepted without prompting the user for a user name or password. This is possible because IIS automatically creates a Windows user account called IUSR_computername, where computername is the name of the server on which IIS is running.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To enable Anonymous FTP authentication
If the IUSR_computername account is not used for Anonymous FTP authentication, you must create a Windows user account appropriate for the authentication method and add the account to a Windows user group.
Configure NTFS permissions for the directory or files for which you want to control access, using the user account you selected in step 1.
In IIS Manager, double-click the local computer; right-click the FTP Sites folder, an individual FTP site folder, a virtual directory, or a file; and then click Properties.
Note
Configuration settings made at the FTP Sites level are inherited by all of the FTP sites on the server. You can override inheritance by configuring the individual site or site element.
Click the Security Accounts tab.
Select the Allow anonymous connections check box.
To allow your users to gain access by Anonymous authentication only, select the Allow only anonymous connections check box.
In the User name and Password boxes, type the anonymous logon user name and password that you want to use, and then click OK. The user name is the name of the anonymous user account, which is typically designated as IUSR_computername.
Set the appropriate NTFS permissions for the anonymous account.
Important
If you change the security settings for your Web site or virtual directory, your Web server prompts you for permission to reset the security settings for the child keys of that site or directory. If you choose to accept these settings, the child keys inherit the security settings from the parent site or directory.
Related Information
For information about creating Windows user accounts, see Best Practices for Securing Files with NTFS Permissions.
For information about setting NTFS permissions for an anonymous account, see Setting NTFS Permissions for Directories or Files.
For information about setting metabase properties, see Configuring the Metabase.