This guy's stuff proved to be quite useful to me: http://weblogs.asp.net/owscott/archive/2004/02/05/68423.aspx
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Mark J. Sent: Friday, January 18, 2008 5:21 PM To: [EMAIL PROTECTED]; [email protected] Subject: RE: FTP on IIS IIS 6, which comes with Windows Server 2003, is quite secure out of the box. Most of the evil holes that were present in IIS 5 and earlier have been patched. If you're forced to use IIS 5 or lower, I agree with all the other comments. Use something else. When you select to install IIS, the minimum components needed for static HTML pages are already selected. For FTP, just deselect the web components and install the minimal FTP components. I would suggest using local GUEST accounts for authentication. I would also suggest placing the FTP root on a separate partition with no other files. Do not place the FTP root on the system partition. Do a Google search on "windows ftp security" for articles on setting up Windows 2003 FTP. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Friday, January 18, 2008 10:58 AM > To: [email protected] > Subject: FTP on IIS > > I'm preparing to build a new FTP server using IIS (or an IIS server using FTP??? I'm not > sure). Anyway, I was wondering if anyone could recommend some good sources on how to lock > it down. I need to configure it for an FTP site that anyone can get to and one that is > password protected. Thanks in advance!
