Search Windows and Linux Networking

Monday, January 31, 2011

Create FTP Server with Isolate User in Windows (Simple FTP that requied Authentication)


FTP Server with Isolate User in Windows

Hello Friend,
    Today I will show you how to create FTP Server with Isolate user in windows for better security and restricting particular  users for there directory only that is allowed to hem only. In windows FTP server there are three option When creating FTP site that is:


1) Do not  Isolate user mode

2)With Isolate user mode

 3) Isolate user with Active Directory.

     In my previous post i had shown you how to created simple ftp site that do not Isolate the user.Now I will show you how to create FTP Site with Isolate user in my next post i will show you how to use the last option Isolate user with Active Directory.

    Basically we create FTP site with Isolate for restricting user to there own directory only. he not able to navigate to higher level directory . You can use this scenario if you have many customer who's web site are hosted on your web server and customer want to update there site periodically. When you have option to use Isolate user for assigning directory to only users you want to allow. when user trying to access your ftp server, FTP server will ask him for his user name and password after that it check that if user name and password are valid or not , If it is valid and the given user directory is contain on the root (Home )Directory then it show the content of the directory. If directory not exist then user will be deny the access to the server. So you can also use this mode if you want to restrict the users.

   So what are the requirement for create FTP site with Isolate user?

1) IIS with FTP service option selected

2) Create root (Home) Directory for FTP site.

3) Create Sub-directory for your local host or for your domain (In my example i create sub-directory as my domain name that is example [If my domain name is example.com] you can create sub-directory as per your domain name if you want to authinticate the users by Active Directory else you can be create direcory as localhost  if your server is not in domain or you want local server authentication for the access) 

4) Now Create users Directory in to sub-directory of your domain or localhost directory. (In My example I had created two directory for user sandeep as sandeep and for user Raj as raj )

Here is the Directory Structure for my example.com for users sandeep and raj

Directory for Root  = D:\ftproot
Directory for Domain =D:\ftproot\example
Directory for users=D:\ftproot\example\sandeep
                              D:\ftproot\example\raj

I had already shown how to install IIS in my previous post so i am skipping that for now I will directly start with createing  FTP site with Isolate option from Internet Information Service sanp-in.

To Open Internet Information Snap-in go to

Start ----then control panel ----Administrative Tools --and then select Internet Information Service snap-in

it will be open MMC snap-in of IIS  now click on +sing then Select FTP and Right Click the mouse and select New FTP Site . It will be run Wizard for creating FTP site .now follow the instruction and gave the answer to the wizard to create ftp site.  Gave the name and description to your FTP site as you like live the default option for IP address and port no. only Select the option Isolate users in FTP user Isolation Window
Then click next. it will be ask you for root directory (Home directory ) browse to the directory we had created early as root directory in my example i was created directory D:\ftproot then click next . (here you can also can define the permission like Read  for only download and write for allow to upload  ) at last it show your the summary information you had selected cross check it and then click finish. your FTP site with Isolate user is now appear under FTP in IIS MMC snap-in windows. now try to access your ftp server by browser like
 
ftp://172.16.11.210


It will be ask you for authentication and gave the username and password for authentication for user you want for example i will type example\sandeep as user name and password of sandeep user it will grant the access to sandeep because we had created directory for sandeep now try to access your ftp server with diffrent user that directory are not created on sub-directory of domain .  it will not allow you to logon to server because we had not granted the your to allow . if you want to allow hem you need to create directory for that user then it will be allow that user to access his directory.

Friday, January 28, 2011

How to Create Simple FTP Server (anonymous ftp server) in Windows

How to Create Simple FTP Server (anonymous ftp server) in Windows 


Hello Friends,
Today I will show you a simple FTP server in Windows .

FTP or File Transfer Protocol is a method to transfer files from one computer to another. It can be also used for regular update or backup of your web servers. from remotely. You can download and upload your web pages from and to your FTP Client - Server Application. But for now I will show you a Simple FTP server that not required any authentication a Simple Anonymous ftp server to access publicly . Later post I will show you how to secure your FTP server by asking User name and Password from the User. On both OS on Windows and Linux also.

        First I will show you How to Configure FTP on Windows Server. 

In Windows FTP is available in IIS so for FTP server installation you required install IIS from Add Remove    Program to open Add Remove Program go to Start - Click on Run Option and type appwiz.cpl and Click OK. It will be open Add Remove program on your system. Then Click on Add Remove Windows Components then the select Internet Information service (IIS ) then Click Detail in Detail Component page of IIS select File Transfer Protocol  (FTP) Service by clicking on check box.  It will be also select Internet Information Service Snap-in and common files automatically .Then Click OK. Your Server will ask you for the Operating System CD to insert. Insert the windows server operating system CD disk on CD Drive and click next and then Finish.
     After FTP service installed we need to create FTP site From Internet Information Service (IIS) Snap-in MMC console . First we need to Create Root (Home) Directory for FTP so Create New Directory on D Drive or Where you want as Ftproot . Then open MMC console by Click on Star then go to Administrative Tool then select Internet Information Service (IIS)Snap-in. It will open IIS MMC Console.Now Click + sing then click Select FTP and Right Click select New FTP Site . It will run a Wizard for Creating New FTP site follow the instruction Give the Name and  Description to your FTP site then Click Next it will ask for IP address and port number leave it default and click next 

Then the Wizard will ask you for Isolate mode option Select the default option Do not isolate user (I will explain later what is the isolate user in FTP when Securing the FTP server on my next post ) 
  
Then it will ask you for Root (Home) Directory for FTP site Point the FTP Root to the Directory we had just created that is D:\Ftproot then it will ask you what permission you want to give menace anonymoust user can able to only download the file or he can also able to upload the file on the server . Read means he can download and Write means he can upload the file on server. I Recommended only Download because write permission will give risk of virus infection to the server. so Select only read permission and the click next. it will show you summary of what you have selected if you want to change the option Select back else select Finish. Now your First FTP site will appear in IIS MMC console under FTP container. now you can try it by accessing your FTP server from Client Computer and using Internet Explorer or Any browser and typing the usr as

ftp://172.16.11.210

It will open your FTP Site and you can download the file from your ftp server for backup or for transfer . To allow this FTP server accessible from internet you have to register your domain name and then point your domain name to particular Public IP Address and NAT that Public Address to your FTP server so that Internet your can access your FTP server from Word Wide. For Example you can use

ftp://www.yourregisterdoamin.com to access your FTP site.   



Wednesday, January 5, 2011

Creating Multiple Users in Active Directory using excel and VBScript.

You can do your job for creating multiple users with the help of batch file with net user and dsadd command but this task in also time consuming instead with the help of VBScript you can do your job very quickly and reliably with the help of Excel and VBScript. you do not need to every time to update batch file every time to create users instead create one script file one time and tail that script file to read the excel file and create users in Active Directory . every time you only need to update excel file for new users or you need to told the script file where it will find the file for creating users.
         I will show you how to create users with the help of Excel and VBScript

Please see the following excel file that i am going to use.

Newuser.xls

       Now open notepad and type the following script to read excel file and create users and assing permission to his home folder , add to user group etc. and save this file with .vbs extension.
Note:- You have to only need to update your Domain name , and excel file name , group name and permission you want.



' CreateUsers.vbs
' VBScript program to create users according to the information in a
' Microsoft Excel spreadsheet.
'
' ----------------------------------------------------------------------


Option Explicit

Dim objExcel, strExcelPath, objSheet
Dim strLast, strFirst, strMiddle, strPW, intRow, intCol
Dim strGroupDN, objUser, objGroup, objContainer
Dim strCN, strNTName, strContainerDN
Dim strHomeFolder, strHomeDrive, objFSO, objShell
Dim intRunError, strNetBIOSDomain, strDNSDomain ,intRunError2
Dim objRootDSE, objTrans, strLogonScript, strUPN

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Specify spreadsheet.
strExcelPath = "c:\NewUser.xls"

' Specify DN of container where users created.
strContainerDN = "ou=newUsers,dc=mydomain,dc=local"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

' Determine DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name
' from the DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSdomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

' Open spreadsheet.
Set objExcel = CreateObject("Excel.Application")

On Error Resume Next
objExcel.Workbooks.Open strExcelPath
If Err.Number <> 0 Then
  On Error GoTo 0
  Wscript.Echo "Unable to open spreadsheet " & strExcelPath
  Wscript.Quit
End If
On Error GoTo 0
Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)

' Bind to container where users to be created.
On Error Resume Next
Set objContainer = GetObject("LDAP://" & strContainerDN)
If Err.Number <> 0 Then
  On Error GoTo 0
  Wscript.Echo "Unable to bind to container: " & strContainerDN
  Wscript.Quit
End If
On Error GoTo 0

' Start with row 2 of spreadsheet.
' Assume first row has column headings.
intRow = 2

' Read each row of spreadsheet until a blank value
' encountered in column 5 (the column for cn).
' For each row, create user and set attribute values.
Do While objSheet.Cells(intRow, 5).Value <> ""
  ' Read values from spreadsheet for this user.
  strFirst = Trim(objSheet.Cells(intRow, 1).Value)
  strMiddle = Trim(objSheet.Cells(intRow, 2).Value)
  strLast = Trim(objSheet.Cells(intRow, 3).Value)
  strPW = Trim(objSheet.Cells(intRow, 4).Value)
  strCN = Trim(objSheet.Cells(intRow, 5).Value)
  strNTName = Trim(objSheet.Cells(intRow, 6).Value)
  strUPN = Trim(objSheet.Cells(intRow, 7).Value)
  strHomeFolder = Trim(objSheet.Cells(intRow, 8).Value)
  strHomeDrive = Trim(objSheet.Cells(intRow, 9).Value)
  strLogonScript = Trim(objSheet.Cells(intRow, 10).Value)
  ' Create user object.
  On Error Resume Next
  Set objUser = objContainer.Create("user", "cn=" & strCN)
  If Err.Number <> 0 Then
    On Error GoTo 0
    Wscript.Echo "Unable to create user with cn: " & strCN
  Else
    On Error GoTo 0
    ' Assign mandatory attributes and save user object.
    If strNTName = "" Then
      strNTName = strCN
    End If
    objUser.sAMAccountName = strNTName
    On Error Resume Next
    objUser.SetInfo
    If Err.Number <> 0 Then
      On Error GoTo 0
      Wscript.Echo "Unable to create user with NT name: " & strNTName
    Else
      ' Set password for user.
      objUser.SetPassword strPW
      If Err.Number <> 0 Then
        On Error GoTo 0
        Wscript.Echo "Unable to set password for user " & strNTName
      End If
      On Error GoTo 0
      ' Enable the user account.
      objUser.AccountDisabled = False
      If strFirst <> "" Then
        objUser.givenName = strFirst
      End If
      ' Assign values to remaining attributes.
      If strMiddle <> "" Then
        objUser.initials = strMiddle
      End If
      If strLast <> "" Then
        objUser.sn = strLast
      End If
      If strUPN <> "" Then
        objUser.userPrincipalName = strUPN
      End If
      If strHomeDrive <> "" Then
        objUser.homeDrive = strHomeDrive
      End If
      If strHomeFolder <> "" Then
        objUser.homeDirectory = strHomeFolder
      End If
      If strLogonScript <> "" Then
        objUser.scriptPath = strLogonScript
      End If
      ' Set password expired. Must be changed on next logon.
      objUser.pwdLastSet = 0
      ' Save changes.
      On Error Resume Next
      objUser.SetInfo
      If Err.Number <> 0 Then
        On Error GoTo 0
        Wscript.Echo "Unable to set attributes for user with NT name: " _
          & strNTName
      End If
      On Error GoTo 0
      ' Create home folder.
      If strHomeFolder <> "" Then
        If Not objFSO.FolderExists(strHomeFolder) Then
          On Error Resume Next
          objFSO.CreateFolder strHomeFolder
          If Err.Number <> 0 Then
            On Error GoTo 0
            Wscript.Echo "Unable to create home folder: " & strHomeFolder
          End If
          On Error GoTo 0
        End If
        If objFSO.FolderExists(strHomeFolder) Then
          ' Assign user permission to home folder.
          intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " _
            & strHomeFolder & " /T /E /C /G " & strNetBIOSDomain _
            & "\" & strNTName & ":F administrator:F administrators:F /r Users system ", 2, True)



          If intRunError <> 0 Then
            Wscript.Echo "Error assigning permissions for user " _
              & strNTName & " to home folder " & strHomeFolder
          End If



        End If
      End If
      ' Group DN's start in column 11.
      intCol = 11
      Do While objSheet.Cells(intRow, intCol).Value <> ""
        strGroupDN = Trim(objSheet.Cells(intRow, intCol).Value)
        On Error Resume Next
        Set objGroup = GetObject("LDAP://" & strGroupDN)
        If Err.Number <> 0 Then
          On Error GoTo 0
          Wscript.Echo "Unable to bind to group " & strGroupDN
        Else
          objGroup.Add objUser.AdsPath
          If Err.Number <> 0 Then
            On Error GoTo 0
            Wscript.Echo "Unable to add user " & strNTName _
              & " to group " & strGroupDN
          End If
        End If
        On Error GoTo 0
        ' Increment to next group DN.
        intCol = intCol + 1
      Loop
    End If
  End If
  ' Increment to next user.
  intRow = intRow + 1
Loop
'Display Message
MsgBox "NewUsers are added in Domain"& _
VBTab & VBTab & vbCrLf & vbCrLf &_
 "First password is abc@123" & _
VBTab & VBTab & vbCrLf & vbCrLf &_
"User Must Change password with next logon",64,"WELCOME TO MYDOMAIN"


' Clean up.
objExcel.ActiveWorkbook.Close
objExcel.Application.Quit
Set objUser = Nothing
Set objGroup = Nothing
Set objContainer = Nothing
Set objSheet = Nothing
Set objExcel = Nothing
Set objFSO = Nothing
Set objShell = Nothing
Set objTrans = Nothing
Set objRootDSE = Nothing