configure windows 2008 server r2 ftp
新建ftp站点
http://www.iis.net/learn/publish/using-the-ftp-service/creating-a-new-ftp-site-in-iis-7
配置防火墙,允许远程登录ftp站点
http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7#Step3
Using FTP Virtual Host Names in IIS 7
http://www.iis.net/learn/publish/using-the-ftp-service/using-ftp-virtual-host-names-in-iis-7
ICACLS.exe: http://ss64.com/nt/icacls.html
IIS 7.5 The FTP 7.5 service ships as a feature for IIS 7.5 in Windows 7 and Windows Server 2008 R2.
ICACLS "%SystemDrive%\inetpub\ftproot" /Grant IUSR:R /T
The IUSR is a legacy account for anonymous access.
Change file and folder permissions - display or modify Access Control Lists (ACLs) for files and folders.
/grant Grant access rights
/T Traverse all subfolders to match files/directories.
/* Configure the FTP service to only use a limited number of ports for passive mode FTP */
In the IIS 7.0 Manager, in the Connections pane, click the top node for your server.
In the details pane, double-click FTP Firewall Support.
Enter the range of port numbers that you want the FTP service to use. For example, 41000-41099 allows the server to support 100 passive mode data connections simultaneously.
Enter the external IPv4 address of the firewall through which the data connections arrive.
In the Actions pane, click Apply to save your settings.
You must also create a firewall rule on the FTP server to allow inbound connections on the ports you configured in the previous procedure. Although you could create a rule that specifies the ports by number, it is easier to create a rule that opens any port on which the FTP service is listening. You limit the ports on which FTP is listening by following the steps in the previous procedure.
Configure an inbound firewall rule to allow inbound FTP connections to only the ports on which FTP is listening
Open an Administrator command-prompt. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as Administrator.
Run the following command:
netsh advfirewall firewall add rule name=”FTP Service” action=allow service=ftpsvc protocol=TCP dir=in
Finally, disable stateful FTP filtering so that the firewall does not block any FTP traffic.
netsh advfirewall set global StatefulFTP disable