Prevent local FTP ID from logging into console

[dreamcurse]

Hi,

I'm running IIS running FTP.
I was wondering when I create a local ID on the server for FTP usage i have to enable "Log on Locally" for that ID in the local security policy. This will then allow the ID to be used for FTP

However, how can I prevent that same ID, from logging into the server from the console without losing the FTP login capability?

Thanks for any assistance.

 

[pasupport]

Remove the user the the Terminal Users group


--
Visit my website site a pasupportsolutions.com for cool tips and tricks

 

[TechyMcSe2k]

You should diable the local account from log on locally in the local security policy as well as pasupport's suggestion.

local FTP accounts should not require log on locally.

http://technet.microsoft.com/en-us/library/cc757586.aspx

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!

 

[dreamcurse]

Well if I disable the "Log on locally" feature for that account. I'm unable to initiate a FTP connection with that ID.

When I open an FTP session from command line, after entering the password, i receive
530 User **** cannot log in.

http://support.microsoft.com/kb/239120

 

[TechyMcSe2k]

Sorry about that; I was thinking of the Terminal Services issue as stated by pasupport.

This will give you some ideas.

http://www.windowsecurity.com/articles/Secure_FTP_Server.html

Enforce strict passwords, lockouts and time restrictions.

for direct console access, that should be physically controlled.

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!