70-240 in 15 minutes a week: Software Distribution, Terminal Services, and IIS Page 6

By ServerWatch Staff (Send Email)
Posted Apr 30, 2001


As you may have noticed, for a website you are able to set basic permissions that will apply to all users who connect to the site. However, you should also note that all resources may also be protected by NTFS permissions, and this allows you a more granular level of control, if required. For example, a user who has the NTFS permission Deny Read for a folder will not be able to view files in that folder, even if accessing the resources via the web server which allows Read to the directory. 

Internet Information Services allows a number of different authentication options, depending upon the type of usage required for the server. The screen shot below outlines the choices available. Note that by default, anonymous access and Integrated Windows authentication are selected.

Anonymous access - this option does not require the user to provide credentials to access the resource.
Basic authentication - password is sent as clear text. Some browsers (like Netscape Navigator) do not support integrated windows authentication, necessitating this option.
Digest authentication - a challenge/response system that does not pass unencrypted passwords between the client and server. 
Integrated Windows authentication - formerly called NTLM, uses the credentials of the currently logged-on user. 

Both FTP and WWW sites can control access via IP address, while a WWW site can also control access via domain name. This allows you to control either who does not (common) or does (less common) have access to the given site. This would allow you to block connections from a given domain or certain IP address, or limit access to only a selected group or person in the same manner. The screen shot below shows an example of a site that allows access to everyone, except for users from a certain subnet.

Note that you should know how to designate an entire subnet in one of these lists - that will require knowledge of subnetting, which you can review from article 7 in the series.

It is also important that you be familiar with some of the more common TCP and UDP port numbers for the exam. Some of the most common and their related services are listed in below:

FTP - TCP port 21 (control, data travels over TCP port 20)
Telnet - TCP port 23
SMTP - TCP port 25
DNS - TCP and UDP port 53
HTTP - TCP port 80
LDAP - TCP port 389
HTTPS - TCP port 443


The properties for an FTP server appear similar to those for a web server, although there are fewer property sheets. By default, a connection to an FTP server is initiated via a connection to port 21 on the server, though again this can be changed. A single IIS server can most multiple FTP sites, either by each using a separate IP address, or by assigning each a different port. The property sheet for the default FTP site is shown below:

An explanation of each of the tabs is listed below:

FTP Site - contains basic information about the site including IP address, port, connection, and logging settings.
Security Accounts - controls the ability to allow anonymous connections, as well as the ability to grant site operator privileges.
Messages - allows you to set the messages that will appear to uses when they connect, disconnect, or the maximum number of simultaneous users has been exceeded.
Home Directory - allows you to specify the home directory location on the server and the directory listing style.
Directory Security - allows you to specify which computers are granted or denied access to the FTP site according to IP address or subnet address.

And yet another week of your studies completed! Next week we'll finish the Windows 2000 Server portion of the series with a look at the various odds and ends that are left and didn't necessarily fit well anywhere else. Thanks to all who have been following the series and have contacted me - you have really helped to keep me motivated. As usual, I look forward to your questions, comments, and feedback. I hope you'll also visit my message board if you have any questions while studying. My preference is that all study-related questions be posted there for the benefit of others, who may also have the same question. Good luck with your studies this week - we're almost half way there!

Dan

Page 6 of 6


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.