Article ID: 247132 - View products that this article applies to.
This article was previously published under Q247132
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspxFor more information about IIS 7.0, visit the following Microsoft Web site:
This step-by-step article describes how to configure a computer that is running Microsoft Internet Information Services (IIS) to allow server-to-server FTP transfers by modifying values in the system registry.
Note By default, these values are disabled to prevent malicious attacks against the file transfer protocol (FTP) service. Although details for configuring server-to-server transfers are listed in this article, Microsoft does not recommend modifying these registry keys on IIS-based FTP servers that are connected to the Internet.
RequirementsThe following list outlines the recommended hardware, software, network infrastructure, and service packs that are required:
Server configurationImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
ExampleIn typical client/server FTP transfers, the user is only responsible for sending "friendly" commands to the server; the client responds automatically. When a server-to-server FTP transfer is performed, another server is the client. Therefore, the user is responsible for sending all FTP commands to both servers (in RFC959 format, these are preceded by the "literal" keyword).
To transfer a binary file (named myFile.xls) from Server1 (IP address: 192.168.0.10) to Server2 (IP address: 192.168.1.20) by using the command-line FTP client on Workstation1, follow these steps:
Note You must have Write permissions enabled on Server2 for this example to work.
For more information about server-to-server FTP transfers in IIS 6.0, visit the following Microsoft TechNet Web site:
For more information about the FTP Bounce attack, click the following article number to view the article in the Microsoft Knowledge Base:
185378For more information about the registry keys that are listed in this article, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/185378/ )IIS 4.0: FTP "Bounce" attack and CERT Advisory CA-97.27
260934For more information about how to enhance IIS security, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/260934/ )IIS answers PASV commands with port numbers in sequential order
282060For more information about the FTP service that is included with IIS, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/282060/ )Resources for securing Internet Information Services
283679For more information about port, pasv, stor, retr, stat, and other literal FTP commands, visit the following World Wide Web Consortium (W3C) Web site:
(http://support.microsoft.com/kb/283679/ )Information about the IIS File Transmission Protocol (FTP) service
RFC 959 - FILE TRANSFER PROTOCOL (FTP)