Administering Security and Access Permissions
Phone Book Service relies heavily on the security and access-control features built into Windows NT Server and Internet Information Server (IIS) version 4.0. This section describes an approach to managing permissions, access rights, and other security-related issues for Phone Book Service. If you are not familiar with the Windows NT administration process, you may want to have the network administrator set up the necessary account and permissions.
Administering security and access involves the following tasks:
-
Setting up an account on the server host
-
Setting up account permission for the \Inetpub\wwwroot\Phone Book Service directory
-
Typing an administrative user name and password in order to post phone books
-
Allowing FTP logons other than "anonymous"
For more information about administering Windows NT accounts and setting permissions, see the Windows NT Server version 4.0 documentation and online Help.
Setting Up an Account on the Server Host
In order to post to the server securely, you will have to have a valid account on the computer.
Note
Phone Book Administrator uses FTP to send the user name and password in an unencrypted format, which may be a security issue for some providers.
Setting Up Administrative Permission for the Phone Book Service Directory
Allowing only system administrators or designated personnel to access the data directory on the server host limits inadvertent phone book updates and keeps the data secure from tampering.
The following instructions assume that you have a Windows NT network security account and that the server hardware is formatted with the Windows NT File System (NTFS).
To create and modify a Windows NT account for posting to the \Phone Book Service directory
-
Click Start, click Programs, and then click Windows NT Explorer.
-
Right-click the Phone Book Service folder located under C:\Inetpub\wwwroot.
-
On the pop-up menu, click Options.
-
Click the Security tab.
-
Click Permissions.
-
Select Replace Permissions on Subdirectories.
-
Click Everyone, and then click Remove.
-
Click Add. The Add Users and Groups dialog box appears.
-
Point to the administrative group, and then click Change in the Type of Access list.
Entering the Administrative User Name and Password for Posting
After you limit the permissions to the \Phone Book Service directory, all phone books require an administrative user name and password in order to be posted to the server.
To set up a phone book with an administrative user name and password
-
Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Internet Connection Services for RAS, and then click Phone Book Administrator.
-
Point the phone book you want to post.
-
On the Tools menu, click Options.
-
Click the Phone Book Service tab.
-
Type the server hostname or address and the administrative user name and password, and then click OK.
Note
Phone Book Administrator stores your password. You may want to clear your administrative password from the dialog boxes to prohibit unauthorized posting to the server before you close the phone book.
Allowing Users Other than Anonymous to Connect to FTP Services
It is not a requirement to set up FTP service for use with users other than "anonymous." However, for added security it helps ensure that the person posting to the server has an account on it with special permissions.
To allow users other than anonymous
-
Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Service Manager.
-
Click the IIS folder to expand the tree, and then click the server name.
-
Double-click Default FTP Site.
-
Click the Security Accounts tab.
-
Clear the Allow only anonymous connections check box. A warning appears indicating that unencrypted passwords can be transmitted over the network.
-
Click Yes, and then click OK.
© 1997 by Microsoft Corporation. All rights reserved.