General discussion


W2K Server: FTP Access Problem

By jed ·
We are trying to set up an FTP server on our windows 2000 Server.

The problem is that normal Domain Users get a "User XXX Cannot log in" error, unless they are part of the Admins group.

I am sure this was workinga couple weeks ago, but suddenly they are prevented from logging in.

Any ideas?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by In reply to W2K Server: FTP Access Pr ...


Check the permissions of the FTP root folders for the users in question. Admin users would have access but the individual users might not.

-----Steve Jackson

Software Corporation (Softcorp)
Advanced pro bono tools and utilities free for personal use

Collapse -

by jed In reply to

Done. c:\inetpub\ftproot has Everyone->Full control. Anon acess is on, and the anon user can log in and access folder, and is correctly denied access to non-public subfolders.

Collapse -

by Joseph Moore In reply to W2K Server: FTP Access Pr ...

Since the Security permissions on the FTPROOT folder look good (assuming that, other than Everyone having FC rights, there's no groups that are Denied rights??) then try this.
Look at the Local Security Policy snap-in (in Control Panel -> Administrative Tools -> Local Security Policy).
Expand Security Settings -> Local Policies -> User Rights Assignment.
Look at the members who have the right "Access this computer from the network", and make sure that some non-admin group is listed that the users who are failing to FTP in belong to. By default, EVERYONE has the right, but you can remove EVERYONE (I do on machines on DMZs.)
If this is the case, then make a group, add the users to the group, and add the group to have the rights. Or use a group that already exists and add it.
I've seen it how FTP in IIS does not allow connections due to this security permission.

Collapse -

by jed In reply to

Thank you. I actually figured it out with copiuous google searching last week.

Our FTP server is also the domain controller. And MS disables local logins on DCs by default. (In fact, the one article I was able to find on MS's site, said that they don't reccomend running an FTP server on a DC.) But we have no choice right now.

Thanks for your help,


Collapse -

by jed In reply to W2K Server: FTP Access Pr ...

This question was closed by the author

Related Discussions

Related Forums