KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q139341: FTP Server Interaction with Guest Account

Article: Q139341
Product(s): Microsoft Windows NT
Version(s): 3.51
Operating System(s): 
Keyword(s): 
Last Modified: 08-AUG-2001

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Windows NT Server version 3.51 
-------------------------------------------------------------------------------

SUMMARY
=======

The FTP server in Windows NT 3.51 Server (non-domain controller) can be
configured to validate users using the domain account data base or the local
account data base. However, the guest account settings in both data bases must
be correctly configured.

MORE INFORMATION
================

By default, an FTP client is validated against the local accounts data base. To
enable a Windows NT Server domain member (non-DC) to validate ftp clients
against the domain accounts data base, you must add the DefaultLogonDomain
parameter (value type REG_SZ) to the following registry key location:

  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FTPSVC\Parameters

WARNING: Using Registry Editor incorrectly can cause serious, system-wide
problems that may require you to reinstall Windows NT to correct them. Microsoft
cannot guarantee that any problems resulting from the use of Registry Editor can
be solved. Use this tool at your own risk.

To do this, run the Registry Editor (REGEDT32.EXE). From the HKEY_LOCAL_MACHINE
subtree, go to the key:

  \System\CurrentControlSet\Services\FTPSVC\Parameters

Choose ADD VALUE from the Edit menu. Enter in DefaultLogonDomain as the value
name with a data type of REG_SZ. The String needs to be the domain name to
validate users against. If you are using the MyDomainName domain to validate
users, the entry would look like the following:

  DefaultLogonDomain:REG_SZ:MyDomainName

If you use the guest account for anonymous connections and/or you wish to allow
access to user names not in the domain data base, you must pay special attention
to whether the guest account is enabled or disabled on both the domain account
data base AND the local account data base.

Below is a table describing the behavior of the ftp server when guest accounts
are enabled or disabled on the local machine and domain:

  Guest Account Setting   FTP Server Behavior
  ---------------------   --------------------------------------------
  Local      Domain       Anonymous Users   Random User (not in domain
  Guest      Guest        Allowed Access?   database) Allowed Access?
  --------   --------     ---------------   --------------------------
  ENABLED    DISABLED     Yes                Yes

  DISABLED   ENABLED      Yes                No

  ENABLED    ENABLED      Yes                Yes

  DISABLED   DISABLED     No                 No

======================================================================
Keywords          :  
Technology        : kbWinNTsearch kbWinNT351search kbWinNTSsearch kbWinNTS351 kbWinNTS351search
Version           : 3.51

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.