Setup groups and users in FileZilla Server and connect with ftpes

Following my earlier post on how to Install and configure an FTP server, this post describes on how to setup groups and users in FileZilla.

Open the FileZilla Server console by clicking on the taskbar icon.

Choose Edit->Groups->Add


 

Create a folder on one of your drives called Filezilla. Create a subfolder called clients. After the group has been added in the FileZilla console, select the group and configure it as follows

The path will be F:\Filezilla\clients\:u

:u represents to automatically select the subfolder based on the login username.

H represents the Home folder

Eg: If you create a folder as F:\Filezilla\clients\sujeeth, then the client with username ‘sujeeth’ will be automatically be mapped to that folder and it will be that login’s home folder.

 

To create an Alias, Click on Add and give local path. Right click on the path and select Edit aliases. So when the client login, they will see a folder called website, and when they upload the files, it will be stored in C:\autopublish

 

You can set the Speed Limits and IP Filter based on your requirements. After you create the group, you follow the same procedure to add the users. Any user that is member of a group will inherit all the settings of that group.

 

After you have setup the user, you can connect using FileZilla client on the remote machine with the following syntax

ftpes://<username>:<password>@<host IP address>/

eg: ftpes://sujeeth:pa55w0rd@207.46.222.11/

You have to use ftpes protocol because you have configured the FileZilla Server to force explicit SSL as per my previous post

 

Advertisements

Install and Configure FTP Secure (FTPS) or FTP-SSL using FileZilla

I am going to show you how to setup an FTP Secure (FTPS protocol) on Windows Server 2003 and have your own version of FTP server rather than default ftp in IIS.

FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure file transfer subsystem for the Secure Shell (SSH) protocol. It is also different from Secure FTP, the practice of tunneling FTP through an SSH connection.

Please make sure you don’t have IIS FTP service enabled and running. If you have it running, please disable FTP service as we are going to use the same ports as a standard FTP

Download the latest version of FileZilla Server. At the time of writing, it was 0.9.33

Choose Standard install and proceed. This will install the Windows service for FileZilla and the GUI for administration.

After the Installation is completed, it is now to configuring the server. To start the Administration interface, Connect to 127.0.0.1 which is localhost on Port 10050 (you have given this during installation)


Setup your server as per the images. They are self explanatory.

We are going to have the FTP Secure to listen on port 21 which is the default FTP port.

Setup your own customised welcome message when the users logs in. Make sure you select to hide the message in log, because this might increase the log size.

Use * to bind all IP addresses on the local system. If your server has multiple IP addresses assigned, provide only the IP that you want to use

To have better control over security, Ban all IP addresses to connect and include only the IP address in the exclude list that want to connect. Separate the IP address with a space. Here I allowed google.com IP (209.85.229.103)

The next few settings are straight forward:

Enable logging to see who the usage and also enable deletion of older log files or else you will end up requiring huge disk space

Here you can set the download and upload speed limits if you wish to. Note that these limits are global settings, so they will take over individual user settings.

This is the main part where we configure an SSL certificate to set our server as FTPS. You can use a public certificate which you need to purchase. But for the demo purposes, I am going to use inbuilt certificate generator.

Provide your server IP address in the Common name

Go back to SSL/TLS settings and give the path to the generated certificate and a key password

And finally Autoban settings and we are done with Server Configuration.

Before you proceed to connect, make sure port 21, 990 and 3000-4000 are allowed on your firewall. This is very important.

In my next post, I will show how to setup groups and users in FileZilla Server and connect using FileZilla Client.

How to disable Front Panel Audio Jack / USB ports

Recently, one of my colleagues snapped his earphones in the front Audio Jack of his machine. So he tried using the Rear ones with a different headphone. But the audio wasn’t coming. So I did a bit of troubleshooting and found that, since the old earphones snapped, it left a small piece of metal in the front audio jack. So the machine thinks that the audio jack is in use and it takes over the rear jack from emitting sound.

The only way to disable the front Audio jack is to physically disconnect it. There is no BIOS or software setting to disable it.

If your machine is an old one, there might be a chance that the front Audio Jack is connected individually with a cable to the motherboard. Open the case and locate the cable and disconnect it. The front Audio jacks are simply an extension to the original back ones, but they detect the earphones and take over the rear jack.

All the latest DELL machines have the power switch, front USB ports and Audio jacks on the same circuit board connected to the mother board with a single connector. If you disconnect that, you won’t be able to switch on the machine. So that’s not an option with the new machines.

Remove the circuit board and break the Audio Jack. That’s how I fixed it :)

Note: You can always the disable any (front or rear) of the USB ports from the BIOS, but not the Audio Jack. You can completely disable the onboard Audio controller from the BIOS.

Initializing the root folders to display

Microsoft has changed the way the Office suite handles file and folder information in newer versions of Office.

If you are working on a domain joined workstation, this is more likely to happen in any of the Office 2007 Applications:

Whenever you try to save a document or open a document with the office applications, the above pop-upwill open and it will take some time to get the control back. This is mainly due to disconnected network drives. The mapped drives might not be available anymore or you don’t have proper permissions.

FIX: Disconnect the network drives and reconnect them with the proper credentials and then the pop-up will disappear.

If your network drives are mapped when you login using a logon script, then first disconnect all the network drives and go to \\<domainservername>\SYSVOL\<domain>\scripts\<yourname>.bat and execute it. All the drives will be mapped if you they are available and authenticated.

Replace <> tags with your environment names.

eg: \\ad01\SYSVOL\contoso\scripts\technobuff.bat

what is an .msu file?

A file with .msu extension is used to deliver Windows updates (security updates, critical updates, updates, update rollups or hotfixes) or downloadable setup packages to the Windows Vista and in Windows Server 2008 system.

msu stands for Microsoft Update Standalone Package. These files are associated with the Windows Update Stand-alone Installer (Wusa.exe) in Windows Vista and in Windows Server 2008. The Wusa.exe file is in the %windir%\System32 folder. The Windows Update Stand-alone Installer uses the Windows Update Agent API to install update packages.

An .msu file contains the following contents:

  • Windows Update metadata
    This metadata describes each update package that the .msu file contains.
  • One or more .cab files
    Each .cab file represents one update.
  • An .xml file
    This .xml file describes the .msu update package. Wusa.exe uses the .xml file when you perform an unattended installation of the update by using the Package Manager tool (Pkgmgr.exe).
  • A properties file
    This file contains string properties that Wusa.exe uses. For example, this file contains the name of the associated article in the Microsoft Knowledge Base.

To install an .msu update package, run Wusa.exe together with the full path of the file. For example, if the Windows6.0-KB952876-x86.msu file is in the C:\Temp folder, type the following command at a command prompt to install the update package:

wusa.exe C:\Temp\Windows6.0-KB952876-x86.msu

You can also double-click the .msu file to install the update package.

You can’t open the .msu file on a computer that is not running Windows Vista or Windows Server 2008. You cannot extract or view the MSU’s contents. To resolve this issue, use the Windows Vista Expand command to extract and to view the files in an MSU.
expand -f:* “C:\934307\Windows6.0-KB952876-x86.msu” %TEMP%

Then, you type the following command at a command prompt:

pkgmgr.exe /n:%TEMP%\Windows6.0-KB952876-x86.xml

The terminal server has exceeded the maximum number of allowed connections

When a user tries to connect to a machine using Remote Desktop connection, they might come across this error message.

The terminal server has exceeded the maximum number of allowed connections

This is because Windows Server only allows two connections through RDP, and you’ve either got two people already logged on to that machine, or you’ve got disconnected sessions that still thinks they are active. If a user simply closes the remote desktop window when they’re finished, that user will still remain logged on, unless there is a time out configured in Terminal Services Configuration as follows

Terminal Services Configuration

Terminal Services Configuration

If the Session time out is not configured, or the logged on users are not available, you wont be able to logon to the machine. To overcome this limitation, follow the steps as below.

open a command prompt or type in the RUN prompt

mstsc /v:[00.00.00.00/SERVERNAME] /f -console

eg: mstsc /v:192.168.1.10 /f -console
mstsc /v:ADSURF /f -console

This will connect to the physical console session on the server (also known as “session zero”). You will then be prompted with the login box and provide the administrator details. Then you will be connected to the Console Session on the server. Now you can reset the disconnected user sessions from Terminal Services Manager. Please note that if you get disconnected from this console session, you will  have to go physically to the machine.

More info on mstsc at Technet

UPDATE:
If you have Windows Vista with SP1 or Server 2008, use the following syntax:

mstsc /admin

If you use the old switch “/console”, it will just ignore that and proceed connecting. In Windows Server 2008, the /console switch doesn’t exist anymore because “session 0” is a non-interactive session that is reserved for services. Difference between admin and console swtich are here.

Another workaround:

You can also query the sessions on the remote machine as an administrator of that machine. Open a command prompt as a domain administrator that the remote machine is set to or map a drive of that remote machine.

Then in the command prompt, type as below:

query session /server:servername

Replace servername with the remote machine name or IP address.

Now we have the information of all the users/sessions that are active/disconnected on the remote machine. We can now reset one of the session with the following command.

reset session [ID] /server:servername

Replace [ID] with the number from the prevoius output and servername with the remote machine name or IP address. This will reset the session and now you can login using Remote Desktop connection.