Windows 2000 Adding New FTP Users

This applies to the FTP server that runs under IIS.
These steps ensure that untrusted FTP users can't view or modify your files if they found a way to initiate a WinStation session on the IIS machine:

1- Create group, say, called "ftp users"
2- In My Computer, right-click on C: drive
3- Click "properties" and then the security tab
4- Add the group "ftp users" and deny all access
5- Check "apply to subdirectories"

6- Click OK
7- Repeat for all drives
8- Move c:\inetpub\ftproot to, say, c:\ftproot
9- Using IIS manager, go to the FTP site's properties and change the home directory to c:\ftproot, or where ever you moved the directory to in the above step
10- From Explorer, right-click on c:\ftproot
11- Click properties and then the security tab
12- Un-check "inherit properties"
13- Remove "Everyone"
14- Add "ftp users" and assign the desired permissions for this group

If the machine running Active Directory is also running the FTP server, perform these tips:

1- Go to program files/administrative tools/domain controller security policy
2- In local permissions, click on Log on locally
3- Add the group "ftp users"
4- Reboot
Otherwise, perform the above steps. For step 1, run the program files/administrative tools/local computer security policy instead.