Configure FTP Server Authentication (IIS 6.0)
Internet Information Services (IIS) supports the following File Transfer Protocol (FTP) authentication methods:
Available authentication settings must be set at the site level for FTP sites. FTP service is not enabled by default in IIS 6.0.
If you change the security settings for your FTP site or virtual directory, your Web server prompts you for permission to reset the security settings for the child nodes of that site or directory. If you choose to accept these settings, the child nodes inherit the security settings from the parent site or directory.
As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type runas /user:administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.
Enable Anonymous FTP Authentication
If you select Anonymous FTP authentication to secure FTP resources, all requests for that resource are accepted without prompting the user for a user name or password. For Anonymous authentication, IIS automatically creates a Windows user account called IUSR_computername, where computername is the name of the server on which IIS is running. If you have both Anonymous FTP authentication and Basic FTP authentication enabled, IIS tries to use the Anonymous FTP authentication user account first.
To enable the Anonymous FTP authentication method
Enable Basic FTP Authentication
If you select the Basic FTP authentication method to secure your FTP resources, users must log on with a user name and password corresponding to a valid Windows user account. If the FTP server cannot verify a user's identity, the server returns an error message. Basic FTP authentication provides only low security because the user transmits the user name and password across the network in an unencrypted form.
To enable the Basic FTP authentication method