2008年12月26日 星期五

固定IIS FTP Passive Mode 使用的Port Range

IIS 5
1.開始->執行->regedit.exe->確定
2.HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msftpsvc\ParametersPassivePortRange
3.將值修改為 5000-5100

IIS 6
1.開始->執行->cmd->確定
2.C:\cd C:\Inetpub\AdminScripts
3.C:\Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange "5000-5100"
4.若出現This script does not work with Wscript->Yes
5.則會出現Would you like to registry CScript as your default host for VBscript? ->Yes
則會出現 Successfully registered CScript
6.再執行一次adsutil.vbs set /MSFTPSVC/PassivePortRange "5000-5100"
7.則會出現PassivePortRange : (STRING) "5000-5100"
表示成功

[Windows Firewall設定]


[節錄Microsoft KB 555022]
For Windows 2003 Server

a) To Enable Direct Metabase Edit
1. Open the IIS Microsoft Management Console (MMC).
2. Right-click on the Local Computer node.
3. Select Properties.
4. Make sure the Enable Direct Metabase Edit checkbox is checked.


b) Configure PassivePortRange via ADSUTIL script
1. Click Start, click Run, type cmd, and then click OK.
2. Type cd Inetpub\AdminScripts and then press ENTER.
3. Type the following command from a command prompt.
adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700"
4. Restart the FTP service.

You'll see the following output, when you configure via ADSUTIL script:

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

PassivePortRange : (STRING) "5500-5700"


For Windows 2000 Server
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs.

In order for this PassivePortRange to work in Windows 2000, system administrator must install Service Pack 4 (SP4) or later, For additional information, visit the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Configure PassivePortRange via Registry Editor
1. Start Registry Editor (Regedt32.exe).
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msftpsvc\Parameters\
3. Add a value named "PassivePortRange" (without the quotation marks) of type REG_SZ.
4. Close Registry Editor.
5. Restart the FTP service.

Note: The range that FTP will validate is from 5001 to 65535.

沒有留言: