Set permissions early
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Set permissions early
Before you can publish phone books to a Phone Book Service (PBS) server, you must create a specific user account that has the necessary permissions to post your phone books. The NTFS file system should be running on the server host.
Failure to set permissions is likely to prevent you from posting phone books to the server.
Set up a user account on your PBS server for posting phone books. Set permissions for the user account so that users have the minimum necessary permissions to post to your server. This user account should be a local user account on the PBS server, not on a domain, even if the PBS server is a member of a domain. For additional security, you should make this account a member of the Guests group, and you should disable this user account from logging on locally and from logging on through Terminal Services. To post phone books, the user account must have a password, and the password cannot be null. The user account must also have Write permission to the PBSData folder in the FTP virtual directory. For more information, see Create a local user account, Set the Write permission for the FTP virtual directory, Add a member to a local group, Deny log on locally, and Deny log on through Terminal Services.
Configure FTP service for specific users when posting phone book data. When you install PBS, FTP is also installed with anonymous FTP access disabled. Because passwords for FTP sessions are sent as plaintext, you should not use the user account that you use for posting phone book data for any other purpose. Do not activate this account until you are ready to post data, and disable this account as soon as you finish posting data. For more information, see Set up FTP accounts for known users and Disable or activate a local user account.
Set permissions for the Phone Book Service folder (optional but recommended; NTFS file system only). For added security, you should change access to the Phone Book Service folder from all authenticated users to specific user accounts or groups. For more information, see Set permissions for the Phone Book Service folder (NTFS only) and Security information for Connection Point Services.
Set the Write permission for the PBSData folder in the FTP virtual directory. Before you can post, you must set this permission on the FTP virtual root. For enhanced security, set this permission only when you are about to post to the server, and then clear it immediately after posting. For more information, see Set the Write permission for the FTP virtual directory.