>>I would turn off Anonymous access if you need any security at all... then just create users with privelages to each site.
>
>Thanks for the response, Wayne.
>
>Here is something I read from an IIS4 Administration book regarding your suggestion...
>
>"With FTP, the only alternative to anonymous access is for the user to access the site using a valid Windows NT user account. The problem is that with FTP authentication, the username and password are transmitted as clear text (i.e., unencrypted). Anyone running Network Monitor or some other protocal analyzer on your network would be able to trap user credentials and a security breach would result. For this reason, FTP sites should generally be set for anonymous access, and this should be the
only authentication scheme allowed."
>
>Administering IIS4 by Mitch Tulloch
>
>So, unless I'm missing something here, IIS4 doesn't seem to have the FTP Security model that will accomplish my goals. Any thoughts?
Access to an FTP site was never meant to be secure... the only way you can encrypt the data going over the wire is to use another protocol (HTTPS).
Wayne Myers, MCSD
Senior Consultant
Forte' Incorporated
"The only things you can take to heaven are those which you give away" Author Unknown