Windows 2003 Server FTP and Firewall Passive port range tweak

On Windows 2003 Server with IIS6

• To Enable Direct Metabase Edit
  1. Open the IIS Microsoft Management Console (MMC).
  2. Right-click on the Local Computer node.
  3. Select Properties.
  4. Make sure the Enable Direct Metabase Edit checkbox is checked.
• Configure PassivePortRange via ADSUTIL script
  1. Click Start, click Run, type cmd, and then click OK.
  2. Type cd Inetpub\AdminScripts and then press ENTER.
  3. Type the following command where the range is specified in "..". cscript.exe adsutil.vbs set /MSFTPSVC/PassivePortRange "5001-5201"
  4. Restart the FTP Publishing Service.
You'll see the following output, when you configure via ADSUTIL script:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

PassivePortRange : (STRING) "5001-5201"


• Add each port to the Windows Firewall
  1. Click Start, click Control Panel, open Windows Firewall, and select the Exceptions tab.
  2. Click the Add Port button.
  3. Enter a Name for the Exception and the first number in the port range.
  4. Click TCP if not already selected and click OK.
  5. Repeat for each port in the range - for large ranges see the end of the document.
  6. Enable the Windows Firewall on the General Tab.

1. Click Start, click Run, type cmd, and then click OK.
2. Type in the following where the range is specified in ( ) and the name of the firewall entry is in " ".
   FOR /L %I IN (5001,1,5201) DO netsh firewall add portopening TCP %I "Passive FTP"%I
3. Each port in the range will be added with an "OK" confirmation.

This info was taken directly from: http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html I post this here on my blog as my personal reference.