Modify the PASV port range of the FTP server under IIS

There should be a lot of FTP servers that come with IIS. In PASV mode of IIS, the default port range is 1024 - 65535. From the time of connection, the response will be randomly selected. Such a large range brings hidden dangers to server security. Although the port range can be reduced by some methods, the range cannot be reduced to the ideal range. Under normal circumstances, the PASV port can use up to 10 ports, even if it is specialized. Up to 20 FTP download servers are enough. Let's talk about using the IIS management utility Adsutil.vbs to modify the scope of the PASV port of the FTP server:

Use the command line to execute cd c:\\Inetpub\\AdminScripts adsutil.vbs set /MSFTPSVC/PassivePortRange "10000 -10009"

It is possible that some servers have been configured securely, so direct execution will prompt for failure information, you need to use cscript, log in with the administrator user, continue the command line to execute the following commands in order cd c :\\Inetpub\\AdminScripts cscript adsutil.vbs set /MSFTPSVC/PassivePortRange "10000-10009"

This example opens the specified 10 ports 10000 to 10009 and restarts the FTP service after execution. If the firewall is started, Add exceptions to these ports in the firewall.

At this point, the port has been changed