Default FTP Security Settings <security>

Overview

The <security> element defines the parent element for the security options of FTP sites, and contains the following child elements, which are displayed hierarchically:

  • <authentication> - This child element is the parent element for the various authentication settings for FTP sites, and contains the following child elements:
    • <anonymousAuthentication> - Specifies the settings for anonymous access. This form of authentication allows access to an FTP site without a user account on your server or domain, and is most often used for public FTP sites
    • <basicAuthentication> - Specifies the settings for Basic authentication. This form of authentication requires a valid user account on your server or domain before users can log in.
    • <clientCertAuthentication> - Specifies whether the Active Directory client certificate authentication is enabled. This form of authentication uses client certificates to authenticate FTP clients.
    • <customAuthentication> - Specifies the settings for custom authentication. This form of authentication uses custom authentication providers to validate user names and passwords.
  • <commandFiltering> - Specifies the settings for FTP command filtering. This collection lets you individually allow or deny specific FTP commands for your FTP service.
  • <customAuthorization> - Specifies the settings for custom authorization. This form of authorization uses a built-in authorization provider or a custom authorization provider to validate user access.
  • <dataChannelSecurity> - Specifies the settings for FTP data channel security. This security feature enforces that the data and control channel for a session must have a matching client address.
  • <ssl> - Specifies the Secure Sockets Layer (SSL) settings for an FTP site.
  • <sslClientCertificates> - Specifies the Secure Sockets Layer (SSL) client certificates settings for an FTP site.

Compatibility

Version Notes
IIS 8.5 The <security> element was not modified in IIS 8.5.
IIS 8.0 The <security> element was not modified in IIS 8.0.
IIS 7.5 The <security> element of the <ftpServer> element ships as a feature of IIS 7.5.
IIS 7.0 The <security> element of the <ftpServer> element was introduced in FTP 7.0, which was a separate download for IIS 7.0.
IIS 6.0 The <ftpServer> element and its child elements replace the IIS 6.0 FTP settings that were located in the LM/MSFTPSVC metabase path.

Note: The FTP 7.0 and FTP 7.5 services shipped out-of-band for IIS 7.0, which required downloading and installing the modules from the following URL:

http://www.iis.net/expand/FTP

With Windows 7 and Windows Server 2008 R2, the FTP 7.5 service ships as a feature for IIS 7.5, so downloading the FTP service is no longer necessary.

Setup

To support FTP publishing for your Web server, you must install the FTP service. To do so, use the following steps.

Windows Server 2012 or Windows Server 2012 R2

  1. On the taskbar, click Server Manager.
  2. In Server Manager, click the Manage menu, and then click Add Roles and Features.
  3. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
  4. On the Server Roles page, expand Web Server (IIS), and then select FTP Server.

    Note: To support ASP.Membership authentication or IIS Manager authentication for the FTP service, you will need to select FTP Extensibility, in addition to FTP Service.
    .
  5. Click Next, and then on the Select features page, click Next again.
  6. On the Confirm installation selections page, click Install.
  7. On the Results page, click Close.

Windows 8 or Windows 8.1

  1. On the Start screen, move the pointer all the way to the lower left corner, right-click the Start button, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows features on or off.
  3. Expand Internet Information Services, and then select FTP Server.

    Note: To support ASP.Membership authentication or IIS Manager authentication for the FTP service, you will also need to select FTP Extensibility.
  4. Click OK.
  5. Click Close.

Windows Server 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
  4. On the Select Role Services page of the Add Role Services Wizard, expand FTP Server.
  5. Select FTP Service.

    Note: To support ASP.Membership authentication or IIS Manager authentication for the FTP service, you will also need to select FTP Extensibility.
  6. Click Next.
  7. On the Confirm Installation Selections page, click Install.
  8. On the Results page, click Close.

Windows 7

  1. On the taskbar, click Start, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
  3. Expand Internet Information Services, and then FTP Server.
  4. Select FTP Service.

    Note: To support ASP.Membership authentication or IIS Manager authentication for the FTP service, you will also need to select FTP Extensibility.
  5. Click OK.

Windows Server 2008 or Windows Vista

  1. Download the installation package from the following URL:
  2. Follow the instructions in the following walkthrough to install the FTP service:

How To

How to enable or disable Anonymous authentication for an FTP site

  1. Open Internet Information Services (IIS) Manager:
    • If you are using Windows Server 2012 or Windows Server 2012 R2:
      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows 8 or Windows 8.1:
      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
    • If you are using Windows Server 2008 or Windows Server 2008 R2:
      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows Vista or Windows 7:
      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand the server name, expand the Sites node, and then click the name of the site.
  3. In the site's Home pane, double-click the FTP Authentication feature.
  4. On the FTP Authentication page, select Anonymous Authentication.
  5. In the Actions pane, click Enable to enable Anonymous authentication or click Disable to disable Anonymous authentication.

How to use the FTP Site Wizard to Create an FTP Site with Anonymous Read Access

  1. Open Internet Information Services (IIS) Manager:
    • If you are using Windows Server 2012 or Windows Server 2012 R2:
      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows 8 or Windows 8.1:
      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
    • If you are using Windows Server 2008 or Windows Server 2008 R2:
      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows Vista or Windows 7:
      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, click the Sites node in the tree.
  3. Right-click the Sites node in the tree and click Add FTP Site, or click Add FTP Site in the Actions pane.
  4. When the Add FTP Site wizard appears:
    • Enter "My New FTP Site" in the FTP site name box.
    • For the Physical path box, you can use one of the following options to specify your content directory:
      • Click the ellipsis (...) button, and then navigate to the folder that contains the content for your FTP site.
      • Type in the path to your content folder in the box. Note that if you choose to type the path, you can use environment variables in your paths. For example, you can use "%SystemDrive%\inetpub\ftproot" for your content directory.
    • When you have completed these items, click Next.
  5. On the second page of the Add FTP Site wizard:
    • Choose an IP address for your FTP site from the IP Address drop-down, or choose to accept the default selection of "All Unassigned."
    • Enter the TCP/IP port for the FTP site in the Port box. By default, FTP sites and clients use port 21. (Note: To specify Implicit FTPS, you need to use port 990.)
    • To use an FTP virtual host name, select the box for Enable Virtual Host Names, then enter the virtual host name in the Virtual Host box.
    • For the SSL options, choose one of the following options:
      • Select No SSL to disable the SSL options.
      • Select Allow SSL to allow FTP clients to optionally use FTP over SSL when they connect with the FTP server.
      • Select Require SSL to allow FTP clients to always use FTP over SSL when they connect with the FTP server.
      • If you choose Allow SSL or Require SSL, choose a certificate from the SSL Certificate drop-down menu.
    • When you have completed these items, click Next.
  6. On the next page of the wizard:
    • Select Anonymous for the Authentication settings.
    • For the Authorization settings, choose "Anonymous users" from the Allow access to drop-down.
    • Select Read for the Permissions option.
    • When you have completed these items, click Finish.

    How to enable or disable Basic authentication for an FTP site

    1. Open Internet Information Services (IIS) Manager:
      • If you are using Windows Server 2012 or Windows Server 2012 R2:
        • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
      • If you are using Windows 8 or Windows 8.1:
        • Hold down the Windows key, press the letter X, and then click Control Panel.
        • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
      • If you are using Windows Server 2008 or Windows Server 2008 R2:
        • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
      • If you are using Windows Vista or Windows 7:
        • On the taskbar, click Start, and then click Control Panel.
        • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
    2. In the Connections pane, expand the server name, expand the Sites node, and then click the name of the site.
    3. In the site's Home pane, double-click the FTP Authentication feature.
    4. On the FTP Authentication page, select Basic Authentication.
    5. In the Actions pane, click Enable to enable Basic authentication or click Disable to disable Basic authentication.

    How to use the FTP Site Wizard to Create an FTP Site with Basic authentication and Read/Write Access

    1. Open Internet Information Services (IIS) Manager:
      • If you are using Windows Server 2012 or Windows Server 2012 R2:
        • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
      • If you are using Windows 8 or Windows 8.1:
        • Hold down the Windows key, press the letter X, and then click Control Panel.
        • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
      • If you are using Windows Server 2008 or Windows Server 2008 R2:
        • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
      • If you are using Windows Vista or Windows 7:
        • On the taskbar, click Start, and then click Control Panel.
        • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
    2. In the Connections pane, click the Sites node in the tree.
    3. Right-click the Sites node in the tree and click Add FTP Site, or click Add FTP Site in the Actions pane.
    4. When the Add FTP Site wizard appears:
      • Enter "My New FTP Site" in the FTP site name box.
      • For the Physical path box, you can use one of the following options to specify your content directory:
        • Click the ellipsis (...) button, and then navigate to the folder that contains the content for your FTP site.
        • Type in the path to your content folder in the box. Note that if you choose to type the path, you can use environment variables in your paths. For example, you can use "%SystemDrive%\inetpub\ftproot" for your content directory.
      • When you have completed these items, click Next.
    5. On the second page of the Add FTP Site wizard:
      • Choose an IP address for your FTP site from the IP Address drop-down, or choose to accept the default selection of "All Unassigned."
      • Enter the TCP/IP port for the FTP site in the Port box. By default, FTP sites and clients use port 21. (Note: To specify Implicit FTPS, you need to use port 990.)
      • To use an FTP virtual host name, select the box for Enable Virtual Host Names, then enter the virtual host name in the Virtual Host box.
      • For the SSL options, choose one of the following options:
        • Select No SSL to disable the SSL options.
        • Select Allow SSL to allow FTP clients to optionally use FTP over SSL when they connect with the FTP server.
        • Select Require SSL to allow FTP clients to always use FTP over SSL when they connect with the FTP server.
        • If you choose Allow SSL or Require SSL, choose a certificate from the SSL Certificate drop-down menu.
      • When you have completed these items, click Next.
    6. On the next page of the wizard:
      • Select Basic for the Authentication settings.
      • For the Authorization settings, choose "Specified users" from the Allow access to drop-down, and enter an account name in the box below the drop-down menu.
      • Select Read and Write for the Permissions option.
      • When you have completed these items, click Finish.

    Configuration

    Attributes

    None.

    Child Elements

    Element Description
    authentication Optional element.

    Specifies the authentication settings for an FTP site.
    commandFiltering Optional element.

    Specifies the settings for FTP command filtering.
    dataChannelSecurity Optional element.

    Specifies the settings for FTP data channel security.
    ssl Optional element.

    Specifies the SSL settings for an FTP site.
    sslClientCertificates Optional element.

    Specifies the SSL client certificate options for an FTP site.

    Configuration Sample

    The following configuration sample displays an example <security> element for a server that defines several of the FTP security site defaults.

    <siteDefaults>
       <ftpServer>
          <security>
             <commandFiltering>
                <add command="SYST" allowed="false" />
             </commandFiltering>
             <ssl serverCertHash="57686f6120447564652c2049495320526f636b73" controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
             <sslClientCertificates clientCertificatePolicy="CertIgnore" />
             <authentication>
                 <anonymousAuthentication enabled="false" />
                 <basicAuthentication enabled="false" />
                 <clientCertAuthentication enabled="false" />
                 <customAuthentication>
                    <providers>
                       <add name="FtpCustomAuthenticationModule" enabled="false" />
                    </providers>
                 </customAuthentication>
             </authentication>
          </security>
       </ftpServer>
    </siteDefaults>

    Sample Code

    The following code samples illustrate setting several of the FTP site defaults.

    AppCmd.exe

    appcmd.exe set config -section:system.applicationHost/sites /+"siteDefaults.ftpServer.security.commandFiltering.[command='SYST',allowed='False']" /commit:apphost
    appcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.ssl.controlChannelPolicy:"SslAllow" /commit:apphost
    appcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.ssl.dataChannelPolicy:"SslAllow" /commit:apphost
    appcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.ssl.serverCertHash:"57686f6120447564652c2049495320526f636b73" /commit:apphost
    appcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.authentication.anonymousAuthentication.enabled:"False" /commit:apphost
    appcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.authentication.basicAuthentication.enabled:"False" /commit:apphost
    appcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.authentication.clientCertAuthentication.enabled:"False" /commit:apphost
    appcmd.exe set config -section:system.applicationHost/sites /siteDefaults.ftpServer.security.sslClientCertificates.clientCertificatePolicy:"CertIgnore" /commit:apphost
    appcmd.exe set config -section:system.applicationHost/sites /+"siteDefaults.ftpServer.security.authentication.customAuthentication.providers.[name='FtpCustomAuthenticationModule',enabled='False']" /commit:apphost

    Note: You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.

    C#

    using System;
    using System.Text;
    using Microsoft.Web.Administration;
    
    internal static class Sample
    {
       private static void Main()
       {
          using (ServerManager serverManager = new ServerManager())
          {
             Configuration config = serverManager.GetApplicationHostConfiguration();
             ConfigurationSection sitesSection = config.GetSection("system.applicationHost/sites");
             ConfigurationElement siteDefaultsElement = sitesSection.GetChildElement("siteDefaults");
             ConfigurationElement ftpServerElement = siteDefaultsElement.GetChildElement("ftpServer");
    
             ConfigurationElement securityElement = ftpServerElement.GetChildElement("security");
             ConfigurationElement commandFilteringElement = securityElement.GetChildElement("commandFiltering");
             ConfigurationElementCollection commandFilteringCollection = commandFilteringElement.GetCollection();
             ConfigurationElement addElement = commandFilteringCollection.CreateElement("add");
                addElement["command"] = @"SYST";
                addElement["allowed"] = false;
                commandFilteringCollection.Add(addElement);
             ConfigurationElement sslElement = securityElement.GetChildElement("ssl");
                sslElement["controlChannelPolicy"] = @"SslAllow";
                sslElement["dataChannelPolicy"] = @"SslAllow";
                sslElement["serverCertHash"] = "57686f6120447564652c2049495320526f636b73";
             ConfigurationElement authenticationElement = securityElement.GetChildElement("authentication");
             ConfigurationElement anonymousAuthenticationElement = authenticationElement.GetChildElement("anonymousAuthentication");
                anonymousAuthenticationElement["enabled"] = false;
             ConfigurationElement basicAuthenticationElement = authenticationElement.GetChildElement("basicAuthentication");
                basicAuthenticationElement["enabled"] = false;
             ConfigurationElement clientCertAuthenticationElement = authenticationElement.GetChildElement("clientCertAuthentication");
                clientCertAuthenticationElement["enabled"] = false;
             ConfigurationElement sslClientCertificatesElement = securityElement.GetChildElement("sslClientCertificates");
                sslClientCertificatesElement["clientCertificatePolicy"] = @"CertIgnore";
             ConfigurationElement customAuthenticationElement = authenticationElement.GetChildElement("customAuthentication");
             ConfigurationElementCollection providersCollection = customAuthenticationElement.GetCollection("providers");
             ConfigurationElement addElement1 = providersCollection.CreateElement("add");
                addElement1["name"] = @"FtpCustomAuthenticationModule";
                addElement1["enabled"] = false;
                providersCollection.Add(addElement1);
    
             serverManager.CommitChanges();
          }
       }
    }

    VB.NET

    Imports System
    Imports System.Text
    Imports Microsoft.Web.Administration
    
    Module Sample
       Sub Main()
          Dim serverManager As ServerManager = New ServerManager
          Dim config As Configuration = serverManager.GetApplicationHostConfiguration
          Dim sitesSection As ConfigurationSection = config.GetSection("system.applicationHost/sites")
          Dim siteDefaultsElement As ConfigurationElement = sitesSection.GetChildElement("siteDefaults")
          Dim ftpServerElement As ConfigurationElement = siteDefaultsElement.GetChildElement("ftpServer")
    
          Dim securityElement As ConfigurationElement = ftpServerElement.GetChildElement("security")
          Dim commandFilteringElement As ConfigurationElement = securityElement.GetChildElement("commandFiltering")
          Dim commandFilteringCollection As ConfigurationElementCollection = commandFilteringElement.GetCollection
          Dim addElement As ConfigurationElement = commandFilteringCollection.CreateElement("add")
             addElement("command") = "SYST"
             addElement("allowed") = False
             commandFilteringCollection.Add(addElement)
          Dim sslElement As ConfigurationElement = securityElement.GetChildElement("ssl")
             sslElement("controlChannelPolicy") = "SslAllow"
             sslElement("dataChannelPolicy") = "SslAllow"
             sslElement("serverCertHash") = "57686f6120447564652c2049495320526f636b73"
          Dim authenticationElement As ConfigurationElement = securityElement.GetChildElement("authentication")
          Dim anonymousAuthenticationElement As ConfigurationElement = authenticationElement.GetChildElement("anonymousAuthentication")
             anonymousAuthenticationElement("enabled") = False
          Dim basicAuthenticationElement As ConfigurationElement = authenticationElement.GetChildElement("basicAuthentication")
             basicAuthenticationElement("enabled") = False
          Dim clientCertAuthenticationElement As ConfigurationElement = authenticationElement.GetChildElement("clientCertAuthentication")
             clientCertAuthenticationElement("enabled") = False
          Dim sslClientCertificatesElement As ConfigurationElement = securityElement.GetChildElement("sslClientCertificates")
             sslClientCertificatesElement("clientCertificatePolicy") = "CertIgnore"
          Dim customAuthenticationElement As ConfigurationElement = authenticationElement.GetChildElement("customAuthentication")
          Dim providersCollection As ConfigurationElementCollection = customAuthenticationElement.GetCollection("providers")
          Dim addElement1 As ConfigurationElement = providersCollection.CreateElement("add")
             addElement1("name") = "FtpCustomAuthenticationModule"
             addElement1("enabled") = False
             providersCollection.Add(addElement1)
    
          serverManager.CommitChanges()
       End Sub

    JavaScript

    var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager');
    adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST";
    
    var sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST");
    var siteDefaultsElement = sitesSection.ChildElements.Item("siteDefaults");
    var ftpServerElement = siteDefaultsElement.ChildElements.Item("ftpServer");
    
    var securityElement = ftpServerElement.ChildElements.Item("security");
    var commandFilteringElement = securityElement.ChildElements.Item("commandFiltering");
    var commandFilteringCollection = commandFilteringElement.Collection;
    var addElement = commandFilteringCollection.CreateNewElement("add");
       addElement.Properties.Item("command").Value = "SYST";
       addElement.Properties.Item("allowed").Value = false;
       commandFilteringCollection.AddElement(addElement);
    var sslElement = securityElement.ChildElements.Item("ssl");
       sslElement.Properties.Item("controlChannelPolicy").Value = "SslAllow";
       sslElement.Properties.Item("dataChannelPolicy").Value = "SslAllow";
       sslElement.Properties.Item("serverCertHash").Value = "57686f6120447564652c2049495320526f636b73";
    var authenticationElement = securityElement.ChildElements.Item("authentication");
    var anonymousAuthenticationElement = authenticationElement.ChildElements.Item("anonymousAuthentication");
       anonymousAuthenticationElement.Properties.Item("enabled").Value = false;
    var basicAuthenticationElement = authenticationElement.ChildElements.Item("basicAuthentication");
       basicAuthenticationElement.Properties.Item("enabled").Value = false;
    var clientCertAuthenticationElement = authenticationElement.ChildElements.Item("clientCertAuthentication");
       clientCertAuthenticationElement.Properties.Item("enabled").Value = false;
    var sslClientCertificatesElement = securityElement.ChildElements.Item("sslClientCertificates");
        sslClientCertificatesElement.Properties.Item("clientCertificatePolicy").Value = "CertIgnore";
    var customAuthenticationElement = authenticationElement.ChildElements.Item("customAuthentication");
    var providersCollection = customAuthenticationElement.ChildElements.Item("providers").Collection;
    var addElement1 = providersCollection.CreateNewElement("add");
       addElement1.Properties.Item("name").Value = "FtpCustomAuthenticationModule";
       addElement1.Properties.Item("enabled").Value = false;
       providersCollection.AddElement(addElement1);
    
    adminManager.CommitChanges();

    VBScript

    Set adminManager = createObject("Microsoft.ApplicationHost.WritableAdminManager")
    adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST"
    Set sitesSection = adminManager.GetAdminSection("system.applicationHost/sites", "MACHINE/WEBROOT/APPHOST")
    Set siteDefaultsElement = sitesSection.ChildElements.Item("siteDefaults")
    Set ftpServerElement = siteDefaultsElement.ChildElements.Item("ftpServer")
    
    Set securityElement = ftpServerElement.ChildElements.Item("security")
    Set commandFilteringElement = securityElement.ChildElements.Item("commandFiltering")
    Set commandFilteringCollection = commandFilteringElement.Collection
    Set addElement = commandFilteringCollection.CreateNewElement("add")
       addElement.Properties.Item("command").Value = "SYST"
       addElement.Properties.Item("allowed").Value = False
       commandFilteringCollection.AddElement(addElement)
    Set sslElement = securityElement.ChildElements.Item("ssl")
       sslElement.Properties.Item("controlChannelPolicy").Value = "SslAllow"
       sslElement.Properties.Item("dataChannelPolicy").Value = "SslAllow"
       sslElement.Properties.Item("serverCertHash").Value = "57686f6120447564652c2049495320526f636b73"
    Set authenticationElement = securityElement.ChildElements.Item("authentication")
    Set anonymousAuthenticationElement = authenticationElement.ChildElements.Item("anonymousAuthentication")
       anonymousAuthenticationElement.Properties.Item("enabled").Value = False
    Set basicAuthenticationElement = authenticationElement.ChildElements.Item("basicAuthentication")
       basicAuthenticationElement.Properties.Item("enabled").Value = False
    Set clientCertAuthenticationElement = authenticationElement.ChildElements.Item("clientCertAuthentication")
       clientCertAuthenticationElement.Properties.Item("enabled").Value = False
    Set sslClientCertificatesElement = securityElement.ChildElements.Item("sslClientCertificates")
       sslClientCertificatesElement.Properties.Item("clientCertificatePolicy").Value = "CertIgnore"
    Set customAuthenticationElement = authenticationElement.ChildElements.Item("customAuthentication")
    Set providersCollection = customAuthenticationElement.ChildElements.Item("providers").Collection
    Set addElement1 = providersCollection.CreateNewElement("add")
       addElement1.Properties.Item("name").Value = "FtpCustomAuthenticationModule"
       addElement1.Properties.Item("enabled").Value = False
       providersCollection.AddElement(addElement1)
    
    adminManager.CommitChanges()
    Deprecated Elements