In Passive-mode IIS FTP randomly choose to response with port ranging within 1024 - 65535 by default. To further limit these huge port range, system administrator can configure a metabase property key named PassivePortRange, this property key only exist in IIS 6.0, for IIS 5.0 in Windows 2000, system administrator need to install Service Pack 4 and add in PassivePortRange key in system registry.
To change the PassivePortRange for IIS, perform the procedure that is described in one of the following sections.
For Windows 2003 Server
a) To Enable Direct Metabase Edit
1. Open the IIS Microsoft Management Console (MMC).
2. Right-click on the Local Computer node.
3. Select Properties.
4. Make sure the Enable Direct Metabase Edit checkbox is checked.
b) Configure PassivePortRange via ADSUTIL script
1. Click Start, click Run, type cmd, and then click OK.
2. Type cd Inetpub\AdminScripts and then press ENTER.
3. Type the following command from a command prompt.
adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700"
4. Restart the FTP service.
You'll see the following output, when you configure via ADSUTIL script:
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
PassivePortRange : (STRING) "5500-5700"