I have made a couple of virtual directories for ftp access such as "ftp_companya" and "ftp_companyb"
"ftp_companya" and "ftp_companyb" users are member ONLY of a group called "FTPUsers"
On the folders for the virtual directories, I removed all permissions except for "ftp_companya" or "ftp_companyb." When trying to access their website (not through FTP-through a browser) and it prompts them for a user/pass. I know IIS has a default User it uses to allow people to have anonymous access, for viewing websites and such, but when I apply that user to the folder, it doesn't do anything.
What I did was apply the "Everyone" group to the folders with read/list attributes. This works fine as anyone can now access the website online BUT should "ftp_companyb" decide to try to manually change directories and type in "ftp_companya" they would have access to their files (read only.)
Users should have access to their folders only without being able to navigate (even if it is manually) to another user's directory. How can you accomplish this and still have the website viewable without authenticating?
Start Free Trial
