How to create domain user accounts with limited permission?

Posted on 2005-04-12
Last Modified: 2010-04-14
Hi guys,

I need to create two user accounts.

UserA should be a ‘pure’ FTP user account. This user should only be allowed to access a specific folder on our FTP but prohibited access to log on the domain and web. UserB should only allow access to a specific folder on the web etc. - but prohibited to access any other domain related issues.

I have tried to create a new OU, with the new users – but they can only work partly when they are members ‘domain users’ and by allowing them membership of this group, they have access just like the other domain users ;(

We’re running W2K servers/SP4, IIS 5.

Thanks in advance ;)
Question by:dsl77
    LVL 70

    Accepted Solution



    This is how I normally create FTP Acccounts:

    1. Create the account in AD, adding it to an FTP Users Group.
    2. Set FTP Users Group as Primary Group in Active Directory - This allows you to remove them from the Domain Users Group.
    3. On the FTP Server, make sure FTP Users Group has Read access to the FTP Root Folder - For me this is just a seperate folder on the server - nothing inside it.
    4. Give the users at least Read access to their home folder wherever you put it.

    Web Users are easier, they don't really need anything but the right permissions on the web folders and making sure the anonymous user doesn't see what you don't want it to.



    Author Comment

    Hi Chris,

    I have created a new OU ‘FTP_GUESTS’ inside a single user ‘ftpguest’.

    The user has read access to C:\Inetpub & C:\Inetpub\ftproot

    I’m getting the ‘530 user … ‘ error

    Don’t know if it’s worth mention that I’m now running 2003 Server all over the domain and IIS 6.

    LVL 30

    Expert Comment

    by:Wayne Barron
    No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
    I will leave the following recommendation for this question in the Cleanup topic area:
    [Accept: Chris-Dent] (User changed Operating System's after getting Information from [Chris-Dent]
    I suggest Awarding [Chris-Dent] the points for his information on setting up Win2k (not) Win2k3)

    Any objections should be posted here in the next 4 days. After that time, the question will be closed.

    EE Cleanup Volunteer

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video discusses moving either the default database or any database to a new volume.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now