Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 623
  • Last Modified:

Windows Server 2003 FTP access question


Several years ago a friend of mine helped us set up our MS Windows 2003 web server so that any new directories created could simply have an identical username created under Users and this would give that username FTP access to that same-named directory only.

Now we're moving servers and my friend is unavailable. Can anyone point me to an article or the steps necessary to set up FTP permissions in the way I describe?

Thank you

  • 2
  • 2
1 Solution
Follow my post I put in EE a long time back on this.  It should get you going ok.


The following is the post:

eh...I'll just assume local user accounts:

1.  set up the local user accounts on the computer for each "user/client"
2.  In explorer setup the NTFS structure so that you have a "root" folder and inside that folder you have folders for each client/etc.
3.  Set up the NTFS rights, so that each user (you can use a group called FTP users, and add them all to that group) has "List" rights to the root folder.  Then give them specific rights to each of their "home" folders (read/write/whatever).
4.  In IIS for the FTP site, create virtual directories named EXACTLY the same as the user accounts you created, and point each one to the right home folder.  ie. virtual directory of BOBJONES points to d:\ftpsite\BOBJONES
5.  go back into explorer and create a new folder in the same folder as the ROOT folder and call it DEADEND
6.  give the FTP users list/read permissions to the DEADEND folder
7.  Back in IIS set the "root folder" for the FTP site to the DEADEND folder

That's it.

now when BOBJONES logs into the FTP site he is in the BOBJONES directory.  If he gets wily and tries to do a cd .. to go up to the parent/root he'll get knocked into the DEADEND folder and won't see the list of everyone else's home folders, etc.   (NOTE: he can get back to his home folder by typing cd BOBJONES still)

ONE FINAL NOTE:  anybody that has a user ID but no virtual directory named the same will get defaulted to the root directory which has been changed to DEADEND.

Of course, read the actual original thread to get a full idea...

Hope that helps!

billium99Author Commented:
Thanks Cleaner - this sounds like a different process, only in that as each user is created on our current server, I'm simply naming them the folder name as you describe and I'm done.

There are no permissions to set up on each user coming in.

There is no Dead END type folder structure, but any access outside of their named folder fails.

I can try and play with your solution, but does anyone else see the subtle difference in what I'm describing compared to Mr Cleaner's solution?

Thanks again!

Did you read over the link as well?  I talk in there about using other permissions and scenarios too.

The above just always was easier for me and gave a better "output"...
billium99Author Commented:
Hmm - thought I already accepted this

Sorry for the delay!


Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now