?
Solved

How best to setup user access via ftp on IIS7?

Posted on 2010-01-03
13
Medium Priority
?
634 Views
Last Modified: 2012-06-27
I have direct access to a server and am hosting several websites. One of my clients wants FTP access to their website.

What's the best way to set up an FTP account for them that will allow them access to ONLY their site?

I've seen a couple different ways to do this. One way seems to be to add the user to the user pool on the server. I think the other way is to manage it through IIS but I'm not really sure what the security concerns are.

Thanks,
MH
0
Comment
Question by:MHenry
  • 6
  • 6
13 Comments
 
LVL 14

Expert Comment

by:MCSA2003
ID: 26167679
You can follow this guide to setup the actual FTP Server in IIS. http://www.trainsignaltraining.com/windows-server-2008-ftp-iis7/2008-04-25/ When it gets to the point of setting up the physical path, browse out to the folder that contains the folder for the user in question.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26167753
In 'Server Manager', expand Roles, right-click 'Web Server' and choose 'Add Role'. Scroll down and choose 'FTP Publishing Service' to install the FTP component of IIS.
Manage the FTP site and create a virtual directory with the same name as the username and configure it to point to the local folder for user's website. When user logs on through FTP, the home/start directory will be the folder for the website.

For the security part, they will only be able to access the folders available through FTP configuration. If having other virtual directories in the FTP-site that shall be restricted, configure NTFS permissions on the local folder to only allow the authorized user and the IIS-user used for www-access to access it.
If not creating the local folders in the c:\inetpub\ftproot folder, the virtual directories will be hidden if someone tries to browse the FTP-structure.
0
 
LVL 7

Author Comment

by:MHenry
ID: 26201412
I've tried both of the suggestions and neither worked.

I went through the entire article (as well as the next which actually dealt with isolating the users) and the closest I got was an error saying "Can't login, home directory not available."

Any other suggestions?

Thanks,
MH

0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 14

Expert Comment

by:MCSA2003
ID: 26203854
Where is the home directory located and what permissions have you assigned. The user will need read and write since they will be editing the documents.
0
 
LVL 7

Author Comment

by:MHenry
ID: 26204283
Yeah, tried that. I created a windows user with the same name as the folder in the FTP folder.

When I test the login it still says the directory is not available.
0
 
LVL 14

Expert Comment

by:MCSA2003
ID: 26205186
from a workstation are you able to browse to that directory? For example start > run > \\servername\servershare
0
 
LVL 7

Author Comment

by:MHenry
ID: 26205317
yep. and when I quit trying to isolate the user and just set the user permission for the entire FTP folder the login works. It's only when I try to restrict access to a sub folder in the FTP folder that it breaks.
0
 
LVL 14

Expert Comment

by:MCSA2003
ID: 26205524
Lets back up and start from scratch. You have FTP Service installed right? Now we will go through your web site directory. Do you have a main folder labeled such as "Web Sites" and then have subfolder such as "Customer 1" "Customer2" "Customer3" etc etc. Inside of the customer folder do you have the contents of their web site? If so, just add the user read / write permission for "customer 1" and direct the FTP to use this folder for this user. Is this the way you have it setup?
0
 
LVL 7

Author Comment

by:MHenry
ID: 26205712
Yes, FTP is installed.

In IIS, what I have is a folder for Web Sites and then another for FTP each website has a corresponding FTP site. The host I use sets it up this way.  I'm not sure exactly what the relationship is. I can add a virtual directory to the FTP folder and if I name it the same as the website, the folder in the FTP folder becomes the virtual directory rather than adding a new folder.

In the physical directory there's just the one folder.
0
 
LVL 14

Expert Comment

by:MCSA2003
ID: 26205831
Are you using a reseller plan? And from the sounds of it, this is possibly a colo server or rented?
0
 
LVL 7

Author Comment

by:MHenry
ID: 26205843
Kind of. It's a virtual server but they have some things preset that I can't get around, like the way the website and ftp folders are setup. I can do pretty much anything I want but I'm not sure how to get around that or if I even want to.
0
 
LVL 14

Accepted Solution

by:
MCSA2003 earned 2000 total points
ID: 26205855
I think your best bet is going to be to contact them. You don't know what type of security configurations they have in place. The could also be blocking stuff at the firewall.
0
 
LVL 7

Author Comment

by:MHenry
ID: 26206091
Yeah, unfortunately, they pointed me at the same article you first posted. Their support doesn't cover any configuration, just the server. I know that port 21 is open and that's what I was trying to use.

So, I'm stumped.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question