Help setting up FTP users in IIS 7

I've got two w2008 servers running side by side, Server 1 running a control panel and Server 2 just using iis.
Both are running multiple websites, with a shared ip address configured with host headers.
I want to manually setup ftp users on Server 2, one per website, in a similar that the ftp users are setup on Server 1 by the control panel.

The control panel appears to be doing the following:
1. The ftp users are created as windows 'local users'
2. There is only one ftp site created in iis
3. Each ftp user is created with a different local path, pointing at the users associated website
4. In IIS, each ftp user is listed under the single ftp site.

Would someone be able to walk through the steps with me on how to manually go through these steps.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mike99cAuthor Commented:
For Part 4.
It looks like each ftp user has a virtual directory named the same as the ftp username
Brad HoweDevOps ManagerCommented:

Yes you can do this.

What you need to do is create a new FTP Virtual Directory, Give this Virtual Directory same name as your "Windows user account", also remember this virtual directory  must be under your ROOT FTP Site. and the path of this virtual directory should point to the "only" Folder you want user to see.  Users Accounts need to be identical to the folder for their homedirectory. IE is user is ClientA then the folder under the root \ is ClientA.


When creating the FTP Site chose the "Isolate Users" option.

IIS FTP Setup example:
IIS Management
    -> FTP Site
             -> home Directory c:\ftproot\
                   -> virtual directory called ClientA mapped to c:\ftproot\ClientA
                   -> virtual directory called ClientA mapped to c:\ftproot\ClientB
                   -> virtual directory called ClientA mapped to c:\ftproot\ClientC
                   -> virtual directory called ClientA mapped to c:\ftproot\ClientD

Now when ClientA logs in, their home root will be redirected \ClientA which is technically the virtual directory ClientA.

1) In c:\ftproot folder and verify that "Everyone" user account has only READ permission.
2) For each Client* Folder such as c:\ftproot\ClientA verify that only Admins and user ClientA has full control on
    c:\ftproot\ClientA folder.

NOTE: Make sure this user dont have access to root level (\) directories.

Hope it helps,
User following steps to create to create the FTP and Virtual Directories.

1. Open IIS >> Right click on Default FTP Sites >> Edit bindings >> assigned one IP address for FTP >> OK
2. Again  Right click on Default FTP Sites >> Edit Permission >> Add Users Group Read and execute permission >> Ok
3. Create A User in Windows Local Users
4. Right FTP Default website in IIS >> add Virtual Directory >> Type Alias name as username >> Provide the physical path. OK
5. Right Click on Created Virtual directory under Default FTP Site >> Edit Permission >> Assign user permission which you have created in local users.
6. Now you can FTP that directory with assigned IP address in bindings.
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

mike99cAuthor Commented:
The FTP site is setup as follows:

      FTP site name: FTPSite
      Physical path: D:\vhosts\Servers\3
      IP Address: fixed
      SSL: Allow SSL
      Authentication: Basic

      Physical path: D:\vhosts\\httpdocs
      Binding: http | fixed | 80
      Profile | Home folder | Local path: D:\vhosts\

Now the problem I'm having is creating the (virtual) directories within the FTPSite's physical path (D:\vhosts\Servers\3).
~ Do I manually create them?
~ Do I create the virtual directory first, and then the physical one?

When I let the panel create a site and ftp user it creates the following folder for the ftp user:


Now the strange thing is, when I navigate to that folder in windows it contains a 'mirror' of the site files, if I create a file in
The same file appears in
Now I don't know how to manually create this setup, any advice?
mike99cAuthor Commented:
I've set up the FTP users as described.
But when I connect the FTP user is logged into the server root directory, the FTP user is not restricted to the site directory.
Brad HoweDevOps ManagerCommented:

By the sounds of it you are using FTP 7.5 and not 7.0.

Please take a look here for user isolation with FTP 7.5 as the steps above are for IIS 6 FTP running on Windows 2008.

FTP 7.5 wasn't release with windows 2008 there for they had a hybrid model with IIS 7 for websites and FTP and SMTP services with IIS 6.0.

Hope it helps,

mike99cAuthor Commented:
Thanks for the response.
So what determines which folder the FTP User is logged into?
When I FTP connect, all I see is a connection to folder "/"
I cannot write to the destination on the server.
Brad HoweDevOps ManagerCommented:
The Service maps the username to the virtual directory. Similar to the way IIS6 behaved.

In the FTP User Isolation feature page there is an option to either make it ROOT or a user directory.

In this case sounds like the user doesn't haev right permissions to that directory.

Brad HoweDevOps ManagerCommented:
I just re-configure it on my VM and getting the same error. I'll let you know what i find. - Hades666
Brad HoweDevOps ManagerCommented:
Found the issue. Just needed to remember.  IIS user isolation required that the phyiscal root directories be setup like such matching the user ID.


The KEY folder here is "LocalUser".

Don't forget to restrict permissions so that only administrators or the Machine\Client(A|B|C) can read/write to the folder.

At the sametime you will select the option "User name directory (disable global virtual directories) " in the FTP user isolation feature.

Now for the administrator. Here is the trick - Create a virtual Directory in IIS Manager under the FTP\LocalUser\administrator\<call it Root or --Toplevel--> and have it point to the c:\inetpub\FTPRoot\.

Now your admin can login and go thorugh all folders with isolation setup.

Let me know if you have any issues,

Brad HoweDevOps ManagerCommented:

User Account Types                       Physical Home Directory Syntax
Anonymous users                          %FtpRoot%\LocalUser\Public
Local Windows user accounts        %FtpRoot%\LocalUser\%UserName%
Windows domain accounts            %FtpRoot%\%UserDomain%\%UserName%
IIS Manager or ASP.NET custom     %FtpRoot%\LocalUser\%UserName%

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mike99cAuthor Commented:
Thanks for the response, can I send you an email?
Brad HoweDevOps ManagerCommented:
I guess so...

This is a temporary account now until i get my blog up.

mike99cAuthor Commented:
Got it working thanks a lot.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.