Setting up user isolation and folder structure for Microsoft IIS 7.5 FTP Server

I am trying to setup a new FTP server using IIS 7.5.  In this environment, there will be about 10 users which will need to remain separate and so I am planning to use user-isolation mode.  I also need to have one general/admin user that will have access to the LocalUser root and am not sure how to do this.  

The proposed folder structure would look something like this:

\inetpub\LocalUser
  \user1
  \user2
  \user3
  \Public  (for anonymous users)

What steps do I need to do in order to provide the admin user with access to the LocalUser root with user isolation mode active?  Would setting up a hard link work (e.g. MKLINK /D /H /J adminuser \inetpub\LocalUser)?  

Note, this is not an active directory environment.

Also, on a related note, when I attempt to test what I have setup now, my FTP client connects then the session is immediately dropped by the remote host.  Is there any way to turn up the logging level so I can see why sessions are getting dropped?

Thanks for the help here!
AltaSensAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

imanushinCommented:
If you want to use IIS 7.5 in Windows 7, you can only bind directory to window user/group and user Windows Authentication.
If you want to user IIS 7.5 in Windows Server 2008 R2, you can add custom users in IIS and don`t user Windows Authntication

If you want to use ftp and auth with non-windows users, I agree you user FileZilla FTP Server. It can do it and it is free.
0
AltaSensAuthor Commented:
this is Windows Server 2008R2, server is not a member of the domain.

I am not sure how to add custom users in IIS, is this straightforward?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Brad HoweDevOps ManagerCommented:
Hi,

Here is just an example from previous posts i have answerwed.

First, In FTP Authentication. Do you have Basic Authaurization enabled?

Secondly, In FTP Authorization Rules, Did you specify all the users as

Mode:Allow Users:administraotr  Permissions:Read,Write
Mode:Allow Users:clientA        Permissions:Read
Mode:Allow Users:clientB        Permissions:Read

Are these domain users or locally craeted users? See physical directory path below for this question :)

IIS user isolation required that the phyiscal root directories be setup like such matching the user ID.

D:\FTP Sites\LocalUser\administrator
D:\FTP Sites\LocalUser\ClientA
D:\FTP Sites\LocalUser\ClientB
D:\FTP Sites\LocalUser\ClientC

The KEY folder here is "LocalUser".

Don't forget to restrict permissions so that only administrators or the Machine\Client(A|B|C) can read/write to the specified phsical folders.

USER ISOLATION:
Select the option "User name directory (disable global virtual directories) " in the FTP user isolation feature.

Now for the administrator. Here is the trick - Create a virtual Directory in IIS Manager under the D:\FTP Sites\LocalUser\administrator\<call it Root or --Toplevel--> and have it point to the D:\FTP Sites\.  Now your admin can login and go thorugh all folders with isolation setup.

User Account Types                    Physical Home Directory Syntax
  Anonymous users                        %FtpRoot%\LocalUser\Public
  Local Windows user accounts     %FtpRoot%\LocalUser\%UserName%
  Windows domain accounts          %FtpRoot%\%UserDomain%\%UserName%
  IIS Manager or ASP.NET custom  %FtpRoot%\LocalUser\%UserName%
 

Let me know if you have any issues,

Hades666
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AltaSensAuthor Commented:
Hades -  you da man, that worked great!  Would it also work to use a file-system hard link?  I thought I had seen this before.
0
Brad HoweDevOps ManagerCommented:
Glad it works for you.

I am not understandind what you mean about file-system hardlink?

Hades666
0
AltaSensAuthor Commented:
Windows 2000 and higher supports directory symbolic links, where a directory serves as a symbolic link to another directory on the computer. For example, if the directory D:\SYMLINK specified C:\WINNT\SYSTEM32 as its target, then an application accessing D:\SYMLINK\DRIVERS would in reality be accessing C:\WINNT\SYSTEM32\DRIVERS. Directory symbolic links are known as NTFS junctions in Windows.

Well, it seemed like a good idea but it didn't work so I'm going with the virtual directory idea.
0
AltaSensAuthor Commented:
THANK YOU!
0
Brad HoweDevOps ManagerCommented:
Hm... Like the mklink feature of Vista/Win7.

I'll have to give this a shot. If i get it working, I'll let you know.

Cheers,
Hades666
0
NicoNLCommented:
#Hades666 Did you get mklink to work?

I have a Server 2008 FTP server with user isolation and domain user accounts. Two different accounts must write to one and the same folder. I wonder if I could solve this using a hardlink / mklink. I don't have a test lab at the moment to test this, so I was wondering if you got this to work.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.