• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1195
  • Last Modified:

IIS7 FTP User Isolation

Hi all,

I have setup and FTP site using IIS7 on Windows Server 2008 R2 Web Server x64. I can connect to the FTP and get a prompt for username and password both locally and remotely.

But when I enter either local user credentials or an IIS Manager account it wont connect. I've missed something but not sure what.

I am to eventually setup user isolation but I ideally want to have some form of FTP working before I move onto that :)

  • 2
  • 2
1 Solution
Brad HoweDevOps ManagerCommented:
Take a look at my previous post with details and instructions. Specifically postID ID:33060204
Next, are these domain users or locally created users?  This is important for the physical directory path below ;)

IIS user isolation required that the phyiscal root directories be setup like such matching the user ID.
  D:\FTP Sites\LocalUser\administrator
  D:\FTP Sites\LocalUser\ClientA
  D:\FTP Sites\LocalUser\ClientB
  D:\FTP Sites\LocalUser\ClientC

D:\FTP Sites can be anything, The KEY folder here is "LocalUser".

Don't forget to restrict NTFS permissions so that only administrators or the Machine\Client(A|B|C) can read/write to the specified folders.

Select the option "User name directory (disable global virtual directories) " in the FTP user isolation feature.

Now for the administrator. Here is the trick - Create a virtual Directory in IIS Manager under the D:\FTP Sites\LocalUser\administrator\<call it Root or --Toplevel--> and have it point to the D:\FTP Sites\.  Now your admin can login and go thorugh all folders with isolation setup.

User Account Types                    Physical Home Directory Syntax
  Anonymous users                        %FtpRoot%\LocalUser\Public
  Local Windows user accounts        %FtpRoot%\LocalUser\%UserName%
  Windows domain accounts            %FtpRoot%\%UserDomain%\%UserName%
  IIS Manager or ASP.NET custom    %FtpRoot%\LocalUser\%UserName%
Let me know if you have any issues,

2CsAuthor Commented:
Hi all,

I have managed to get the basic FTP service working, but the other problem I have is that I want users to have different accounts that when they login it maps to their user folder (For example, a user account domain1.co.uk logs into the FTP site and has only access to the domain1.co.uk folder in the FTP root that matches their username)

- If I set FTP User Isolation to Username then they can go up folders and browse directories I don't want them to
- If I set FTP User Isolation to Username Directory then the users are just prompted that their home directory is inaccessible

Brad HoweDevOps ManagerCommented:
What is the directory structure you setup? As you are using domain users is the folder level like  %FtpRoot%\<YOURDOMAIN>\%UserName%
Please provide a screenshot of your folder structure in explorer and your iis ftp settings.
This is required for user isolation on a domain.

2CsAuthor Commented:
Hi Hades666,

I will try that this week and see what happens.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now