?
Solved

IIS7 FTP User Isolation

Posted on 2010-09-11
5
Medium Priority
?
1,189 Views
Last Modified: 2012-05-10
Hi all,

I have setup and FTP site using IIS7 on Windows Server 2008 R2 Web Server x64. I can connect to the FTP and get a prompt for username and password both locally and remotely.

But when I enter either local user credentials or an IIS Manager account it wont connect. I've missed something but not sure what.

I am to eventually setup user isolation but I ideally want to have some form of FTP working before I move onto that :)

Al
0
Comment
Question by:2Cs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33654945
Take a look at my previous post with details and instructions. Specifically postID ID:33060204
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_26268119.html 
Next, are these domain users or locally created users?  This is important for the physical directory path below ;)

IIS user isolation required that the phyiscal root directories be setup like such matching the user ID.
  D:\FTP Sites\LocalUser\administrator
  D:\FTP Sites\LocalUser\ClientA
  D:\FTP Sites\LocalUser\ClientB
  D:\FTP Sites\LocalUser\ClientC

D:\FTP Sites can be anything, The KEY folder here is "LocalUser".

Don't forget to restrict NTFS permissions so that only administrators or the Machine\Client(A|B|C) can read/write to the specified folders.

USER ISOLATION:
Select the option "User name directory (disable global virtual directories) " in the FTP user isolation feature.

Now for the administrator. Here is the trick - Create a virtual Directory in IIS Manager under the D:\FTP Sites\LocalUser\administrator\<call it Root or --Toplevel--> and have it point to the D:\FTP Sites\.  Now your admin can login and go thorugh all folders with isolation setup.

User Account Types                    Physical Home Directory Syntax
  Anonymous users                        %FtpRoot%\LocalUser\Public
  Local Windows user accounts        %FtpRoot%\LocalUser\%UserName%
  Windows domain accounts            %FtpRoot%\%UserDomain%\%UserName%
  IIS Manager or ASP.NET custom    %FtpRoot%\LocalUser\%UserName%
 
Let me know if you have any issues,

Hades666  
0
 
LVL 3

Expert Comment

by:sethisaurabh
ID: 33659995
0
 
LVL 5

Author Comment

by:2Cs
ID: 33663802
Hi all,

I have managed to get the basic FTP service working, but the other problem I have is that I want users to have different accounts that when they login it maps to their user folder (For example, a user account domain1.co.uk logs into the FTP site and has only access to the domain1.co.uk folder in the FTP root that matches their username)

- If I set FTP User Isolation to Username then they can go up folders and browse directories I don't want them to
- If I set FTP User Isolation to Username Directory then the users are just prompted that their home directory is inaccessible

Al
0
 
LVL 30

Accepted Solution

by:
Brad Howe earned 1000 total points
ID: 33663982
Hi,
What is the directory structure you setup? As you are using domain users is the folder level like  %FtpRoot%\<YOURDOMAIN>\%UserName%
Please provide a screenshot of your folder structure in explorer and your iis ftp settings.
This is required for user isolation on a domain.
Cheers,-Hades666

0
 
LVL 5

Author Comment

by:2Cs
ID: 33798843
Hi Hades666,

I will try that this week and see what happens.

Al
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month8 days, 18 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question