Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IIS7 FTP User Isolation

Posted on 2010-09-11
5
Medium Priority
?
1,190 Views
Last Modified: 2012-05-10
Hi all,

I have setup and FTP site using IIS7 on Windows Server 2008 R2 Web Server x64. I can connect to the FTP and get a prompt for username and password both locally and remotely.

But when I enter either local user credentials or an IIS Manager account it wont connect. I've missed something but not sure what.

I am to eventually setup user isolation but I ideally want to have some form of FTP working before I move onto that :)

Al
0
Comment
Question by:2Cs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33654945
Take a look at my previous post with details and instructions. Specifically postID ID:33060204
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_26268119.html 
Next, are these domain users or locally created users?  This is important for the physical directory path below ;)

IIS user isolation required that the phyiscal root directories be setup like such matching the user ID.
  D:\FTP Sites\LocalUser\administrator
  D:\FTP Sites\LocalUser\ClientA
  D:\FTP Sites\LocalUser\ClientB
  D:\FTP Sites\LocalUser\ClientC

D:\FTP Sites can be anything, The KEY folder here is "LocalUser".

Don't forget to restrict NTFS permissions so that only administrators or the Machine\Client(A|B|C) can read/write to the specified folders.

USER ISOLATION:
Select the option "User name directory (disable global virtual directories) " in the FTP user isolation feature.

Now for the administrator. Here is the trick - Create a virtual Directory in IIS Manager under the D:\FTP Sites\LocalUser\administrator\<call it Root or --Toplevel--> and have it point to the D:\FTP Sites\.  Now your admin can login and go thorugh all folders with isolation setup.

User Account Types                    Physical Home Directory Syntax
  Anonymous users                        %FtpRoot%\LocalUser\Public
  Local Windows user accounts        %FtpRoot%\LocalUser\%UserName%
  Windows domain accounts            %FtpRoot%\%UserDomain%\%UserName%
  IIS Manager or ASP.NET custom    %FtpRoot%\LocalUser\%UserName%
 
Let me know if you have any issues,

Hades666  
0
 
LVL 3

Expert Comment

by:sethisaurabh
ID: 33659995
0
 
LVL 5

Author Comment

by:2Cs
ID: 33663802
Hi all,

I have managed to get the basic FTP service working, but the other problem I have is that I want users to have different accounts that when they login it maps to their user folder (For example, a user account domain1.co.uk logs into the FTP site and has only access to the domain1.co.uk folder in the FTP root that matches their username)

- If I set FTP User Isolation to Username then they can go up folders and browse directories I don't want them to
- If I set FTP User Isolation to Username Directory then the users are just prompted that their home directory is inaccessible

Al
0
 
LVL 30

Accepted Solution

by:
Brad Howe earned 1000 total points
ID: 33663982
Hi,
What is the directory structure you setup? As you are using domain users is the folder level like  %FtpRoot%\<YOURDOMAIN>\%UserName%
Please provide a screenshot of your folder structure in explorer and your iis ftp settings.
This is required for user isolation on a domain.
Cheers,-Hades666

0
 
LVL 5

Author Comment

by:2Cs
ID: 33798843
Hi Hades666,

I will try that this week and see what happens.

Al
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question