Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1191
  • Last Modified:

IIS7 FTP User Isolation

Hi all,

I have setup and FTP site using IIS7 on Windows Server 2008 R2 Web Server x64. I can connect to the FTP and get a prompt for username and password both locally and remotely.

But when I enter either local user credentials or an IIS Manager account it wont connect. I've missed something but not sure what.

I am to eventually setup user isolation but I ideally want to have some form of FTP working before I move onto that :)

Al
0
2Cs
Asked:
2Cs
  • 2
  • 2
1 Solution
 
Brad HoweCommented:
Take a look at my previous post with details and instructions. Specifically postID ID:33060204
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_26268119.html 
Next, are these domain users or locally created users?  This is important for the physical directory path below ;)

IIS user isolation required that the phyiscal root directories be setup like such matching the user ID.
  D:\FTP Sites\LocalUser\administrator
  D:\FTP Sites\LocalUser\ClientA
  D:\FTP Sites\LocalUser\ClientB
  D:\FTP Sites\LocalUser\ClientC

D:\FTP Sites can be anything, The KEY folder here is "LocalUser".

Don't forget to restrict NTFS permissions so that only administrators or the Machine\Client(A|B|C) can read/write to the specified folders.

USER ISOLATION:
Select the option "User name directory (disable global virtual directories) " in the FTP user isolation feature.

Now for the administrator. Here is the trick - Create a virtual Directory in IIS Manager under the D:\FTP Sites\LocalUser\administrator\<call it Root or --Toplevel--> and have it point to the D:\FTP Sites\.  Now your admin can login and go thorugh all folders with isolation setup.

User Account Types                    Physical Home Directory Syntax
  Anonymous users                        %FtpRoot%\LocalUser\Public
  Local Windows user accounts        %FtpRoot%\LocalUser\%UserName%
  Windows domain accounts            %FtpRoot%\%UserDomain%\%UserName%
  IIS Manager or ASP.NET custom    %FtpRoot%\LocalUser\%UserName%
 
Let me know if you have any issues,

Hades666  
0
 
sethisaurabhCommented:
0
 
2CsAuthor Commented:
Hi all,

I have managed to get the basic FTP service working, but the other problem I have is that I want users to have different accounts that when they login it maps to their user folder (For example, a user account domain1.co.uk logs into the FTP site and has only access to the domain1.co.uk folder in the FTP root that matches their username)

- If I set FTP User Isolation to Username then they can go up folders and browse directories I don't want them to
- If I set FTP User Isolation to Username Directory then the users are just prompted that their home directory is inaccessible

Al
0
 
Brad HoweCommented:
Hi,
What is the directory structure you setup? As you are using domain users is the folder level like  %FtpRoot%\<YOURDOMAIN>\%UserName%
Please provide a screenshot of your folder structure in explorer and your iis ftp settings.
This is required for user isolation on a domain.
Cheers,-Hades666

0
 
2CsAuthor Commented:
Hi Hades666,

I will try that this week and see what happens.

Al
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now