Solved

IIS7 FTP User Isolation

Posted on 2010-09-11
5
1,183 Views
Last Modified: 2012-05-10
Hi all,

I have setup and FTP site using IIS7 on Windows Server 2008 R2 Web Server x64. I can connect to the FTP and get a prompt for username and password both locally and remotely.

But when I enter either local user credentials or an IIS Manager account it wont connect. I've missed something but not sure what.

I am to eventually setup user isolation but I ideally want to have some form of FTP working before I move onto that :)

Al
0
Comment
Question by:2Cs
  • 2
  • 2
5 Comments
 
LVL 30

Expert Comment

by:Brad Howe
ID: 33654945
Take a look at my previous post with details and instructions. Specifically postID ID:33060204
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_26268119.html 
Next, are these domain users or locally created users?  This is important for the physical directory path below ;)

IIS user isolation required that the phyiscal root directories be setup like such matching the user ID.
  D:\FTP Sites\LocalUser\administrator
  D:\FTP Sites\LocalUser\ClientA
  D:\FTP Sites\LocalUser\ClientB
  D:\FTP Sites\LocalUser\ClientC

D:\FTP Sites can be anything, The KEY folder here is "LocalUser".

Don't forget to restrict NTFS permissions so that only administrators or the Machine\Client(A|B|C) can read/write to the specified folders.

USER ISOLATION:
Select the option "User name directory (disable global virtual directories) " in the FTP user isolation feature.

Now for the administrator. Here is the trick - Create a virtual Directory in IIS Manager under the D:\FTP Sites\LocalUser\administrator\<call it Root or --Toplevel--> and have it point to the D:\FTP Sites\.  Now your admin can login and go thorugh all folders with isolation setup.

User Account Types                    Physical Home Directory Syntax
  Anonymous users                        %FtpRoot%\LocalUser\Public
  Local Windows user accounts        %FtpRoot%\LocalUser\%UserName%
  Windows domain accounts            %FtpRoot%\%UserDomain%\%UserName%
  IIS Manager or ASP.NET custom    %FtpRoot%\LocalUser\%UserName%
 
Let me know if you have any issues,

Hades666  
0
 
LVL 3

Expert Comment

by:sethisaurabh
ID: 33659995
0
 
LVL 5

Author Comment

by:2Cs
ID: 33663802
Hi all,

I have managed to get the basic FTP service working, but the other problem I have is that I want users to have different accounts that when they login it maps to their user folder (For example, a user account domain1.co.uk logs into the FTP site and has only access to the domain1.co.uk folder in the FTP root that matches their username)

- If I set FTP User Isolation to Username then they can go up folders and browse directories I don't want them to
- If I set FTP User Isolation to Username Directory then the users are just prompted that their home directory is inaccessible

Al
0
 
LVL 30

Accepted Solution

by:
Brad Howe earned 250 total points
ID: 33663982
Hi,
What is the directory structure you setup? As you are using domain users is the folder level like  %FtpRoot%\<YOURDOMAIN>\%UserName%
Please provide a screenshot of your folder structure in explorer and your iis ftp settings.
This is required for user isolation on a domain.
Cheers,-Hades666

0
 
LVL 5

Author Comment

by:2Cs
ID: 33798843
Hi Hades666,

I will try that this week and see what happens.

Al
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now