Setting permissions of an FTP upload directory in an Active Directory setup

Posted on 2011-05-12
Last Modified: 2012-05-11

What we want is to offer a possibility for a user to upload data to a server by ftp (using his AD password), but do not want that the user can copy data from that directory to another directory when logged on on that server using Remote Desktop.

This may sound strange, but we need a human check that the uploaded data is allowed on the server by an administrator. The administrator will then copy the data from his FTP directory to the user'sfolder with more permissions.

We tried to set the rights of the directory to deny read  but this does not work as expected.
Although, in  remote desktop session the user can not read/execute any files in the FTP directory as expected, in his ftp client he can download data from his FTP directory? That is not wanted because this would allow a user to put sensitive data in his FTP directory and download it from the server.

Any suggestions?

Question by:PjotterR
    LVL 29

    Expert Comment

    Pretty much,...impossible.   Just a "Star-Trek" fantasy.

    Now if you have smart developers who work there that know how to write quality and secure software,...then they might be able to write an application that the person would use and the Application would do all that behind the scenes,...but you just are not going to do that with just the OS, and FTP Service, and Remote Desktop.

    Accepted Solution


    Exactually it is possible and I solved the problem by:

    Setting NTFS rights of the download folder for the user as:


    And that of the upload folder:

    The root FTP folder has only list permissions for the user group.

    In the FTP Server (Cerberus Pro) I created virtual directories pointing to these two dirs with only download permissions of the download folder and write/delete permissions on the upload folder.

    LVL 74

    Expert Comment

    by:Glen Knight
    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now