Cannot access FTP

Posted on 2011-10-04
Medium Priority
Last Modified: 2012-05-12
Hello All,
I've created an isolation ftp site under Windows 2008 R2, administrator can log in fine without any problem, but other users cannot log in.
they kept getting: 503 User cannot log in, home directory inaccessible.

I have:
h:\FTPHome\LocalUser\Administrator (Administrator has right to this directory)
h:\FTPHome\LocalUser\FTPTest1 (user FTPTest1 has right to this directory)
h:\FTPHome\LocalUser\PaulT (PaulT has right to this directory)

Like I have said, administrator logged in fine, but the other 2 users get the 503 error above.

Thanks for your help.

Question by:Paul-AC
  • 4
  • 3

Expert Comment

by:Matthew England
ID: 36913568
Sounds like they possibly don't have the rights to Read/Traverse the parent directory tree. What are the permissions on h:\FTPHome\LocalUser\ for your two non-admin users.

You might also want to check the Local Security Policy to ensure Users (or a group containing your FTP Users, is granted the 'Access this computer From the Network' security right (and is not assigned the "Deny access to this computer from the network" security right)

You'll also want to use the Bypass traverse checking security right for your FTP Users. This should prevent the OS from performing security checks up the file structure & will improve performance.

Author Comment

ID: 36913823
the two non-admin users don't have access to the h:\FTPHome\LocalUser
Should I manually give them rights to the directory?
if this is the case, then I have to do this every time I add new ftp users (that's time consuming, because I create a lot of ftp users).

How do I use "the Bypass traverse checking security right for your FTP Users"?


Accepted Solution

Matthew England earned 2000 total points
ID: 36918650
You wouldn't want to add permissions to each user individually. You would create a group, or use one that's already existing, such as "Users", a default groups in Windows, which includes all the users which exist locally on that machine. By default, Windows assigns the "Users" group, Read, Execute, List Folder Contents. If you add that permission back to the H:\ drive (This Directory) and h:\FTPHome\ (This directory & sub-directories) then you should be okay.

If you turnned off inheritance on any of the directories then I'd reccomend turnning that back on, unless you want to set the permissions at each level.

As for the "Bypass Traverse Checking" security right, simply launch the Local Security Policy MMC, (located in Administrative Tools either on your Start menu or Control Panel). Then expand it out to >Local Policies >>User Rights Assignments>> then select the Bypass Traverse Checking option. This should contain at a minimum one of the following; "Authenticated Users, Users, Everyone"
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.


Author Comment

ID: 36919046
I checked to make sure and yes, the "Users" group have Read, Execute and List Folder Contents to both H:\FTPHome and F:\FTPHome\LocalUser
and both non-admin users are members of the "User" group.
So wonder why it's not working.

Author Comment

ID: 36926245
I deleted the ftp and recreated and it worked.
on the "Bypass Traverse Checking" option.
it currently has: Administrators, Backup Operators, Everyone, LOCAL SERVICE, NETWORK SERVICE, Users.
Do I need to remove any of these at all?

Assisted Solution

by:Matthew England
Matthew England earned 2000 total points
ID: 36927700
No. You can leave those all in there.  


Author Closing Comment

ID: 36951429

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question