Cannot access FTP

Hello All,
I've created an isolation ftp site under Windows 2008 R2, administrator can log in fine without any problem, but other users cannot log in.
they kept getting: 503 User cannot log in, home directory inaccessible.

I have:
h:\FTPHome\LocalUser\Administrator (Administrator has right to this directory)
h:\FTPHome\LocalUser\FTPTest1 (user FTPTest1 has right to this directory)
h:\FTPHome\LocalUser\PaulT (PaulT has right to this directory)

Like I have said, administrator logged in fine, but the other 2 users get the 503 error above.

Thanks for your help.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Matthew EnglandTechnology ConsultantCommented:
Sounds like they possibly don't have the rights to Read/Traverse the parent directory tree. What are the permissions on h:\FTPHome\LocalUser\ for your two non-admin users.

You might also want to check the Local Security Policy to ensure Users (or a group containing your FTP Users, is granted the 'Access this computer From the Network' security right (and is not assigned the "Deny access to this computer from the network" security right)

You'll also want to use the Bypass traverse checking security right for your FTP Users. This should prevent the OS from performing security checks up the file structure & will improve performance.
Paul-ACAuthor Commented:
the two non-admin users don't have access to the h:\FTPHome\LocalUser
Should I manually give them rights to the directory?
if this is the case, then I have to do this every time I add new ftp users (that's time consuming, because I create a lot of ftp users).

How do I use "the Bypass traverse checking security right for your FTP Users"?

Matthew EnglandTechnology ConsultantCommented:
You wouldn't want to add permissions to each user individually. You would create a group, or use one that's already existing, such as "Users", a default groups in Windows, which includes all the users which exist locally on that machine. By default, Windows assigns the "Users" group, Read, Execute, List Folder Contents. If you add that permission back to the H:\ drive (This Directory) and h:\FTPHome\ (This directory & sub-directories) then you should be okay.

If you turnned off inheritance on any of the directories then I'd reccomend turnning that back on, unless you want to set the permissions at each level.

As for the "Bypass Traverse Checking" security right, simply launch the Local Security Policy MMC, (located in Administrative Tools either on your Start menu or Control Panel). Then expand it out to >Local Policies >>User Rights Assignments>> then select the Bypass Traverse Checking option. This should contain at a minimum one of the following; "Authenticated Users, Users, Everyone"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Paul-ACAuthor Commented:
I checked to make sure and yes, the "Users" group have Read, Execute and List Folder Contents to both H:\FTPHome and F:\FTPHome\LocalUser
and both non-admin users are members of the "User" group.
So wonder why it's not working.
Paul-ACAuthor Commented:
I deleted the ftp and recreated and it worked.
on the "Bypass Traverse Checking" option.
it currently has: Administrators, Backup Operators, Everyone, LOCAL SERVICE, NETWORK SERVICE, Users.
Do I need to remove any of these at all?
Matthew EnglandTechnology ConsultantCommented:
No. You can leave those all in there.  

Paul-ACAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.