Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Hide certain FTP folders from certain users - Server 2012

Posted on 2013-11-07
5
Medium Priority
?
1,973 Views
Last Modified: 2013-11-08
Hi experts,

I'll start by telling something about myself.

Two of my hobbies are taking photographs and making music. For easy access to all of my work, I host a FTP server under Windows 2012. Of course I have access to al the data on the server, but some of my friends like to have access to. No problem, I gave them user accounts and they can log in and see everything, but there lies the problem. I don't want them to see everything. I can deny access to certain folders, but I don't want them to see the folders they don't have access to.

The folder structure is as follows:
D:\ (An internal disk that acts as the FTP root)
     Pictures
          Private Pictures (The folder I don't want them to see and access)
          Cars
          Nature
          ... (All folders they can access)
     Music (Folder they can access
     Movies
          Home made
               Private (The folder I don't want them to see and access)
               My cars
               ... (Folders they can access)
          Nature
          ... (Folders they can access)

I have searched the internet for days, and I find solutions regarding to virtual directies, special NTFS permissions, Access Based Enumeartion. But I can't seem to get it working.

Could someone please help me with this problem. Any help would be much appreciated.
0
Comment
Question by:eNVy8ight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39632120
Hi eNVy8ight .

You have several options all depends from waht you really want.

On this example you can configure folders specific for the users. What I mean is if I´m granwizzard when i Log on the FTP server I will logged on directly on the folder specified for my user.

Take a look here:
How to set up an FTP site so that users log on to their folders

If just want to hide some directories take a look here:
How to: Hide FTP Directories

Let us know if this helped.

Regards
0
 

Author Comment

by:eNVy8ight
ID: 39632230
Hi granwizzard,

Thanks for the reply.

The first option you mentioned is not really what I want. I want all users to land in the same folder (root folder). Because all of my subfolders are there.

The second option, (the Microsoft KB info), I have tried and can't get it to work.

This is what Microsoft says to do:
4.Specify file permissions for the anonymous user:
   a.Click Permissions, and then in the Name list, click Anonymous User.
   b.In the Type Of Access box, click Special Directory Access.
   c.In the Special Directory Access dialog box, click Other, but do not click to select any of
   the check boxes

I guess anonymous user, can be any user or group I want ?
Special directory access option, I can't seem to find ?

If you could explain it in a little more detail, perhaps I will be able to find the solution.

Excuse for my lack of knowledge, i'm still learning everything.
0
 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 1500 total points
ID: 39632494
Please ignore my previous links my bad, because they are to other version of IIS, since you have 2012 there are 3 options to achieve  that.´

They are:
1.User name directory: Isolates user sessions to the physical or virtual directory with the same name of the FTP user account. The user sees only their FTP root location and is, therefore, restricted from navigating higher up the physical or virtual directory tree. Any global virtual directories that are created are ignored.


2.User name physical directory: Isolates user sessions to the physical directory with the same name of the FTP user account. The user sees only their FTP root location and is, therefore, restricted from navigating higher up the physical directory tree. Any global virtual directories that are created apply to all users.


3.FTP home directory configured in Active Directory: Isolates user sessions to the home directory that is configured in the Active Directory account settings for each FTP user.

So you have to think how do you want to design the directory structure, the easy way is to change the permissions on the folders.

Because you put the Home Directory D:\ (your user accounts will see every folders,  despite of the permissions)

If you want to keep the structure, you can remove the other users from the folders permissions that you don´t want them to see. Note: They will see the folders but they will not see the info inside them.

Do this just for one folder and if this work for you repeat the process for other folders.

Example:

On the D:\ (An internal disk that acts as the FTP root)\Pictures\Private Pictures (The folder I don't want them to see and access) ->  Right click and choose the security tab -> Advance and the deselect the allow Inherit permissions from.........-> OK

Then remove the user names of your friends from the top panel Group or User Names don´t touch the other users.

Let me know.

Regards
0
 

Author Comment

by:eNVy8ight
ID: 39633601
Hi,

I want to thank you for pointing me in the right direction. I finally understand how virtual directories and user name physical directory work.

I set up my FTP so that every user has its own root directory and they can see certain virtual directories. It took me a while to understand and find out how it worked, but I'm happy with the final result.

Thanks again.
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39633811
Great.

Regards
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question