Solved

Hide certain FTP folders from certain users - Server 2012

Posted on 2013-11-07
5
1,416 Views
Last Modified: 2013-11-08
Hi experts,

I'll start by telling something about myself.

Two of my hobbies are taking photographs and making music. For easy access to all of my work, I host a FTP server under Windows 2012. Of course I have access to al the data on the server, but some of my friends like to have access to. No problem, I gave them user accounts and they can log in and see everything, but there lies the problem. I don't want them to see everything. I can deny access to certain folders, but I don't want them to see the folders they don't have access to.

The folder structure is as follows:
D:\ (An internal disk that acts as the FTP root)
     Pictures
          Private Pictures (The folder I don't want them to see and access)
          Cars
          Nature
          ... (All folders they can access)
     Music (Folder they can access
     Movies
          Home made
               Private (The folder I don't want them to see and access)
               My cars
               ... (Folders they can access)
          Nature
          ... (Folders they can access)

I have searched the internet for days, and I find solutions regarding to virtual directies, special NTFS permissions, Access Based Enumeartion. But I can't seem to get it working.

Could someone please help me with this problem. Any help would be much appreciated.
0
Comment
Question by:eNVy8ight
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39632120
Hi eNVy8ight .

You have several options all depends from waht you really want.

On this example you can configure folders specific for the users. What I mean is if I´m granwizzard when i Log on the FTP server I will logged on directly on the folder specified for my user.

Take a look here:
How to set up an FTP site so that users log on to their folders

If just want to hide some directories take a look here:
How to: Hide FTP Directories

Let us know if this helped.

Regards
0
 

Author Comment

by:eNVy8ight
ID: 39632230
Hi granwizzard,

Thanks for the reply.

The first option you mentioned is not really what I want. I want all users to land in the same folder (root folder). Because all of my subfolders are there.

The second option, (the Microsoft KB info), I have tried and can't get it to work.

This is what Microsoft says to do:
4.Specify file permissions for the anonymous user:
   a.Click Permissions, and then in the Name list, click Anonymous User.
   b.In the Type Of Access box, click Special Directory Access.
   c.In the Special Directory Access dialog box, click Other, but do not click to select any of
   the check boxes

I guess anonymous user, can be any user or group I want ?
Special directory access option, I can't seem to find ?

If you could explain it in a little more detail, perhaps I will be able to find the solution.

Excuse for my lack of knowledge, i'm still learning everything.
0
 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 500 total points
ID: 39632494
Please ignore my previous links my bad, because they are to other version of IIS, since you have 2012 there are 3 options to achieve  that.´

They are:
1.User name directory: Isolates user sessions to the physical or virtual directory with the same name of the FTP user account. The user sees only their FTP root location and is, therefore, restricted from navigating higher up the physical or virtual directory tree. Any global virtual directories that are created are ignored.


2.User name physical directory: Isolates user sessions to the physical directory with the same name of the FTP user account. The user sees only their FTP root location and is, therefore, restricted from navigating higher up the physical directory tree. Any global virtual directories that are created apply to all users.


3.FTP home directory configured in Active Directory: Isolates user sessions to the home directory that is configured in the Active Directory account settings for each FTP user.

So you have to think how do you want to design the directory structure, the easy way is to change the permissions on the folders.

Because you put the Home Directory D:\ (your user accounts will see every folders,  despite of the permissions)

If you want to keep the structure, you can remove the other users from the folders permissions that you don´t want them to see. Note: They will see the folders but they will not see the info inside them.

Do this just for one folder and if this work for you repeat the process for other folders.

Example:

On the D:\ (An internal disk that acts as the FTP root)\Pictures\Private Pictures (The folder I don't want them to see and access) ->  Right click and choose the security tab -> Advance and the deselect the allow Inherit permissions from.........-> OK

Then remove the user names of your friends from the top panel Group or User Names don´t touch the other users.

Let me know.

Regards
0
 

Author Comment

by:eNVy8ight
ID: 39633601
Hi,

I want to thank you for pointing me in the right direction. I finally understand how virtual directories and user name physical directory work.

I set up my FTP so that every user has its own root directory and they can see certain virtual directories. It took me a while to understand and find out how it worked, but I'm happy with the final result.

Thanks again.
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39633811
Great.

Regards
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Table of Contents: Lesson 1 - Installing Windows Server 2012 (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/A_11592-Become-an-Administrator-Installing-Windows-Server-2012.html) Lesson 2 - Configuring Ser…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now