Solved

How to create  isolated FTP shares for users in SBS 2011 II7

Posted on 2014-01-28
7
650 Views
Last Modified: 2014-02-03
I am migrating from SBS2003 to SBS2011 and trying to work out how to provide the same FTP service. I currently have a few FTP users that authenticate with AD and then have access to a folder in which they can read and write but cannot traverse up the folder structure. In SBS2003 I create a user in AD and a folder with their login name and then create a FTP virtual directory which points to the physical folder. This works fine - the user connects using FTP and is completely isolated.
Microsoft have moved everything about in SBS 2011 and I can't work out how to configure the same thing.
0
Comment
Question by:ClintonK
  • 4
  • 2
7 Comments
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 39816866
It's really not a good idea to deploy an FTP server on an SBS since it's your domain controller and any password that is used to access FTP will go over the Internet in plain text.  This means that those usernames and passwords could be compromised -- definitely a security risk.

SBS already offers a great way to provide remote access to files on your network through Remote Web Access.

After you've enabled RWA on your server you just use the SBS Console to create the shared folder assigning only that user to have access.

Then, on the User properties > Remote Access, enable the user to access RWA:

RWA
And on the web sites section, check to enable Remote Web Access:

RWA
That's all there is to it.

Jeff
TechSoEasy
0
 

Author Comment

by:ClintonK
ID: 39817157
Thanks, but if I have a share that I want to be accessed by a remote FTP backup program it has to have an FTP address, username and password so RWA wouldn't be suitable for that. If I did choose to configure FTP access, how would I do it? I will also consider setting up a dedicated FTP server but for now I'm intrigued to know how I would configure it on SBS 2011.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39817196
Weird that you would have a remote backup program that needs INBOUND access to your SBS, but in any event, follow the steps outlined here to create your FTP site:

http://learn.iis.net/page.aspx/301/creating-a-new-ftp-site/

Jeff
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:ClintonK
ID: 39817343
It's from a friend's server so that he can do offsite backups. He backs up to me and I backup to him. Just a few key files.

Cheers
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 250 total points
ID: 39817450
Actually the best solution is Filezilla FTP server...free and not integrated with Active Directory.
0
 

Author Comment

by:ClintonK
ID: 39817452
Ah, ok - that's an option I hadn't thought of. I'll try that.
0
 

Author Closing Comment

by:ClintonK
ID: 39831137
Thanks for the advice. I appreciate Jeffrey Kane's concerns about setting up an FTP service authenticated by AD and acknowledge his advice on how to do it. Chris Hanna's suggestion is something I will adopt as it does appear to give me the solution I want without so much risk so thanks to you both.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question