Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.
Course Of The Month
6 days, 4 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
IIS7 FTP default folder
Posted on 2016-09-07
In previous versions of IIS (before 7), you could create a Virtual directory under your FTP site w/an alias the same as your user. The user would then land in the physical dir' specified in the Virtual directory on Login.
This does not seem to work for IIS7. You can find instructions on how to enable user isolation, but I already have several user accounts built and working on this machine and I don't want to go back and re-work those accounts/projects.
How can I get the old method of creating a virtual directory and having the user account w/the same name land in its physical path on login to work ?
Thanks
This does not seem to work for IIS7. You can find instructions on how to enable user isolation, but I already have several user accounts built and working on this machine and I don't want to go back and re-work those accounts/projects.
How can I get the old method of creating a virtual directory and having the user account w/the same name land in its physical path on login to work ?
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
4
8 Comments
Active today
IIS' FTP Service functionality with virtual directories functions as it has in previous versions. The functionality has not changed since IIS6. How you configure it in 6 and 7 is essentially the same, the configuration has changed under IIS8+
Here is how I setup an IIS FTP Service on IIS7 & greater...
Assumptions:
0. we are talking about IIS7 without the out-of-band FTP v7.5 service installed
----- if the this is IIS7 with FTP v7.5 installed, the IIS Manager process is a bit different.
1. the ftp site will be called ftp.mycompany.com
2. there is a second partition available on the IIS server
2a. if there is only a C: drive, substitute C: for D:
On the Local IIS Server:
1. create a group called "ftp-mycompany-com_Read"
1a. add all Domain User Account (or local user accounts) that require login access and Read-Only to the FTP Site
2. create a group called "ftp-mycompany-com_ReadWri
2a. add all Domain User Account (or local user accounts) that require login access and Read&Write access to the FTP Site
In the file system:
3. On the D: Drive, create a directory called webapps
4. under "webapps," create a directory called "ftp"
5. under "ftp," create a directory called "ftp.mycompany.com"
5a. In the NTFS permissions for the directory "ftp.mycompany.com," grant:
5a-- the group "ftp-mycompany-com_Read" Read permissions on this directory as all subdirs/files
6. under "ftp.mycompany.com," create the following directories
6a. "_blank-root"
6a-- it is my not so humble opinion, that no one should ever write into the root of an ftp site. Users are only granted READ permissions (at the NTFS level and IIS FTP level) to traverse the root if they must.
6b. "users"
6b.-- In the NTFS permissions for the directory "users," grant:
6b.---- the group "ftp-mycompany-com_ReadWri
7. under "users," create all the required user named directories
7a. for example, create a directory called, "jsmith"
* At this point, IIS only sees an empty root directory
** At no point should the "users" directory be directly visible to the FTP Site, this would defeat the purpose of this config
In IIS 6.0 Manager (FTP Service v7.0 is basically IIS 6 FTP):
8. create a new FTP Site, name it "ftp.mycompany.com"
9. add a description, Next
10. select a specific IP address to assign to the FTP Service (no "All Unassigned"), Next
11. select "Isolate Users", Next
12. select the directory created in step 4a (D:\webapps\ftp\ftp.mycompany.com\_blank-root), Next
13. select only "Read" permissions, Next
14. on the newly create FTP Site, update the following settings:
14a. right-click the site and select Properties, enable logging
14b. under Logging Properties General Tab, select daily for new log schedule, user local time for rollover, set the log file directory
14c. under Logging Properties Advanced Tab, select ALL fields to be included in the logs. OK out.
14d. since there will be no anonymous access, uncheck "Allow anonymous connections" under the Security Accounts tab.
14e. under Messages tab, modify the banners if necessary
14f. under Home Directory, switch the directory listing style to UNIX (just my preference)
14g. under Directory Security tab, leave as is
15. right-click the newly created FTP Site, select "New" and "Virtual Directory"
16. give the Virtual Directory an alias from step 5a, name it "jsmith"
17. select the path of the Virtual Directory from step 5a (D:\webapps\ftp\ftp.mycompany.com\users\jsmith), Next
18. select both read and write perimssions for this Virtual Directory, Next
As a test, a user account that is a member of either the groups created in steps 1 & 2, should be able to login and automatically land in their respective named Virtual Directory.
If this is really IIS 7.5 or greater, the step in IIS Manager are somewhat different. Below are links for IIS7 and IIS7.5+...
Links:
Default FTP service = https://www.experts-exchange.com/questions/21866201/home-directory-inaccessible-unable-to-login-FTP-server-on-IIS-6-0.html
IIS 7 w/ FTP 7.5 = http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-user-isolation-in-iis-7
PS: it would be helpful to which FTP Service is installed.
Dan
Here is how I setup an IIS FTP Service on IIS7 & greater...
Assumptions:
0. we are talking about IIS7 without the out-of-band FTP v7.5 service installed
----- if the this is IIS7 with FTP v7.5 installed, the IIS Manager process is a bit different.
1. the ftp site will be called ftp.mycompany.com
2. there is a second partition available on the IIS server
2a. if there is only a C: drive, substitute C: for D:
On the Local IIS Server:
1. create a group called "ftp-mycompany-com_Read"
1a. add all Domain User Account (or local user accounts) that require login access and Read-Only to the FTP Site
2. create a group called "ftp-mycompany-com_ReadWri
2a. add all Domain User Account (or local user accounts) that require login access and Read&Write access to the FTP Site
In the file system:
3. On the D: Drive, create a directory called webapps
4. under "webapps," create a directory called "ftp"
5. under "ftp," create a directory called "ftp.mycompany.com"
5a. In the NTFS permissions for the directory "ftp.mycompany.com," grant:
5a-- the group "ftp-mycompany-com_Read" Read permissions on this directory as all subdirs/files
6. under "ftp.mycompany.com," create the following directories
6a. "_blank-root"
6a-- it is my not so humble opinion, that no one should ever write into the root of an ftp site. Users are only granted READ permissions (at the NTFS level and IIS FTP level) to traverse the root if they must.
6b. "users"
6b.-- In the NTFS permissions for the directory "users," grant:
6b.---- the group "ftp-mycompany-com_ReadWri
7. under "users," create all the required user named directories
7a. for example, create a directory called, "jsmith"
* At this point, IIS only sees an empty root directory
** At no point should the "users" directory be directly visible to the FTP Site, this would defeat the purpose of this config
In IIS 6.0 Manager (FTP Service v7.0 is basically IIS 6 FTP):
8. create a new FTP Site, name it "ftp.mycompany.com"
9. add a description, Next
10. select a specific IP address to assign to the FTP Service (no "All Unassigned"), Next
11. select "Isolate Users", Next
12. select the directory created in step 4a (D:\webapps\ftp\ftp.mycompany.com\_blank-root), Next
13. select only "Read" permissions, Next
14. on the newly create FTP Site, update the following settings:
14a. right-click the site and select Properties, enable logging
14b. under Logging Properties General Tab, select daily for new log schedule, user local time for rollover, set the log file directory
14c. under Logging Properties Advanced Tab, select ALL fields to be included in the logs. OK out.
14d. since there will be no anonymous access, uncheck "Allow anonymous connections" under the Security Accounts tab.
14e. under Messages tab, modify the banners if necessary
14f. under Home Directory, switch the directory listing style to UNIX (just my preference)
14g. under Directory Security tab, leave as is
15. right-click the newly created FTP Site, select "New" and "Virtual Directory"
16. give the Virtual Directory an alias from step 5a, name it "jsmith"
17. select the path of the Virtual Directory from step 5a (D:\webapps\ftp\ftp.mycompany.com\users\jsmith), Next
18. select both read and write perimssions for this Virtual Directory, Next
As a test, a user account that is a member of either the groups created in steps 1 & 2, should be able to login and automatically land in their respective named Virtual Directory.
If this is really IIS 7.5 or greater, the step in IIS Manager are somewhat different. Below are links for IIS7 and IIS7.5+...
Links:
Default FTP service = https://www.experts-exchange.com/questions/21866201/home-directory-inaccessible-unable-to-login-FTP-server-on-IIS-6-0.html
IIS 7 w/ FTP 7.5 = http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-user-isolation-in-iis-7
PS: it would be helpful to which FTP Service is installed.
Dan
Active 1 day ago
I appreciate you taking the time to type all that up, but I guess what I am looking for is to try and mix the settings.
I need for some accounts to land in the root and others to land in specific folders.
We already have several projects setup and working, so I was hoping to try and not go back and change the "Isolation" setting on the ftp service, just cause some accounts to land in specific folders.
Thank You.
I need for some accounts to land in the root and others to land in specific folders.
We already have several projects setup and working, so I was hoping to try and not go back and change the "Isolation" setting on the ftp service, just cause some accounts to land in specific folders.
Thank You.
Active today
First, what is the version of the FTP Service that is being used? Functionally it makes a big difference.
In general, in FTP Service 7.5+, if you configure the "Do not isolate users. Start users in:" option to go into their User name directory, and there is no user named directory.. those users fall into the root.
In general, mixing and matching is not allows an option. Often it is either one way or the other.
Another reference link: http://support.orcsweb.com/KB/a338/create-an-iis-75-ftp-site-windows-server-2008-r2.aspx
Dan
In general, in FTP Service 7.5+, if you configure the "Do not isolate users. Start users in:" option to go into their User name directory, and there is no user named directory.. those users fall into the root.
In general, mixing and matching is not allows an option. Often it is either one way or the other.
Another reference link: http://support.orcsweb.com/KB/a338/create-an-iis-75-ftp-site-windows-server-2008-r2.aspx
Dan
Active 1 day ago
"... In general, mixing and matching is not allows an option. Often it is either one way or the other...."
That's what I need to know, a lot of server techs here just load "Server-Zilla", but I was trying to stay away from 3rd party software.
Help from the IIS Manager...
Internet Information Services (Version 7.5.7600 ...)
That's what I need to know, a lot of server techs here just load "Server-Zilla", but I was trying to stay away from 3rd party software.
Help from the IIS Manager...
Internet Information Services (Version 7.5.7600 ...)
Active today
So. I can update the steps to account for FTP 7.5. But if you desire a mix and matc setup, you can deploy another FTP site in IIS with isolation enabled and leave the previously configured FTP site running.
You could also try turning on isolation and then, for accounts that should land in the root directory, just configure that accounts home directory to be the root. As an option.
Dan
You could also try turning on isolation and then, for accounts that should land in the root directory, just configure that accounts home directory to be the root. As an option.
Dan
Active 1 day ago
"... configure that accounts home directory to be the root."
How do you do that, I thought w/Isolation, your clients ended up in a folder named after the login ?
Like its hard coded into the ftp service ?
Thanks
How do you do that, I thought w/Isolation, your clients ended up in a folder named after the login ?
Like its hard coded into the ftp service ?
Thanks
Featured Post
Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten.
The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012.
Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses
Course of the Month6 days, 4 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
707 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.