Ftp user vs Ftp admin accounts

[lseawell]

Hi People.

When I set up user ftp accounts they can't log in to their virtual directory unless I give the user admin rights. I've been assigning them admin rights without telling them. This has now become a problem, because I need to give each user the ability to stop and start a particular service which is created and assigned to them. Here's the problem: If they logon to the service stop/start application with admin rights, they have control over EVERY SERVICE running on the computer. If I take away their admin rights, they can't log in to their ftp account.

Help me please.....

 

[2nddawn]

I had this exact same problem. Here is how to fix that.

((this is a way to make it work for everyone quickly.. you could do it more granular if you want I will explain that after the first explination))

First: Create a group called whatever you want ((or you can probably just use Users or domain users if you are using a domain))

second: Give the group full access to the ftp folder..

third: give that group operator privilidges to the ftp server.

Final: grant "log on locally" rights to the group.. the hard part about this is choosing the right place to do it.. in order of precidence.. Domain Controller Security policies, Domain security policies, Local Security policies.. if your server is a DC use DC.. if it's part of a domain use domain if it's niether change it on Local. If you change it on local or domain and the server is a DC it won't work.


More granular ((quite a bit more work for MANY users unless you want to totally limit their access)):

First: same as above

Secnd: ((Change)) You can give each individual access to their on directory only. Which requires you either having a script or hand populating the security policies for each folder in the ftp. or populating the directory with each persons name. ((Top one is easier because then to remove someone you just remove them from the group))

Third: Same as above

Final: same as above

 

[lseawell]

Hey 2nddawn,

Man-o-man! You are right! It worked just exactly how you described it. It seems so logical now that you've mapped it out. I just gave the Domain User group full rights to the directory containing their own ftp directories, and then when I create the ftp path for individual log-in access, it takes them to their folder and only their folder, and if they try to go up a level from their root, it goes to the empty FTP root. Very slick. Thanks a bundle!!!

 

[lseawell]

Hey 2nddawn, i don't know what happened, but it quit working. It is a domain controller. On the desired ftp directory, I right-clicked and from the security tab, I gave the group "Domain Users" full control of that folder. I changed every security stting I could find in the DC security, and the user still can't log on unless he an admin.

Can you dummy down your explanation a bit?
Thanks

 

[lseawell]

it's no longer a domain controller... I demoted it