Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting up an IIS (v6.0) FTP Server with isolated users 3

Status
Not open for further replies.
Jun 16, 2004
53
US
Scenario: You want to create an FTP server that has multiple users that will all connect to individual folders but you do not want these users to see any folder but their own.

Apparently Microsoft's documentation has an error in it because at first try I did not succeed and upon doing some research, I found I was not the only one. So I took what I had read, what I had done, and what others had done and I played with it until I figured it out.

For the purpose of this post we're going to call our site "TekTips" and our users will be TekUser1 and TekUser2. We want both TekUser1 and TekUser2 to be able to connect to our FTP server but only see their own folder. We're going to isolate them using the IIS Virtual Directory wizard.

Step 1: We need to create local usernames for both these users. Start>Program Files>Administrative Tools>Computer Management

Open Local Users & Groups on the right pane.
Double click on the Users folder
Right click on the left pane and select New User

Username: TekUser1
Full Name: You can leave this blank or put whatever you like
Description: TekUser1 FTP Login

Set the password and click OK

Step 2 : Next we have to create the physical directory the user will FTP into to download files we place there. What you need to do is navigate to C:\Innetpub\ftproot\ and create a folder called

"localuser"

From what I've read there is documentation from Microsoft which says to make the directory "localusers" and that is incorrect.

Inside the \localuser directory is where we will create two folders.

TekUser1
TekUser2

They must be typed out exactly as the usernames are.

Place whatever files you want these users to be able to download into those two user directories. I created two test text files.

Step 3: Set the permissions on the folders. Right click the folders and select either Properties or Sharing and Security. On the Security tab you can remove the main Users group and replace it with your username TekUser1 and TekUser2 for its appropriate folder.

I just have Administrators (Full Control) and the users of their appropriate folders (Read writes) listed.

*I took out Creator/Owner and SYSTEM. If anyone knows if this would be a problem, please let me know. You can leave them there if you'd like but I am not having any issues with this configuration thus far*

Step 4: The next step is to set up the actual site in IIS 6.0.

Navigate to Start>Program Files>Administrative Tools>Internet Information Services (IIS) Manager

On the right pane you want to open up your Local Computer name and then right click on FTP Sites folder.

Select New FTP Site
A screen comes up "Welcome to the FTP Site Creation Wizard"
Select NEXT
Type in the name of the Site. Mine was "TekTips FTP Server"
Select NEXT
Type the IP address of the computer or if you see "All Unassigned" you can leave it at that. The port is 21.

**In order for outside users to connect to your FTP server your port 21 must be opened on your switch or router so make sure this is done beforehand. You will also need the External IP address of the machine you are creating the FTP server on so that the outside world can get in. If it's an internal FTP site then you can just give out the internal IP address to your users on your network**

Select NEXT

This is the screen we want. There are three options, we want "Isolate Users" (Users must be assigned an FTP home directory within the root of this FTP site)

Select the radio button next to this option and then select NEXT

The home directory is the FTP server root or C:\Innetpub\ftproot

Select Browse to navigate to this directory and then click NEXT

The next page is the Permissions screen. I only want my users to download files so "Read" is the only permission selected; however, if you want your users to be able to add files to the directory you must check off "Write" as well.

Select NEXT

The FTP Site Creation Wizard completes successfully. If it does not end successfully make sure you read what the problem is.

On my particular domain I have three NICs and we are using IP bindings. You can only create one FTP server PER IP ADDRESS. In order to have an additional site on my server I would need to specify a different IP address but I don't have one. If you do, go for it, otherwise you don't need to create another site as you can create multiple directories. You can even create a "public" directory and set it to allow anonymous connections if you want.

Step 5: Now we have to create the actual virtual directories in IIS which are going to point to our physical directories.

Right click on the TekTips FTP Server and select New> Virtual Directory

A page comes up "Welcome to the Virtual Directory Creation Wizard"
Select NEXT

Type your alias. I typed TekUser1 and selected NEXT

The next screen is the path to the physical directory. Select Browse and navigate to C:\Inetpub\ftproot\localuser\TekUser1 and then select NEXT

Set the permissions for Read or Write or both on the next page like you did before and select NEXT

Select Finish to complete the virtual directory creation wizard. You should see it completed successfully.

Repeat the wizard for TekUser2.

If you right click on the virtual directories and go to Permissions you will see that the username which matches the virtual directory can access the folder as well as the local administrators.

I set it for just the user and the Admins group. I may have missed a few things as far as Permissions are concerned but I can connect successfully to the folders through FTP and not see any other folders which was my intention.

If anyone comes across this and knows of a different approach or feels I gave erroneous information, please feel free to respond.

Now if you use an FTP program or connect via a browser window you should be able to connect.

Remember Outside World uses the External IP of the machine. People on your network can use the Internal IP of the machine.

Comments? Questions? Email me at taradm631@aol.com




 
hi there techsupportgirl...
this is a very useful article, i would lke to thank you for it....

i recommend u put it as a FAQ so that more people will be able to see it....

Regards,
The HMS
 
I agree, excellent post well worth posting it as an FAQ.
 
Thank you. I will post it as a FAQ. ;)
 

I got a question related to this post.

Let say you need to have both isolated users and non-isolated users on the same site.
Obviously, there is a workaround using two IP adresses, two FTP sites, one inisolated mode, the other non isolated.

However, is it possible to have this configuration without multiple IP addresses ?

thanks for helping.
 
Hi,

How would you work around the problem of the availabity of usernames and passwords in plaintext. I have used very simular procedures for setting up a multiple user FTP site utilizing one IP address with simular results. I hope you found a solution this problem as well.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top