How To Set Up Isolated Ftp Site

Author:

Bernard Cheah MVP

COMMUNITY SOLUTIONS CONTENT DISCLAIMER

MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

MORE INFORMATION

IIS 6.0 introduce 3 new modes for ftp site:
 
a) Do not isolate users - This mode does not enable FTP user isolation and it work similarly to earlier versions of IIS.
 
b) Isolate users - This mode authenticates users against local or domain accounts before they can access the home directory that matches their user name. All user home directories are in a directory structure under a single FTP root directory where each user is placed and restricted to their home directory. Users are not permitted to navigate out of their home directory.
 
c) Isolate users using Active Directory - This mode authenticates user credentials against a corresponding Active Directory container, rather than searching the entire Active Directory, which requires large amounts of processing time. Specific FTP server instances can be dedicated to each customer to ensure data integrity and isolation.
 
Note: This article focus on Isolate users in normal mode (b)
 
To create a new FTP site that isolates users
1. In IIS Manager, expand the local computer, right-click the FTP Sites folder, point to New, and click FTP Site.
2. Provide the required information in the FTP Site Description and IP Address and Port Settings dialog boxes, and click Next.
3. In the FTP User Isolation dialog box, click Isolate users, and click Next.
4. In the Path box, type or browse to the directory that contains, or will contain, the site content, and then click Next.
5. Select the check boxes for the FTP site access permissions you want to assign to your users, and then click Next.
6. Click Finish.
 
 
To create FTP root-point and user folders
If users of the local computer log in with their individual account user names, create the subdirectories LocalUser under the FTP site root directory you specified when you creating the FTP site.
For Example -
FTP root directory -> D:\MyFTP\
LocalUser locate at D:\MyFTP\LocalUser
 
For individual user, you need to create folder in this format - LocalUser\username
User: Susan locate at D:\MyFTP\LocalUser\Susan
 
If users of different domains log on with their explicit domain\username credentials, create a subdirectory for each domain (by using the name of the domain) under the FTP site root directory you specified when you creating the FTP site.
For Example -
Domain Name: Account
FTP root directory -> D:\MyFTP\
LocalUser locate at D:\MyFTP\Account
 
For individual domain user, you need to create folder in this format - Domain\username
Domain User: Nancy locate at D:\MyFTP\Account\Nancy
 
 
Anonymous access in isolated ftp site
If anonymous access is allowed, create the subdirectories LocalUser and LocalUser\Public under the FTP site home directory.
 
 
Note: All user home directories are in a directory structure under a single FTP root directory where each user is placed and restricted to their home directory. Users are not permitted to navigate out of their home directory. If users need access to dedicated shared folders, you can also establish a virtual root.
 
 
 
For additional information, you can also access the product documentation through the IIS Manager. For additional information about how to access this Help feature, visit following article number to view the article in the Microsoft Knowledge Base:
 
825127 How To: Access IIS 6.0 Help Documentation
 
Properties

Article ID: 555018 - Last Review: 14 Feb 2017 - Revision: 1

Microsoft Internet Information Services 6.0

Feedback