Tuesday, February 26, 2013

Create an IIS 7.5 FTP site (Windows Server 2008 R2)

Part 1:  Create a basic FTP site
  1. Create a new user for the FTP site
    1. Open Server Manager
    2. Go to Configuration > Local Users and Groups > User
    3. From the Actions pane select More Actions > New User...
    4. Enter the username and password that you want to use for this FTP site
    5. Uncheck – User must change password at next logon
    6. Check – User cannot change password
    7. Check – Password never expires
    8. Click Create and then the Close button.
    9. Open the user properties of the user you created above (double-click or right-click > Properties on the username in Server Manager)
    10. Go to the Remote Desktop Services Profile tab
    11. Check – Deny this user permissions to log on to Remote Desktop Session Host server
    12. Click OK
    13. Close Server Manager
  2. Launch Internet Information Services (IIS) Manager.  This is found by clicking the “Start button” > Administrative Tools > Internet Information Services (IIS) Manager.
  3. Expand the tree view (left pane in IIS Manager) under the Connections pane—click the ‘+’ next to the server name—and select Sites.
  4. From the Actions pane select “Add FTP Site…
  5. Complete the Add FTP Site wizard.
    1. FTP site name: The name you wish to give this FTP site
    2. Physical path: The location of your site or where you want the FTP site files to go
    3. Click Next
    4. Set the IP address that you want to use for FTP
    5. Select Allow SSL
    6. Choose the self-signed, server generated certificate from the SSL Certificate: drop-down list
    7. Click Next
    8. Check Basic authentication
    9. Change the Allow access to: drop-down to Specified users
    10. Enter the name of the user that you previously created in the text area below the drop-down list
    11. Check Read and Write from Permissions
    12. Click Finish
  6. You should now see the name of your FTP site under the main Sites pane
  7. Double-click on the FTP site that you setup from the main pane, or expand Sites from the tree view and select the FTP site that you setup
  8. Check folder permissions on the folder that you pointed the FTP site to
    1. Click Edit Permissions… under the Actions pane
    2. Click Security tab
    3. Make sure the user that you created above has modify rights to the folder
  9. At this point FTP is setup and working using the most basic configuration. 
Part 2:  User Isolation Note: There are five types of FTP User Isolation that IIS7.x supports.  In this KB article we will only cover two: “FTP Root Directory” which is the basic, default option and “User name directory (disable global virtual directories)” which is used for user isolation.  If you would like information on all five types of FTP User Isolation you can look here: http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/#002
  1. With the FTP site that you created above selected in the IIS Manager, launch the FTP User Isolation module by clicking on the FTP User Isolation icon
  2. Change the isolation method from “FTP root directory” to “User name directory (disable global virtual directories)
  3. Click Apply under the Actions pane.
  4. Go back to the root of your FTP Site.
  5. Create a virtual directory named LocalUser.
    Note 1:     This is one of the rare cases where Windows requires case-sensitivity.  The virtual directory name must be LocalUser, with the capital “L” and “U”, or FTP user isolation will fail.
    Note 2:     The LocalUser folder only works for server level (local) usernames.  Domain level usernames are covered in later steps.
    1. Right-click on Test FTP Site from the tree view and select Add Virtual Directory…
    2. Alias: LocalUser (case-sensitive!)
    3. Physical path: C:\inetpub\ftproot
    4. Click OK
  6. Now create a second virtual directory (vdir) under the LocalUser vdir.
    1. Right-click on LocalUser from the tree view and select Add Virtual Directory…
    2. Alias: Use the name of the user that you created above for FTP
    3. Physical path: The actual path to where you want this user to be directed to
    4. Click OK
  7. Select the vdir in step 6 above from the tree view then Edit Permissions… from the Actions pane.
  8. Under the Security tab, give your FTP user “Modify” permissions to the folder then OK out of everything.
For a domain user, follow the steps below:
  1. In IIS Manager, create a new vdir under the root of your FTP Site named OW.
    Note 1:     When setting up user isolation for domain user names you must create a vdir using the domain’s nickname.  This directory acts in the same way LocalUser does but for domain level users.
    Note 2:      An Active Directory domain has two names: the domain name and the nickname.  The nickname is actually the “pre-Windows 2000 domain name” from when the domain names did not use a DNS/LDAP like naming structure.
    The post-Windows 2000 domain names are like an internet domain name, like orcsweb.com.  The pre-Windows 2000 domain name, or nickname, is just a single word with hostname like attributes.  In OrcsWeb’s case the nickname is OW, and the domain name is orcsweb.com.
    1. Right-click on your FTP Site from the tree view and select Add Virtual Directory…
    2. Alias: OW (all upper case)
    3. Physical path: C:\inetpub\ftproot
    4. Click OK
  2. Now create a second and third virtual directory (vdir) under the OW vdir.
    1. Right-click on the OW vdir from the tree view and select Add Virtual Directory…
    2. Alias: <your domain user name> (without the OW\ in front if it)
    3. Physical path: The path to your site
    4. Click OK
    5. Repeat for any other users as needed.
  3. Add the user to the NTFS permission on disk for the folders that you pointed the FTP users to
  4. Authorize the domain users in FTP.
    1. In IIS Manager, select your FTP Site and then the FTP Authorization Rules module
    2. Here is where you can authorize users to access the FTP site.  There are a couple of options you can choose: 1. Add the individual users or groups, 2. Allow all authenticated users.  By default we add individual users or a user group when setting up isolated users.
    3. Add any domains users to the existing rule (if there are any - or create a new one).
      1. Select the rule then Edit from the Actions pane
      2. After existing user enter a comma-space (“, “) then OW\ and the Active Directory user name.
      3. Click OK 



      Thanks
      R.karthikeyan
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Share this

Labels

WINDOWS SERVER (22) Windows (20) IIS (15) Interview questions (10) TFS (9) Troubleshooting Tips (9) Fortigate Firewall (8) SQL (8) Backup (6) Team Foundation Server (6) Webserver (6) Windows Administration Task (6) Microsoft certification (5) Virtualization (5) ADDS (4) Active Directory (4) FTP (4) PHP (4) SQL 2012 (4) SQL Server (4) server (4) DBA (3) MSSQL (3) Networking (3) Offer (3) Webhosting (3) Windows 8 (3) 74-409 (2) Agile Methodology (2) Apache (2) CLI Commands (2) DNS (2) Dedicated server (2) Difference between Active and Passive Connection Mode (2) Fortinet (2) GPO (2) IIS8 (2) IPAddress (2) IPV6 (2) MVA (2) Microsoft News (2) NAT (2) Software Development (2) TFS2013 (2) Uncategorized Post (2) XAMPP (2) firewall Administration. (2) powershell (2) .htaccess (1) ALM (1) Agile vs Scrum Difference (1) Blogging TIPS (1) CPanel (1) Command for Administrator (1) DC (1) DHCP (1) Domain joining nano server (1) Exam 74-409 (1) Excel TIps (1) File server (1) Fortigate Firewall HA (1) Fortigate Firmware Upgrade (1) Free Exam 70-740 (1) Free Voucher (1) Generation2 VM (1) Group Policy (1) HP (1) HP ILO IP CHange (1) HP OA IP Change (1) HP Proliant Servers (1) HTTP to HTTPS (1) Hyper-V (1) IAS (1) IIS Server hardening (1) ILO (1) Install dll (1) MCSA 2016 (1) Microsoft Virtual Academy (1) Microsoft file sharing Port (1) Migration (1) MySQL (1) NPS (1) Nano server (1) Network Drive (1) OA (1) Plesk Panel (1) Ports (1) Ports for windows file sharing (1) RADIUS (1) RDP (1) Remote Desktop Connection (1) SCRUM (1) SQL ErrorLog (1) SQL TEMPDB (1) Second Shot (1) Server 2012 (1) Startup Parameters (1) TEMPDB Movement (1) TIPS (1) Team Foundation Server 2013 (1) Temp profile. (1) Troubleshooting DNS (1) URL Rewriting (1) VDOM (1) VPS (1) VSS (1) Virtual Labs (1) Visual Studio (1) Visual Studio 2012 (1) Visual Studio 2013 (1) Visual source safe (1) Waterfall Model vs Agile Methodology (1) Windows 2016 (1) Windows 7 (1) Windows Server 2012 (1) Windows command line (1) XP (1) certification path (1) exam (1) free online courses (1) protocols/ports for windows file sharing on a firewall (1) sql error (1) what features has been installed in your SQL Server (1) windows 2012 (1) windows Time Service (1) work item types difference (1)

E-Books

Blogger Gadgets