Trouble creating FTP in Server 2008

user-management windows-server-2008 iis-7 ftp iis

Solution 1:

I will describe how I do isolated setup of FTP server. This works fine for our needs (1 (or more) user per website). I understand that there maybe much better/quicker/secure setup, but that is what I have been using all the time without any issues so far (Keep in mind -- I'm programmer and not an pro admin and will be grateful for any comments and advices).

  1. Create new user: IUSR_ftpacc (will be used to run app pool).

    • Set "Deny this user permissions to log on to Terminal Services"
    • Member Of: remove "Users"; add "IIS_IUSRS"

  2. Create new user(s) that will be used to access FTP service: e.g. ftpuser

    • Set "Deny this user permissions to log on to Terminal Services"
    • Member Of: I always remove "Users" and add "FTP" group (which you have to create separately -- all users in FTP group will be allowed to use FTP later)

  3. Create folder for FTP: D:\websites\FTP and grant Read & Execute right to this folder.

  4. Create 2 subfolders: "localuser" (for user folders -- must be this name) and "logs" (for logs).

  5. Create individual folders inside D:\websites\FTP\localuser for each FTP account (folder must match user account): e.g. ftpuser, and grant Modify permission.

  6. Open IIS Manager and create new Application Pool: FTPServiceApp. Advanced Settings -> Identity -- set it up to use IUSR_ftpacc account.

  7. Sites -> Add FTP Site..

    • FTP site name: FTP
    • Physical path: D:\websites\FTP
    • Authentication: Basic
    • Allow access to: Specified roles or user groups; FTP (the group mentioned in #2)
    • Permissions: Read & Write

  8. Select newly created ftp site -> Actions -> Basic Settings: Change Application Pool to the one created at #6 (FTPServiceApp). If all setup properly you will see 2 green marks when clicking "Test Settings.." button. "Connect as.." should have "Application user (pass-through authentication)" selected by default.

  9. FTP User Isolation -- I'm always choosing "User name physical directory".

  10. The "FTP Authorisation Rules" should be configured already (from wizard step). "FTP Logging" -- set to write logs into D:\websites\FTP\logs folder.

If I need user to access some website (which located in D:\websites\mywebsite, for example) I create symlink (or directory junction) instead of folder at step #5.

Related

How to Enable Full-Rights File-Browsing on /?
Setting a default vim filetype for syntax highlighting
Is it possible to migrate my whole ubuntu server from a desktop to Amazon Cloud?
BIND SERVFAIL after upgrade to Debian Jessie
Dovecot auth-sql driver not respecting sql username options, how do I get around this?
option http-server-close on HAProxy haproxy-1.5-dev19 will result in Connection: close header sent in response
Cannot renew Public IP address SSL certificate. Any alternatives?
Redirect root to WordPress subfolder under nginx
Fixing 'Relay access denied' in Postfix
Access Installation Disc from Azure-hosted Windows Server 2012 R2 VM
The system cannot find the file specified- Task Scheduler. Win Server 2012
Allow host down while under nagios watch