Google Answers Logo
View Question
 
Q: Windows 2000/AD FTP Problem ( Answered 4 out of 5 stars,   2 Comments )
Question  
Subject: Windows 2000/AD FTP Problem
Category: Computers > Software
Asked by: geek_la-ga
List Price: $5.00
Posted: 13 Aug 2002 23:24 PDT
Expires: 12 Sep 2002 23:24 PDT
Question ID: 54383
How can I create users who only have permissions to log in via ftp and
drop off files to thier own directories and how do I specify the users
directories?

We have many contractors dropping off work and they each need their
own directory to drop off files. The should not be able to see
anything else on the server. We have Active Directory installed.

Clarification of Question by geek_la-ga on 13 Aug 2002 23:26 PDT
Also, there are many domains on this server and we want them to go to
their directories regardless of the virtual site they log in through.

Clarification of Question by geek_la-ga on 14 Aug 2002 01:18 PDT
BPFTP is not a bad idea, but ideally I'd like to use IIS5 so I don't
have to tell the users which port to use.
Answer  
Subject: Re: Windows 2000/AD FTP Problem
Answered By: joseleon-ga on 14 Aug 2002 04:33 PDT
Rated:4 out of 5 stars
 
Hello:

  I think the information you are looking for is documented on this
FAQ:

IIS FAQ:  How to Redirect Users to their Own Folder Using FTP
http://www.iisanswers.com/Top10FAQ/t10-FTPuersfolder.htm

Step 1: Create a home folder for your user.

Typically, this will be a subfolder under a parent folder that is
named exactly the same as the username.  All users will need the right
to Log on Locally. Of course, Admins should have full control of
everything all the time :)

TIP: Do not set NTFS permissions yet. If you do, be sure the System
account has access to the users' folder or you will get a 'stop sign"
error when you try to create the Virtual Directory.

Step 2:  Create a Virtual Directory and map the user's folder.

The trick here is that the Virtual Directory has to be the exact same
name as the user. In this case, we create a folder called BartS and
map it to FTPusers/BartS. Note that the directory name is case
sensitive!

Step 3:  Enable Write on the Virtual Directory

Unless this is a read-only FTP site, enable the write permission on
the FTP snap in.

Step 4:  Remove Anonymous authentication from the Virtual Directory.

Uncheck the "Allow only anonymous authentication" on the Security
Acccounts tab. Now, when BartS logs on, he will be automatically
placed in his user folder.

Step 5: Assign NTFS permissions.

For the parent folder of your users' folders, you can assign No Access
to the anonymous account. Despite what some KB articles say, the user
does not need permissions to the parent folder. The System account,
however, does need access to this folder so Everyone, No Access is not
a good idea. If the System account can't access the folder,  you can
have problems later when you go to make changes to the FTP server
setup for the user.

For the users' folders, NTFS permissions Read and Write are typical.
Execute permissions should be avoided.  Remove Everyone from the
access list and add the user's account. According to your policy, you
may or may not include Administrators.

That's it! Now when users log on with FTP, they will be routed to
their own FTP folder.

TIP: You can keep users from seeing folders for other users:
1. Point your FTP server to an empty root. Fine to use
Inetpub/ftproot, just don't put anything in there or your users will
see it.
2. Map your users' Virtual Folders to a location outside of the FTP
server virtual root. By keeping your users' folders in the same parent
folder outside of the virtual FTP root, when they go "up" in the
directory tree from their personal folder, they will be magically
transported to the empty FTProot.

I hope this is the information you are looking for, in any case, feel
free to ask for any clarification, don't forget we are here to help
you.

Regards.

Request for Answer Clarification by geek_la-ga on 14 Aug 2002 09:06 PDT
Thank you, that's an informative post. The problem is that if I set
the FTProot to be an empty directory, legit users uploading to the
actual website will not be able to see and upload files for the site
itself.

Clarification of Answer by joseleon-ga on 14 Aug 2002 10:47 PDT
Hello:

"1. Point your FTP server to an empty root. Fine to use
Inetpub/ftproot, just don't put anything in there or your users will
see it."
This is only an advice, if you want all your users to share the root
directory, just let all of them write the ftproot, there's no
obligation to be empty, the system will work also.

In any case, you can also create a common user for all of them to
allow them share information.

Solve this your problem?

Regards.
geek_la-ga rated this answer:4 out of 5 stars
Pretty close to what I need

Comments  
Subject: Re: Windows 2000/AD FTP Problem
From: nslink-ga on 13 Aug 2002 23:27 PDT
 
You will need to install Internet Serivces also. That includes the ftp
server built into Windows 2000 Server. I'm sure someone can help with
the file premissions. I'm not that familar with Windows 2000 Server
administration.
Subject: Re: Windows 2000/AD FTP Problem
From: secret901-ga on 13 Aug 2002 23:39 PDT
 
You can try using BulletProof FTP Server, a 2MB download from
http://www.bpftpserver.com .  It is extremely easy to use.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy