FTP Server : FTP User Isolation2022/02/02 |
Configure FTP User Isolation Setting.
For this setting, each user can access only to their own named folder. If thete is no file share requirements among users, this setting is useful. |
|
[1] | Run PowerShell with Admin Privilege and Configure FTP Service. |
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # add FTP site # -Name [any name you like] # -IPAddress [listening IP address] (below is 0.0.0.0 (all)) # -Port [listening port] PS C:\Users\Administrator> New-WebFtpSite -Name "FTPRoot" -IPAddress "*" -Port 21 Name ID State Physical Path Bindings ---- -- ----- ------------- -------- FTPRoot 2 Started ftp *:21: # set physical folder that is used for FTP site # example below, create a [FTPSite01] folder under the [C:\inetpub\ftproot] that is created by default and set it PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPRoot" -Name physicalPath -Value 'C:\inetpub\ftproot' # set SSL/TLS setting (example below is allowing No SSL) PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPRoot" -Name ftpServer.security.ssl.controlChannelPolicy -Value "SslAllow" PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPRoot" -Name ftpServer.security.ssl.dataChannelPolicy -Value "SslAllow" # set basic authentication PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPRoot" -Name ftpServer.security.authentication.basicAuthentication.enabled -Value $true # set read and write authority to all local users PS C:\Users\Administrator> Add-WebConfiguration "/system.ftpServer/security/authorization" -Location FTPRoot -PSPath IIS:\ -Value @{accessType="Allow";users="*";permissions="Read,Write"} # set user isolation PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPRoot" -Name ftpServer.userIsolation.mode -Value "IsolateRootDirectoryOnly" # set external IP address (the one client computers can connect) PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPRoot" -Name ftpServer.firewallSupport.externalIp4Address -Value "10.0.0.101" # create the [LocalUser] folder under the Path you set as physical path of FTP site (it is needed on this setting) # if Domain users, create [(FTP root)\(%UserDomain%)] PS C:\Users\Administrator> mkdir C:\inetpub\ftproot\LocalUser Directory: C:\inetpub\ftproot Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 1/31/2022 11:43 PM LocalUser # restart FTP site PS C:\Users\Administrator> Restart-WebItem -PSPath 'IIS:\Sites\FTPRoot' # create folders for each local user that each folder name is the same with thier username # naming rule ⇒ [(FTP root)\LocalUser\(Username)] (example below is for [Serverworld] user) PS C:\Users\Administrator> mkdir C:\inetpub\ftproot\LocalUser\Serverworld PS C:\Users\Administrator> icacls "C:\inetpub\ftproot\LocalUser\Serverworld" /grant "Serverworld:(OI)(CI)(F)" processed file: C:\inetpub\ftproot\LocalUser\Serverworld Successfully processed 1 files; Failed processing 0 files |
FTP Server : FTP User Isolation (GUI)
|
On GUI configuration, set like follows.
|
[2] | Add FTP Site. Run [Start] - [Server Manager] and Click [Tools] - [Internet Information Services (IIS) Manager]. Next, Select the [Site] and right click it, then Open [Add FTP Site]. |
[3] | Input any name for [FTP site name], specify physical Path for [Physical path]. On this example, set the default root [C:\inetpub\ftproot] to [Physical path]. |
[4] | This is Binding setting section. It's OK to keep default for IP Address and Port. For the case of this default setting, FTP service listens on 0.0.0.0:21. For [SSL] section, Select settings for your needs. |
[5] | This is Authentication and Authorization settings section. Set [Basic] for authentication and [All users] for Authorization. |
[6] | FTP site has been added. Select the new FTP site on the left pane and click [FTP Firewall Support] on center pane. |
[7] | Set IP address that client computers can connect to. |
[8] | Back to FTP site index and Click [FTP User Isolation] on the center pane. |
[9] | Check a box [User name physical directory] and apply setting. |
[10] |
On FTP User Isolation setting, FTP root folder is needed for each user.
Create a [LocalUser] folder under the FTP root of the FTP site. (on this example, FTP root is [C:\inetpub\ftproot])
Next, create user folders that folder name is the same with each username and add read and write authority to their folders.
That's OK, FTP User Isolation setting has done. Try to access to FTP site from Client Computer.
(example below is for [Serverworld] user) |
Sponsored Link |
|