So you may have, like me, just ran into the latest version of IIS7 (IIS7.5) that has removed FTP from the old IIS 6 manager MMC leaving only SMTP there and moving FTP over to the IIS Manager! This isn’t a big change, however the new functions and method of configuration has!
Virtual Directories for user authentication is my chosen method of auth when using windows IIS servers and has always been. It works by creating a Local user in Computer Management >> Configuration >> Local Users and Groups and then creating a virtual directory in FTP with the same username and allocating its Physical Path to the files associated with that user. The Authentication is then done as a user account and they gain access to their files, simple as that. This option is still available in FTP7.5 on IIS 7.5 in Windows Server 2008 R2 however its all just moved around a bit and some new options added in there that I won’t cover today.
So getting down to it, here I’ll cover how to setup a Default FTP Site, set its basic security and permissions and then configure a virtual directory.
- Install FTP as a role/service/addon
I won’t go into this in detail as I’m sure if you’re here you’ve probably already done this. Head to Server Management and then Roles, select Add Roles and go through the prompts checking the FTP options.
- Open IIS Services Manager (Internet Information Services Manager) and add a Default FTP Site
Right click on the sites option and select Add FTP Site… As shown in this image.
- Enter your Site information as shown below
- Assign an IP address (or leave as All if you want to) and choose Allow SSL then click next. as shown below.
- Configure Authentication and Authorization Information.
I select Basic (Basic Authentication) and Authorisation to Not Selected as we will configure that later.
- Create a folder under %SystemDrive%\inetpub\ftproot called LocalUser. We will use this to house the virtual directories!
- Click on the Default FTP Site in IIS Manager and select FTP User Isolation on the right Features View window.
In here we are going to select the option, Isolate users. Restrict users to the following directory: User name directory (disable global virtual directories) as shown below.
remember to select Apply in the top right!
- Double check the FTP Authentication options to ensure Basic Authentication is Enabled and Anonymous Authentication is Disabled (unless you want to use it!) see below
- Create a Virtual Directory in the LocalUser folder in IIS7 Manager
By right clicking on the LocalUser folder under Default FTP Site as shown below.
- Enter Virtual Directory user details.
Here the Alias is the username of the user you have created in Local Users and Groups earlier on. Then enter the Physical Path as the location of that users home directory. see below
- Select your newly created Virtual Directory in IIS Manager then select FTP Authorization Rules and select Add Allow Rule… on the right side
Here we will allow read / write permissions to the user as shown below
Now test away! Remember things like firewalls and opening ports if required. I recommend taking a look around in the rest of the options under the Defualt FTP Site and also under the virtual directories. I usually try and use FTP IPv4 Address and Domain Restrictions where possible for added security, but I might cover that in a later post! For now I hope I’ve helped get your FTP operational with FTP7.5
NOTES: Also remember to enable FTP Logging at the top level Default FTP Site! And one last thing, remember to check your security permissions on the folders being accessed! Give the user read and write on the folder with the users data.
Questions or similar in the comments. Cheers