How to configure Virtual Directory accounts in IIS 7.5 with FTP7.5

So you may have, like me, just ran into the latest version of IIS7 (IIS7.5) that has removed FTP from the old IIS 6 manager MMC leaving only SMTP there and moving FTP over to the IIS Manager! This isn’t a big change, however the new functions and method of configuration has!

Virtual Directories for user authentication is my chosen method of auth when using windows IIS servers and has always been. It works by creating a Local user in Computer Management >> Configuration >> Local Users and Groups and then creating a virtual directory in FTP with the same username and allocating its Physical Path to the files associated with that user. The Authentication is then done as a user account and they gain access to their files, simple as that. This option is still available in FTP7.5 on IIS 7.5 in Windows Server 2008 R2 however its all just moved around a bit and some new options added in there that I won’t cover today.

So getting down to it, here I’ll cover how to setup a Default FTP Site, set its basic security and permissions and then configure a virtual directory.

  1. Install FTP as a role/service/addon
    I won’t go into this in detail as I’m sure if you’re here you’ve probably already done this. Head to Server Management and then Roles, select Add Roles and go through the prompts checking the FTP options.
  2. Open IIS Services Manager (Internet Information Services Manager) and add a Default FTP Site
    Right click on the sites option and select Add FTP Site… As shown in this image.
  3. Enter your Site information as shown below
  4. Assign an IP address (or leave as All if you want to) and choose Allow SSL then click next. as shown below.
  5. Configure Authentication and Authorization Information.
    I select Basic (Basic Authentication) and Authorisation to Not Selected as we will configure that later.
  6. Create a folder under %SystemDrive%\inetpub\ftproot called LocalUser. We will use this to house the virtual directories!
  7. Click on the Default FTP Site in IIS Manager and select FTP User Isolation on the right Features View window.
    In here we are going to select the option, Isolate users. Restrict users to the following directory: User name directory (disable global virtual directories) as shown below.
    remember to select Apply in the top right!
  8. Double check the FTP Authentication options to ensure Basic Authentication is Enabled and Anonymous Authentication is Disabled (unless you want to use it!) see below
  9. Create a Virtual Directory in the LocalUser folder in IIS7 Manager
    By right clicking on the LocalUser folder under Default FTP Site as shown below.
  10. Enter Virtual Directory user details.
    Here the Alias is the username of the user you have created in  Local Users and Groups earlier on. Then enter the Physical Path as the location of that users home directory. see below
  11. Select your newly created Virtual Directory in IIS Manager then select FTP Authorization Rules and select Add Allow Rule… on the right side
    Here we will allow read / write permissions to the user as shown below

Now test away! Remember things like firewalls and opening ports if required. I recommend taking a look around in the rest of the options under the Defualt FTP Site and also under the virtual directories. I usually try and use FTP IPv4 Address and Domain Restrictions where possible for added security, but I might cover that in a later post! For now I hope I’ve helped get your FTP operational with FTP7.5

NOTES: Also remember to enable FTP Logging at the top level Default FTP Site! And one last thing, remember to check your security permissions on the folders being accessed! Give the user read and write on the folder with the users data.

Questions or similar in the comments. Cheers :)

Share

Tags: , , , , , , , , , ,

9 Responses to “How to configure Virtual Directory accounts in IIS 7.5 with FTP7.5”

  1. Kevin Simmons September 15, 2010 at 2:07 pm #

    HI, I like your article – I have been following the lengthy and confusing banter on this on the LearnIIS.net site today and I have been able to install and configure and test a number of FTP setup’s on the local server via the CMD window and local browser. However I cannot figure out how to set one up for real use from other computers on my local network or on the web. Your article is a good start on how to approach this but I am still in the dark on how to access the site remotely. I am a novice when it comes to Windows Server – but I gotta learn this crap! Thx

    • Josh October 19, 2010 at 4:36 pm #

      Kevin, it sounds like you may have the windows firewall blocking your attempts at testing from local network PC’s? I didn’t really cover it in this post however try temporarily disabling the windows firewall while you test connections from a networked PC. If ftp connections are working from localhost to localhost but not from local network to localhost there must be something blocking them.
      There should also be a built in Rule that you can enable to allow FTP after you are certain that was the cause. Remember to turn the firewall back on :). Thanks
      Josh

  2. enes January 5, 2011 at 6:10 pm #

    basic and easy way. thank you a lot… you’ve solved my problem…

  3. Rich Torrone October 1, 2011 at 4:59 am #

    Just wanted to thank you. Nice, clear, straight to the point. Breath of Fresh Air. Keep on Truckin’

    rt

  4. John bales November 8, 2011 at 6:55 am #

    Very well written. I have been struggling with this for a couple of days and stumbled across this article. Finally up and running with the FTP User Isolation. Thanks alot!!!!

  5. Nick June 16, 2012 at 12:23 am #

    Thanks for this, I’d tried all the steps in different combinations but not all at once AND I didn’t know I had to create a LocalUser folder under the FTP root (even though the actual user virtual directories are on a different drive!) Thanks again

  6. sudesh June 22, 2012 at 8:55 am #

    Very helpful for newbies

  7. Epifania January 4, 2014 at 10:09 am #

    I usually do not write a lot of comments, however after browsing a few
    of the responses on How to configure Virtual Directory
    accounts in IIS 7.5 with FTP7.5. I actually
    do have 2 questions for you if it’s okay.
    Could it be simply me or does it give the impression like a few of the comments
    come across as if they are written by brain dead folks?
    😛 And, if you are writing at other online social sites, I would like to follow you.

    Could you post a list of the complete urls of all your social community sites like your Facebook page, twitter feed, or linkedin
    profile?

    • Josh January 22, 2014 at 1:51 am #

      Thanks mate. No I don’t post anywhere else. Just random tech stuff on here from time to time :)

Leave a Reply