IIS 5, FTP, Different access permissions for different users

From: Dave Elliott (David.elliott@lifeway.com)
Date: 03/24/03 

From: "Dave Elliott" <David.elliott@lifeway.com>
Date: Mon, 24 Mar 2003 14:20:22 -0800

I am trying to allow anonymous users to our FTP site to
Read-only from Outgoing folder and Write-only to Incoming
folder.

I want internal users (IP addresses 172.16.0.0) to be able
to logon using a userid and account to Read from Incoming
folder and write to outgoing folder.

I set NTFS permissions on the folders to give desired
access and that works.

My problem is in enforcing the IP restriction.

ATTEMPT #1
I created a Virtual directory pointing to same path as
anonymous site E:\inetpub\ftproot and named it intFTP (so
users could login as "intFTP") and set the Directory
Security tab to deny all except IPs in 172.16.0.0 subnet.
>>That didn't work. Internet users who log in as intftp
still have access to the folders I only want internal
users to have.

ATTEMPT #2
I created an additional Virtual site. Default FTP site
supports anonymous access and other authenticated users
who access other folders not in the inetpub\ftproot path
and new Virtual site with different IP address for my
internal (announced on internal DNS only). I deleted the
intFTP virtual directory from defaulat FTP site and
created intFtp virtual directory in the new FTP site (with
same IP restrictions).
>>> I was surprized to find that I could login to Default
FTP site using intFTP userid eventhough the intFTP virtual
directory had been deleted from Defualt FTP Site and now
only existed under new FTP site (different IP address).

How can I ensure that users can only login to the new FTP
site with the intFTP user account since both FTP sites are
on same machine? NOTE: The FTP server is configured to
use domain authentication (msftpsvc/DefaultLogonDomain =
domainname) rather than local accounts.

Relevant Pages

  • Re: IIS 5, FTP, Different access permissions for different users
    ... with IP restricted 'intftp' login access, ... one thing i guess you don't need is the 'intftp' virtual directory. ... > My objective is to have internal users login> in as intFTP to write to outgoing folder and read ... > original default FTP site and created underthe new intFTP FTP site. ...
    (microsoft.public.inetserver.iis.security)
  • Re: FTP P
    ... I'm not really sure if I'm in user isolation mode, ... I run the IIS FTP Sites Wizzard to add a new FTP Site. ... that I defined previosly and have the full rights for this folder. ... If I delete the complete user, still delete for the other Virtual Directory. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Digital transfers question. On topic. Geez. Whod have thunk it?
    ... I set up my own FTP site with a free download, ... computer and is immediately in a folder on his computer. ... I went over to the doctors office and interfered with that. ...
    (sci.med.transcription)
  • require password
    ... created virtual ftp site with its own folder directly below the 'inetpub' ... turned off anonymous access, created a user for the ftp site with ... same way with a different port than 21, ...
    (microsoft.public.inetserver.iis.ftp)
  • IIS 5, FTP, Different access permissions for different users
    ... outgoing folder and read from incoming folder, ... I first tried one FTP site Home directory ... with the virtual directory "intFTP" with Directory ...
    (microsoft.public.inetserver.iis.security)