Configuring FTP in Isolation Mode in IIS 6

IIS FTP isolation mode enables you to have a separate directory per FTP user. For example if you had a dozen different users that all need access to your FTP server but you did not want them to see any directories but their own you could setup Isolation Mode. Isolation Mode supports users either on the local computer, or if you are a member of a domain it supports domain users.

We will begin by assuming you have FTP (and IIS) installed. Launch IIS Manager (IIS Manager 6.0 in Windows 2008). NOTE: in Windows 2008 make sure you install the IIS Management Console role so you can manage your FTP sites.

  • Delete or disable the default ftp site
  • Create a new FTP site with desired values – at the FTP User Isolation screen select Isolate Users or Isolate Users using Active Directory (which ever works better for your situation)
  • Specify path for your new FTP site
  • Set FTP Site Access Permissions to both Read and Write
Within the root FTP directory you must create either a directory named localuser or <your_domain_name>, depending on which isolation mode you are using.  In my case I am NOT using Active Directory so I created the directory localuser.
Within the localuser or <your_domain_name> directory create the desired user directories and assign each user sufficient permissions to their respective directory.

Example – creating directories:

md ftproot
md ftprootlocaluser
md ftprootlocaluserlocaluser1
md ftprootlocaluserlocaluser2
md ftprootlocaluserlocaluser3

Example – setting Create NTFS permissions on each respective directory:

cacls ftprootlocaluserlocaluser1 /E /G localuser1:C
cacls ftprootlocaluserlocaluser2 /E /G localuser2:C
cacls ftprootlocaluserlocaluser3 /E /G localuser3:C

Leave a Reply

Your email address will not be published. Required fields are marked *