FTP Server with Isolate User in Windows
Hello Friend,
Today I will show you how to create FTP Server with Isolate user in windows for better security and restricting particular users for there directory only that is allowed to hem only. In windows FTP server there are three option When creating FTP site that is:
1) Do not Isolate user mode
2)With Isolate user mode
3) Isolate user with Active Directory.
In my previous post i had shown you how to created simple ftp site that do not Isolate the user.Now I will show you how to create FTP Site with Isolate user in my next post i will show you how to use the last option Isolate user with Active Directory.
Basically we create FTP site with Isolate for restricting user to there own directory only. he not able to navigate to higher level directory . You can use this scenario if you have many customer who's web site are hosted on your web server and customer want to update there site periodically. When you have option to use Isolate user for assigning directory to only users you want to allow. when user trying to access your ftp server, FTP server will ask him for his user name and password after that it check that if user name and password are valid or not , If it is valid and the given user directory is contain on the root (Home )Directory then it show the content of the directory. If directory not exist then user will be deny the access to the server. So you can also use this mode if you want to restrict the users.
So what are the requirement for create FTP site with Isolate user?
1) IIS with FTP service option selected
2) Create root (Home) Directory for FTP site.
3) Create Sub-directory for your local host or for your domain (In my example i create sub-directory as my domain name that is example [If my domain name is example.com] you can create sub-directory as per your domain name if you want to authinticate the users by Active Directory else you can be create direcory as localhost if your server is not in domain or you want local server authentication for the access)
4) Now Create users Directory in to sub-directory of your domain or localhost directory. (In My example I had created two directory for user sandeep as sandeep and for user Raj as raj )
Here is the Directory Structure for my example.com for users sandeep and raj
Directory for Root = D:\ftproot
Directory for Domain =D:\ftproot\example
Directory for users=D:\ftproot\example\sandeep
D:\ftproot\example\raj
I had already shown how to install IIS in my previous post so i am skipping that for now I will directly start with createing FTP site with Isolate option from Internet Information Service sanp-in.
To Open Internet Information Snap-in go to
Start ----then control panel ----Administrative Tools --and then select Internet Information Service snap-in
it will be open MMC snap-in of IIS now click on +sing then Select FTP and Right Click the mouse and select New FTP Site . It will be run Wizard for creating FTP site .now follow the instruction and gave the answer to the wizard to create ftp site. Gave the name and description to your FTP site as you like live the default option for IP address and port no. only Select the option Isolate users in FTP user Isolation Window
Then click next. it will be ask you for root directory (Home directory ) browse to the directory we had created early as root directory in my example i was created directory D:\ftproot then click next . (here you can also can define the permission like Read for only download and write for allow to upload ) at last it show your the summary information you had selected cross check it and then click finish. your FTP site with Isolate user is now appear under FTP in IIS MMC snap-in windows. now try to access your ftp server by browser like
ftp://172.16.11.210
It will be ask you for authentication and gave the username and password for authentication for user you want for example i will type example\sandeep as user name and password of sandeep user it will grant the access to sandeep because we had created directory for sandeep now try to access your ftp server with diffrent user that directory are not created on sub-directory of domain . it will not allow you to logon to server because we had not granted the your to allow . if you want to allow hem you need to create directory for that user then it will be allow that user to access his directory.