by Syska
16. October 2009 02:09
So the other day I was playing around with the built-in Ftp server in Windows Server 2008 R2, but as this is only a webhost machine, and therefore not member of a AD. I used local accounts for the ftp service. But instead of having the users as local users, its possible to create them as “IIS Manager Users” … what a great way, more secure as I now dont have to disable the users so they can’t login via RDP if they should ever find the IP - tsk tsk, and they would, cause its the same as the ip to the webhost :-)
Well … it was not all that easy … the darn “IIS Mangeger Users” could not login … tried everything … all with the “550 User cannot login”. Then i found this article www.iis.net. Under Prerequisites:
CACLS "%SystemDrive%\Windows\System32\inetsrv\config" /G "Network Service":R /E
CACLS "%SystemDrive%\Windows\System32\inetsrv\config\administration.config" /G "Network Service":R /E
CACLS "%SystemDrive%\Windows\System32\inetsrv\config\redirection.config" /G "Network Service":R /E
After running the above 3 commands it all worked.
Other hints
Remember when configuring User Isolation:
| User Account Types |
Physical Home Directory Syntax |
| Anonymous users |
%FtpRoot%\LocalUser\Public |
|
Local Windows user accounts
(requires basic authentication)
|
%FtpRoot%\LocalUser\%UserName% |
|
Windows domain accounts
(requires basic authentication)
|
%FtpRoot%\%UserDomain%\%UserName% |
|
IIS Manager or ASP.NET custom
authentication user accounts
|
%FtpRoot%\LocalUser\%UserName% |
Thats all for now …
Subscribe