This article will walk you through setting up FTP users in IIS 7.0. This allows you to create users that
have access to your FTP site, but otherwise cannot access your server.
Before you begin, you will want to make sure you have IIS/FTP installed and an FTP site up and running.
For more information on these steps, please see the following articles:
Installing IIS 7.0
Creating an FTP Site
Why can't I access my newly created FTP Site?
This article also assumes that you have already created a user account and give it the appropriate access to the FTP directory.
IIS Manager Authentication
- First, we will need to grant permission to the Network Service to be able to use IIS Manager Authentication. We will need to type the following from the command line:
ICACLS C:\Windows\System32\inetsrv\config /grant "Network Service":R
ICACLS C:\Windows\System32\inetsrv\config\administration.config /grant "Network Service":R
ICACLS C:\Windows\System32\inetsrv\config\redirection.config /grant "Network Service":R
ICACLS C:\[ftppath] /grant "Network Service":M /T
After each of these commands you should see Successfully processed 1 files; Failed processing 0 files
- Now we will need to actually install IIS Management Service. To do that do the following:
Open Server Manager - Roles - Right click Web Server(IIS) - Add Role Services
- Select Management Service - Next - Install - Close (Once the install has finished)
- Once the install is finished and you have closed all open dialogue boxes, open up IIS Manager from Server Manager
- In the Management Service screen, choose Windows credentials or IIS Manager credentials - Apply in the Actions pane
- Click back on to your server in the Connections pane, then double click IIS Manager Users
- Click Add User... in the actions pane. Enter a user name and password for your new user account. Remember, this is an IIS user, and should be different from any Windows users you have set up
- From the main IIS Manager screen, double click FTP Authentication - click Custom Providers in the Actions pane - check IisManagerAuth - OK
- In the connections pane, expand Sites and click on the name of you FTP site, then click IIS Manager Permissions
- Click Allow User... in the Actions pane, choose IIS Manager and click Select to select your IIS User - click OK
- Choose the site again in the Connections pane and double click FTP Authorization Rules
- Click Add Allow Rule in the Actions pane - choose Specified users and enter the name of the IIS User you created previously (make sure to give the account the appropriate permissions by choosing Read or Write). Click OK
Once you've done this, you can close out of the IIS Manager. From here you will want to browse to your site and ensure that you can log on as the IIS User you've set up.