locked
help with ftp authorization rules RRS feed

  • Question

  • User1395589455 posted

    Hi everyone - I've been working on this script that's supposed to be for a simple project but is getting more and more complex.  Bear with me..

    I've been tasked with setting up an FTP server on Windows Server 2008R2 within IIS (v7.5), pretty straight-forward.

    I also had to configure user-isolation because of a security requirement, no problem there.

    The ugly part is, I need to have a few hundred LOCAL accounts created so they can login to the FTP server, which is again, utilizing User Isolation - which means that identically-named folders have to be created under a LocalUser folder where my FTP site resides.  Then those folders have to have NTFS permissions applied to each folder so only the corresponding user account has modify rights.  Lastly, those folders have to mapped as virtual directories inside my ftp site and FTP Authorization rules created for the local accounts we created. 

    I've gotten it all done except for the authorization part.  I'm stuck on the last tiny block.

    Note: the local paths are correct, and the site name is an fqdn.  Also note Import-Module WebAdministration is called earlier in the script.

    $VDirs = Get-ChildItem "F:\FTP\LocalUser"
    foreach ($VDir in $VDirs) 
    { Add-WebConfiguration -Filter "/system.ftpServer/security/authorization" -Force -Location IIS:\sites\MYFTPSITE.DOMAIN.COM\LocalUser\$VDir -PSPath IIS:\Sites\MYFTPSITE.DOMAIN.COM\LocalUser\$VDir -Value (@{accessType="Allow";roles="";permissions="Read, Write";users="$VDir"}) }

    When I run this script, I get no errors, the authorization block 'appears' to work, but when I go check IIS, it did not create ANY authorization rules for the corresponding folders.

    I've tried several iterations of permissions="Read, Write" "Read+Write", "Read,Write"  permissions=3 ,etc.  Nothing works.  I'm also not terribly clear on what the -location attribute does or if it's right?  Someone help me push this thing over the finish line!

    Thank you in advance!

    Wednesday, November 23, 2016 7:49 PM

Answers

  • User-460007017 posted

    Hi Tom,

    You could modify your script following mine:

    $VDirs = Get-ChildItem "D:\MyFTP\"   
    foreach ($VDir in $VDirs) 
    {
    Add-WebConfiguration -Filter "/system.ftpServer/security/authorization" -Force -Location MYFTP/$VDir -PSPath IIS:\ -Value (@{accessType="Allow";roles="";permissions="Read,
     Write";users="$VDir"})
    
    }

    Or you could direct use the script:

    $VDirs = Get-ChildItem "F:\FTP\LocalUser"   
    foreach ($VDir in $VDirs) 
    {
    Add-WebConfiguration -Filter "/system.ftpServer/security/authorization" -Force -Location MYFTPSITE.DOMAIN.COM/LocalUser/$VDir -PSPath IIS:\ -Value (@{accessType="Allow";roles="";permissions="Read,
     Write";users="$VDir"})
    
    }

    It could add the authorization rule successfully. Besides, remember to run powershell as administrator and the get-childitem should use the root physical path of your website.  The location flag should use "/" otherwise the flag will not be found. 

    Best Regards,

    Yuk Ding

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, November 24, 2016 9:36 AM

All replies

  • User-460007017 posted

    Hi Tom,

    You could modify your script following mine:

    $VDirs = Get-ChildItem "D:\MyFTP\"   
    foreach ($VDir in $VDirs) 
    {
    Add-WebConfiguration -Filter "/system.ftpServer/security/authorization" -Force -Location MYFTP/$VDir -PSPath IIS:\ -Value (@{accessType="Allow";roles="";permissions="Read,
     Write";users="$VDir"})
    
    }

    Or you could direct use the script:

    $VDirs = Get-ChildItem "F:\FTP\LocalUser"   
    foreach ($VDir in $VDirs) 
    {
    Add-WebConfiguration -Filter "/system.ftpServer/security/authorization" -Force -Location MYFTPSITE.DOMAIN.COM/LocalUser/$VDir -PSPath IIS:\ -Value (@{accessType="Allow";roles="";permissions="Read,
     Write";users="$VDir"})
    
    }

    It could add the authorization rule successfully. Besides, remember to run powershell as administrator and the get-childitem should use the root physical path of your website.  The location flag should use "/" otherwise the flag will not be found. 

    Best Regards,

    Yuk Ding

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, November 24, 2016 9:36 AM
  • User1395589455 posted

    Thank you so much!  That works perfectly!

    Monday, November 28, 2016 4:54 PM