![]() User following the username will directly rout user to the root folder of his username. ![]() It's different from the user name isolation. Isolate , it show that msIIS-FTPDir and msIIS-FTPRoot define the home directory for your AD user. In our situation, users can't see other folders because of the internal policy and that is the problem. This works perfectly while accessing this folders via SMB, users can only see and access folders which they have access to, but with FTP is a different story, users can see all listed folders - in this situation all 5, while having access rights to only Would work perfectly if only one department can be accessed, so msIIS-FTPDir with direct department folder will solve everything, but it is not a solution in this case. This rights changes overtime, users are being added or removed from the groups, so paths directly to folder can not be used. So if user is in two groups, he can access two folder and etc. Only Security Groups decide which folder can be access by user. All users have same msIIS-FTPDir and msIIS-FTPRoot values. Lets imagine that we have 5 different departments (folders) in the root folder. The problem with msIIS-FTPDir and msIIS-FTPRoot, that this values can't be changed after they were set up, I will try to explain why: Thank you for the answer, but I am not sure I understood you. Its not an option to change user isolation option as it allows us automatic mapping to the same folders on different file Servers, plus domain credentials work while accessing FTP. Maybe someone had same issue and solved somehow, I need to hide this folders, because of internal reasons. On my 2012 R2 Server this feature - Access based enumeration is enabled for that share. Many topics in internet saying that "Access based enumeration" is helping to solve this issue, but this "patch" was only on Windows Server 2003 Let say, I have three folder inside root folder and user has permissions just to one of them (read/write), via SMB share this user can see just one folder - correct one, via FTP all three folders, of course he can access just correct one. Root Folder permissions: System, Domain Admins, AllUserGroup (this folder only) Folder down below: System, Domain Admins, CustomUserGroup ![]() Same user can not see non-accessible folders via SMB share, so NTFS permissions are working good. The problem appears when users login via FTP and see all folders Trough Active Directory we automatically set FTP root and msIIS-FTPDir directory based on user groups. Spend days trying to solve an issue with IIS FTP on WIndows Server 2012 R2 with File and Storage role installed.īasically I set User isolation - FTP home directory configured in Active Directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |