Create FTP with Local User Isolation (in Powershell Script)

FTP with user isolation is a magic feature that microsoft introduced since IIS 7.5. It’s similar to chroot in linux that each user is jailed in each his own directory ;P. Each user’s directory is isolated from other users’ directories, so that other users’ cannot see each other’s directory which is a good security option.If you are looking for Graphical Method to setup FTP with user isolation in IIS console, there is my another blog post for that.
In this blog post, I will show you how you can script to automate this setup. It is quite a large script & I do not use IIS cmdlets that is available only in server Windows 8, Windows 10, Server 2012, Server2012R2 because IIS 7.5 which is available in Server 2008R2 do not have cmdlets to configure IIS specifically.. So, editing the IIS xml configuration is the way to go. If you are running the script on Server 2008R2, you need to install powershell 3.0 first (To install Powershell 3.0 on Server2008R2, you will need Server2008R2 SP1 with .Net framework 4.0 installed). I commented in the script before each sections so that powershell users can easily understand the code/logic. You can also create ftp administrator with -AdminIncluded option to browse the uploaded files in all directories. Also, don’t forget to run the script from elevated powershell command. Script is also provided in this post.

Example usages are:
1) To setup FTP user isolation with FTP Administrator account. FTP Site name is “My-First-FTP” and Port is 21. User name list is created under c:userlist.csv
.\Create_FTP_Local_User_Isolation.ps1 -FtpSiteName My-First-FTP -Port 21 -AdminIncluded -UserListCsv c:userlist.csv

2) To setup FTP user isolation without FTP Administrator account with the default site name,port and SSL.
.\Create_FTP_Local_User_Isolation.ps1 -RequireSSL -UserListCsv c:userlist.csv
I put some pictures for reference. I first run the script to create 4 ftp users. Then, I included Admin on the next run. See Fig-1.

Create FTP with user isolation
Fig-1: Create FTP with user isolation

You can test the FTP with ‘jack’ account. See Fig-2 & 3.

Testing FTP with user 'jack'
Fig-2: Testing FTP with user ‘jack’
 
Test creating folders
Fig-3: Test creating folders
If extra permissions are detected on some users(see Fig-4), then it will prompt you to remove these extra permissions. You can see the result after removing extra permissions in Fig-5.
Extra permission detected: User 'gray' has read/write permission to 'ben' directory
Fig-4: Extra permission detected: User ‘gray’ has read/write permission to ‘ben’ directory
 
'gray' permission removed
Fig-5: ‘gray’ permission removed

You can download my script from github.

Leave a Reply

Your email address will not be published. Required fields are marked *