Separate folders for FTP accounts (Windows Server)
Operation check environment
- Windows Server
- Windows Server 2022
- IIS (Internet Information Services)
After you build an FTP server on Windows Server, you can create multiple accounts and still have access to one folder. This section describes how to create a folder for each account and separate the folders that you can access.
Set up an FTP site on Windows Server
The procedure is described in the following article, so please refer to it.
This time, since we will create multiple accounts, we have not created an account yet.
The folder has created "C:\FtpFolder\" but has not set permissions.
Authentication permissions at the time of FTP site setting are managed by "Basic authentication + Windows account", so select "All users". Permissions check both Read and Write. If you set it up by mistake, you can change it later.
Build a site named FtpTest.
Restart the Microsoft FTP Service.
Creating Multiple Accounts
The FTP account uses the Windows account. Create as many as you need. Here we create accounts called "FtpUser1", "FtpUser2" and "FtpUser3".
You won't be logged in as a Windows account, so delete all groups.
Creating a folder for each account
Create a folder named "LocalUser" in the FTP root folder that you created. This name is fixed.
Inside this folder, create a folder for each account.
Open the folder properties for each account you created and click the Edit button from the Security tab.
Add an account that you have access to and check the "Modify" permission to register.
Please also set the permissions of the folder you created.
FTP user isolation
Just by creating an account, you will access the folder in the root of the FTP. Set this to be separate by folder.
Open IIS Manager and select the FTP site that you created. Double-click FTP User Isolation from the list to open it.
From the FTP User Isolation page, check "User name directory (disable global virtual directory)" and click the Apply link in the upper right corner.
FTP clients are fine, but we'll try to check them using WinSCP for now. The following figure shows when accessed with FtoUser2.
I tried sending a text file. The FTP destination path is root.
If you look at the FTP destination environment, you can see that the files are in the folder for each account.
In this way we were able to separate the folders that we could access for each account.