Windows Server 2008 R2 ftp service #2

How to publish 2 WebDAV/ ftp sites- one secure and one open- in IIS 7.5.

Ideally, you’d have a server with at least 2 physical ethernet ports. It just makes mental mapping easier if you can visualize the “open” site going to one port and the “secure” site going to another although I can’t think why you couldn’t just assign multiple IP addresses to the same port. Create 3 file-system folders with appropriate name; one will be open, the others will be hidden behind SSL sites (you might think I’ve over-complicated this which is fair enough, but I will explain). Create 1 ftp site, 1 normal website (with WebDAV publishing), point them both at the “open” directory. By the time you’ve created fairly open rules (including WebDAV authoring rules) these 2 sites should work pretty easily. The data in here is supposed to be accessible by anyone, anywhere, using just one set of credentials.

The next bit is tricker. Under 1 of the 2 remaining folders, create a LocalUser folder and a <YourDomain> folder (by this I mean a folder named after your Active Directory NetBIOS domain, not your domain’s FQDN, although I have to say that I haven’t tested using an FQDN so don’t know if it would work). Point your secure ftp site to the top-level folder (the one that contains LocalUser and <YourDomain>. Any users local to the server automatically look for a folder with their name under LocalUser (this is with the most strict user isolation mode turned on). Any domain users look under <YourDomain>. If the folders aren’t there, login will fail because they have no home directory. Next, point a new WebDAV folde (running on 443) to the last of the “physical” folders. Obviously there’s nothing there. That’s ok; publish each user folder as a virtual folder under the WebDAV site. This should enable people to see the data as a network drive, but- from what I’ve seen- hides the user folders when your try to look at the site through a regular web browser.

I haven’t gone in to security a lot here (will do at some point) but (a) be really strict about NTFS permissions (b)test it; I found at one point that the configuration I had running allowed any authorized user to go in to the “secured” section and just do what they liked to anyone’s data, regardless of NTFS permissions.

Advertisements

One thought on “Windows Server 2008 R2 ftp service #2

  1. Pingback: Windows Server 2008 R2 ftp service #2 | Rhidian's IT space | DriveTap |

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s