This is quick guide for setting up isolated users in FTP 7 (Windows 2008) using Active Directory. Isolating users using Active Directory is very handy when you want to give FTP access to user’s documents which are redirected to server.

Back in Windows 2003 setting user’s home FTP dir was done using iisftp.vbs script. In Windows 2008 script is not available and this is one way you can do it using FTP 7:

1. Remove currently installed FTP 6 (Server Manager → Roles → Web Server (IIS) → Remove Role Services. Unselect FTP Publishing Service and IIS 6 Management Compatibility to remove).

2. Download and install FTP 7 (http://is.gd/YVg for x86 and http://is.gd/YVi for x86_64 architecture). IIS 7.0 must be installed.

3. Create new FTP site:

  • In IIS Manager, click on your server. In actions pane click on “Add FTP site…”
  • Choose name for you ftp site name. For physical path you can choose c:\inetpub\wwwroot. Chosen path actually doesn’t matter as it will be set for each user separately using AD.
  • IP address, virtual host and SSL set as desired
  • Authentication set to basic and authorization to all users

4. Define user’s home directory:

Only users which have their FTP Root and FTP dir set will have access to FTP.

I think this is my first Windows related blog post without my whining and complaining :)