FTP User Isolation In IIS

FTP root directory

With this option, all FTP sessions will start in the root directory for the FTP site.

User name directory

This option specifies that all FTP sessions will start in the physical or virtual directory with the same name as the currently logged-on user if the folder exists; otherwise, the FTP session will start in the root directory for the FTP site.

User name directory (disable global virtual directories)

This option specifies that you want to isolate FTP user sessions to the physical or virtual directory with the same name as the FTP user account. The user sees only their FTP root location and is, therefore, restricted from navigating higher up the physical or virtual directory tree. Any global virtual directories that are created will be ignored.

User name physical directory (enable global virtual directories)

This option specifies that you want to isolate FTP user sessions to the physical directory with the same name as the FTP user account. The user sees only their FTP root location and is, therefore, restricted from navigating higher up the physical directory tree. Any global virtual directories that are created will apply to all users.

FTP Home directory configured in Active Directory

This option specifies that you want to isolate FTP user sessions to the home directory that is configured in the Active Directory account settings for each FTP user.

Conclusions

  • The <userIsolation> element is used to start or restrict FTP clients in specific sections of an FTP site.
  • For each option, you need the proper folder structure in order to work.

Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store