set "FTP Authorization Rules" on virtualdirectory

I am trying to automate the creation of user ftp directories on IIS7 (w2008R2).
The desired stucture is like:
-ftp root (Allow “ftp users” Read)
-usera (virtual folder,Allow “usera” Read,Write)
-userb (virtual folder,Allow “userb” Read,Write)
-userc (virtual folder,Allow “userc” Read,Write)
I am almost there, except the setting of authorization is not working. Just the user needs to have read,write rights in its own ftp directory, not every “ftp user” read.
In the GUI, I have to remove the inhereted right from “ftp root” (Allow “ftp users” Read), and add Allow Rule for the user with Read,Write. How can I script this ?
I thought something like this:
add-webconfiguration “/system.ftpServer/security/authorization” -value (@{accessType=“Allow”;users=“usera”;permissions=“Read,Write”}) -PSPath “IIS:\sites\ftp root” -location usera
But it complains about some filename…???
Add-WebConfiguration : Filename:
Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent leve
l. Locking is either by default (overrideModeDefault=“Deny”), or set explicitly by a location tag with overrideMode=“De
ny” or the legacy allowOverride=“false”.

I read somewhere that I cannot use set-webconfiguration.
How can I set the correct right on the virtual ftp directory ?

Have you tried to stop the FTP site before running your commands?

Maybe IIS has the config locked for writing.

Thanks Vern for your input, but I solved it in a strange way:
Experimenting with appcmd, I found the 2 commands to accomplish it:
C:\windows\system32\inetsrv\appcmd.exe set config “ftp root/usera” -section:system.ftpServer/security/authorization /+“[accessType=‘Allow’,users=‘usera’,roles=‘*’,permissions=‘Read,Write’]” /commit:apphost
C:\windows\system32\inetsrv\appcmd.exe set config “ftp root/usera” -section:system.ftpServer/security/authorization /-“[accessType=‘Allow’,users=‘’,roles=‘ftp users’,permissions=‘Read’]” /commit:apphost
Found on the internet how to add some config to IIS with powershell:
Add-WebConfiguration “/system.ftpServer/security/authorization” -value @{accessType=‘Allow’;users=‘usera’;roles=‘’;permissions=‘Read, Write’} -PSPath "iis:" -location “ftp root/usera”
In the get-help add-webconfiguration, there is a reference to remove-webconfiguration, but this command does not exist, so I changed it to “set-webconfiguration”, which deletes the inherited rights, and sets the user-rights. GREAT !
Set-WebConfiguration “/system.ftpServer/security/authorization” -value @{accessType=‘Allow’;users=‘usera’;roles=‘’;permissions=‘Read, Write’} -PSPath "iis:" -location “ftp root/usera”

Thanks for solving this.

There should be a Remove-WebConfiguration cmdlet available.

The Get-WebConfiguration doesn’t allow filtering using pipeline. If I filter a user in pipeline, I still get all the users in the result.

Hi tw h,

in this post your tryıng about to give permission to subfolders of FTP site?

i want to add permissin to folders but each folder must have permission of them user’s right.

for ex:
FTP Site

folders users
folder1 > user1
folder2 > user2
folder3 > user3

user1 has right only on folder1,user2 on folder2 and user3 on folder3.

but when i try with powershell for do it, the permission given to FTP Site root and in this case all users have right on all folders.