I am trying to automate the creation of user ftp directories on IIS7 (w2008R2).
The desired stucture is like:
-ftp root (Allow “ftp users” Read)
-usera (virtual folder,Allow “usera” Read,Write)
-userb (virtual folder,Allow “userb” Read,Write)
-userc (virtual folder,Allow “userc” Read,Write)
I am almost there, except the setting of authorization is not working. Just the user needs to have read,write rights in its own ftp directory, not every “ftp user” read.
In the GUI, I have to remove the inhereted right from “ftp root” (Allow “ftp users” Read), and add Allow Rule for the user with Read,Write. How can I script this ?
I thought something like this: add-webconfiguration “/system.ftpServer/security/authorization” -value (@{accessType=“Allow”;users=“usera”;permissions=“Read,Write”}) -PSPath “IIS:\sites\ftp root” -location usera
But it complains about some filename…???
Add-WebConfiguration : Filename:
Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent leve
l. Locking is either by default (overrideModeDefault=“Deny”), or set explicitly by a location tag with overrideMode=“De
ny” or the legacy allowOverride=“false”.
I read somewhere that I cannot use set-webconfiguration.
How can I set the correct right on the virtual ftp directory ?
Thanks Vern for your input, but I solved it in a strange way:
Experimenting with appcmd, I found the 2 commands to accomplish it:
C:\windows\system32\inetsrv\appcmd.exe set config “ftp root/usera” -section:system.ftpServer/security/authorization /+“[accessType=‘Allow’,users=‘usera’,roles=‘*’,permissions=‘Read,Write’]” /commit:apphost
C:\windows\system32\inetsrv\appcmd.exe set config “ftp root/usera” -section:system.ftpServer/security/authorization /-“[accessType=‘Allow’,users=‘’,roles=‘ftp users’,permissions=‘Read’]” /commit:apphost
Found on the internet how to add some config to IIS with powershell:
Add-WebConfiguration “/system.ftpServer/security/authorization” -value @{accessType=‘Allow’;users=‘usera’;roles=‘’;permissions=‘Read, Write’} -PSPath "iis:" -location “ftp root/usera”
In the get-help add-webconfiguration, there is a reference to remove-webconfiguration, but this command does not exist, so I changed it to “set-webconfiguration”, which deletes the inherited rights, and sets the user-rights. GREAT !
Solution: Set-WebConfiguration “/system.ftpServer/security/authorization” -value @{accessType=‘Allow’;users=‘usera’;roles=‘’;permissions=‘Read, Write’} -PSPath "iis:" -location “ftp root/usera”