IIS Manager Authentication IIS 7 and SBS 2011

I needed to setup FTP on a customers SBS 2011 server using IIS Manager Users (yuk). I followed Microsoft’s instructions however would always get login errors on the users. I eventually cracked it using the following instructions:

  1. Install IIS7 if you haven’t already (SBS already has it installed)
  2. In explorer browse to %SystemDrive%\Windows\System32\inetsrv\config
  3. Open the properties for the schema folder
  4. In the Security tab click Advanced
  5. In the owner tab click edit. In the change owner list select administrators, check Replace owner on subcontainers and objects then click ok
  6. Close then reopen the properties window on the Schema folder and click edit on the security tab
  7. Select Administrators and then give them Full Control
  8. Click ok to apply and accept the warning. Then close the schema properties window
  9. Open a command prompt and run the following commands
    ICACLS "%SystemDrive%\Windows\System32\inetsrv\config" /Grant "Network Service":R /T
    ICACLS "%SystemDrive%\Windows\System32\inetsrv\config\administration.config" /Grant "Network Service":R
    ICACLS "%SystemDrive%\Windows\System32\inetsrv\config\redirection.config" /Grant "Network Service":R
    

    Ensure that the for each of the commands the Failed processing count is 0. If not there is an issue.

  10. Create a folder somewhere to store your FTP files. In this case I am using “E:\FTP”
  11. Now you need to give the appropriate permissions to this folder. Run the command
    ICACLS "e:\FTP" /Grant "Network Service":M /T
    

    In the command prompt. Replace e:\FTP with the folder you are storing your FTP files in

  12. Now install the FTP Server Role Service and Management Service. Open Server Manager, Expand Roles and select Web Server (IIS)
  13. Scroll down and click Add Role Services.
  14. In the Add Role Services window scroll down and check FTP Server and Management Service. Both FTP Service and FTP Extensibility need to be install for this to work.
  15. Click Next then Install to install the required services. When it is done click close and then close the server manager
  16. Open up the IIS Manager from Start > Administrative Tools > Internet Information Services (IIS) Manger. (The one WITHOUT 6.0 in it)
  17. Select your server name and in the features view double click Management Service
  18. Under Identity Credentials select “Windows credentials or IIS Manager credentials. Click Apply under actions, then Start.
  19. Now we create an FTP site. Right click sites and select Add FTP Site
  20. Enter a name for your site and in the physical path select the ftp folder you created earlier then click Next
  21. For most installs you can leave the IP Address and Port as default however under SSL select Allow SSL, then click Next
  22. On the next screen just leave the defaults
  23. Under sites select the FTP site you just created
  24. Double click the FTP Authentication icon in the featuers panel
  25. Under Actions click Custom Providers, Check IISManagerAuth and click ok
  26. Now add users. Select your server in the left panel and in the feature panel double click IIS Manager User
  27. Under actions click Add User and Enter the username and password
  28. Now select your FTP site in the left panel and double clock IIS Manager Permissions
  29. Under actions click Allow User. Select IIS Manager then click select. Select your user from the list and clock ok then ok again.
  30. Go back to your FTP site and double click FTP Authorization Rules. Click Add Allow Rule under actions. Select Specific Users and enter the account name, select what permissions they have and click ok.
  31. The user should now be able to log in over ftp

References and Further Reading