FTP: Creating Users Manually in IIS

Windows
1

Creating the User

  1. First, you’ll want to navigate to the FTP site in IIS, then open the “FTP Authorization Rules.” Make a note of which specific user groups, if any, are allowed FTP access; in this case, we can see it’s limited to users in the “FtpUsers” group.

    If no Roles are specified, then any user can connect via FTP, and you can skip steps 1-3 in the “Setting Permissions for the New User” section of this article.

image
image1706×590 183 KB

image
image1163×565 105 KB

  1. Once you know which groups are allowed FTP access, open up the “Computer Management” tool and go to “System Tools > Local Users and Groups > Users.

    Once you’re there, you can right click on any blank space in the middle box, or select “More Actions” on the right-hand side, and select “New User.

image
image1729×1063 118 KB

  1. In the New User window, you’ll need to create a username and password. The Full Name and Description boxes are optional, but can be useful for organizing a large number of users.

    By default, the “User must change password at next logon” box will be checked; we’d generally recommend disabling this and checking the “Password Never Expires” option.

    Then, just click the “Create” button, and you’ll have your new user.

image
image569×579 33.2 KB

image
image1481×1063 119 KB

Setting Permissions for the New User

Once the new user has been created, it needs to be assigned the proper permissions to make it an FTP User, rather than just another user on the server.

  1. In the Computer Management screen, right click on the new user and select “Properties.” From there, navigate to the “Member Of” tab.

image
image1481×1063 148 KB

image
image616×780 44.4 KB

  1. Since FTP Authorization is limited to those in the FtpUser group on this server, we’ll first want to select the “Users” group in this list, remove it, then click “Apply.” Then, click the “Add” button to bring up the “Select Groups” window.

image
image616×780 45.6 KB

image
image1314×791 80.5 KB

  1. In the box at the bottom of the Select Groups window, type in the name of the user group with FTP authorization, then click on “Check Names” to verify the group exists as typed.

    From there, just click the OK button to add the user to that group, then click “Apply” again in the Properties window.

image

image

image
image616×779 46.5 KB

  1. Now that the user is part of the group with FTP Authorization, we’ll need to go back to IIS and create a new Virtual Directory. Just navigate down to the FTP site, right click on the “LocalUser” virtual directory, and select “Add Virtual Directory.”

image
image1174×780 176 KB

  1. Provide the name of the user in the “Alias” field, and set the “Physical Path” to whatever directory you want the user to be able to access through FTP.

image
image660×544 47 KB

  1. Next, you’ll need to navigate to the physical path that was specified, right click the directory they’ll need access to, and select “Properties.”

    From there, you’ll go to the “Security” tab, click the “Edit” button, then the “Add” button in the new window.

image
image1495×982 32.9 KB

image
image541×727 73.1 KB

image
image1780×727 213 KB

  1. Much like when we added the user to the FtpUsers group, we’ll type in the name of the user in the bottom box of the “Select Users or Groups window” and select “Check Names,” then click the OK button.

image

image
image692×382 68.1 KB

  1. Once the user has been added to the directory permissions, make sure it has the following permissions:

    a. Read & Execute
    b. List Folder Contents
    c. Read
    d. Write

    Then click “Apply” and “OK.

image
image553×672 74.4 KB

Congratulations! You’ve now created a functioning FTP User.

Adding an IP to the FTP Firewall Rule

As a final step, you’ll need to add the IP address for whoever is going to be connecting to the server with this new user.

  1. Use the Windows Search bar to pull up the “Windows Defender Firewall with Advanced Security” window.

image
image1576×1176 383 KB

  1. Go to “Inbound Rules,” right click on the rule “FTP Server (FTP Traffic-in),” and select “Properties.”

image
image1572×1178 156 KB

  1. In the new Properties window, navigate to the “Scope” tab, click the “Add” button under “Remote IP Addresses,” then provide the IP address in question in the new window.

    Finally, just click the “Apply” button in the Properties window, and the new user will be able to connect from that IP.

image
image646×869 80.7 KB

image
image1162×872 160 KB

image
image644×872 86.5 KB

And with that, the process of adding and allowing a new FTP user is complete. If you encounter any issues while following these steps, please feel free to reach out to us at [email protected].