|
Home > Archive > IIS FTP Server > December 2004 > Isolating AD users - driving me mad!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Isolating AD users - driving me mad!
|
|
| James Vickers 2004-12-06, 5:51 pm |
| Can someone please help me, or at least tell me I have got it all completely
wrong!
I am trying to setup my w2k3 server to use the user isolation option with
AD. I have assumed (probably incorrectly) that when a user logs in, they need
to be a domain user, and therefore have a valid authenticated domain account.
I have read about this on various forums / sites, and keep reading about the
use of the "msIIS-FTPRoot" and "msIIS-FTPDir" properties for AD. I have also
read about individuals referring to tool for setting this. However, I have
not yet found an EASY way for doing this (not least one that works!).
At present, I could cope with running a dos prompt command to get it
working, but ultimately, it would nice to incorporate it into our automated
user creation scripts (I work at a college with hundreds of users, where we
read their names in from CSV files and create accounts autonomously for them).
So my questions are these:
1) Am I completely wrong in beliefs? If not....
2) What is the command prompt syntax for setting the two properties?
3) Is there anyway to automate this using ADSI and VB(Script)?
Many thanks to anyone that can help, I am sure that I am not the only
confused by all of this.
Regards,
Jamie.
| |
| Jeff Cochran 2004-12-06, 8:47 pm |
| On Mon, 6 Dec 2004 13:57:03 -0800, "James Vickers" <James
Vickers@discussions.microsoft.com> wrote:
>Can someone please help me, or at least tell me I have got it all completely
>wrong!
>
>I am trying to setup my w2k3 server to use the user isolation option with
>AD. I have assumed (probably incorrectly) that when a user logs in, they need
>to be a domain user, and therefore have a valid authenticated domain account.
>
>I have read about this on various forums / sites, and keep reading about the
>use of the "msIIS-FTPRoot" and "msIIS-FTPDir" properties for AD. I have also
>read about individuals referring to tool for setting this. However, I have
>not yet found an EASY way for doing this (not least one that works!).
>
>At present, I could cope with running a dos prompt command to get it
>working, but ultimately, it would nice to incorporate it into our automated
>user creation scripts (I work at a college with hundreds of users, where we
>read their names in from CSV files and create accounts autonomously for them).
>
>So my questions are these:
>
>1) Am I completely wrong in beliefs? If not....
>2) What is the command prompt syntax for setting the two properties?
>3) Is there anyway to automate this using ADSI and VB(Script)?
>
>Many thanks to anyone that can help, I am sure that I am not the only
>confused by all of this.
Try here:
Setting Active Directory User Isolation (using iisftp.vbs):
http://www.microsoft.com/resources/...l_as_isoftp.asp
Jeff
| |
| Bernard 2004-12-07, 2:49 am |
| Read again
http://www.microsoft.com/resources/...FG_21.mspx#EBAA
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"James Vickers" <James Vickers@discussions.microsoft.com> wrote in message
news:3BF25C87-4E14-4FB9-A194-B3E9BED7C5B3@microsoft.com...
> Can someone please help me, or at least tell me I have got it all
completely
> wrong!
>
> I am trying to setup my w2k3 server to use the user isolation option with
> AD. I have assumed (probably incorrectly) that when a user logs in, they
need
> to be a domain user, and therefore have a valid authenticated domain
account.
>
> I have read about this on various forums / sites, and keep reading about
the
> use of the "msIIS-FTPRoot" and "msIIS-FTPDir" properties for AD. I have
also
> read about individuals referring to tool for setting this. However, I have
> not yet found an EASY way for doing this (not least one that works!).
>
> At present, I could cope with running a dos prompt command to get it
> working, but ultimately, it would nice to incorporate it into our
automated
> user creation scripts (I work at a college with hundreds of users, where
we
> read their names in from CSV files and create accounts autonomously for
them).
>
> So my questions are these:
>
> 1) Am I completely wrong in beliefs? If not....
> 2) What is the command prompt syntax for setting the two properties?
> 3) Is there anyway to automate this using ADSI and VB(Script)?
>
> Many thanks to anyone that can help, I am sure that I am not the only
> confused by all of this.
>
> Regards,
>
> Jamie.
| |
| James Vickers 2004-12-07, 5:52 pm |
| Jeff,
Thanks for the link, I had read that one....
However, for anyone elses reference - an easy to follow one! try this:
http://blogs.bartdesmet.net/bart/ar.../08/13/371.aspx
This actually makes sense...
However, I am still in search of a GUI to do it.. I wonder why it isn't yet
configured in the AD User & Computers snap-in tool for user administration.
"Jeff Cochran" wrote:
> On Mon, 6 Dec 2004 13:57:03 -0800, "James Vickers" <James
> Vickers@discussions.microsoft.com> wrote:
>
>
> Try here:
>
> Setting Active Directory User Isolation (using iisftp.vbs):
> http://www.microsoft.com/resources/...l_as_isoftp.asp
>
> Jeff
>
| |
| Bernard 2004-12-08, 2:47 am |
| That's because the GUI has not modified to cater the new AD schema extended
fields.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"James Vickers" <James Vickers@discussions.microsoft.com> wrote in message
news:40218BDE-FF8D-4C76-8389-B02E275FD2BC@microsoft.com...
> Jeff,
>
> Thanks for the link, I had read that one....
>
> However, for anyone elses reference - an easy to follow one! try this:
>
> http://blogs.bartdesmet.net/bart/ar.../08/13/371.aspx
>
> This actually makes sense...
>
> However, I am still in search of a GUI to do it.. I wonder why it isn't
yet
> configured in the AD User & Computers snap-in tool for user
administration.[vbcol=seagreen]
>
> "Jeff Cochran" wrote:
>
completely[vbcol=seagreen]
with[vbcol=seagreen]
they need[vbcol=seagreen]
account.[vbcol=seagreen]
about the[vbcol=seagreen]
also[vbcol=seagreen]
have[vbcol=seagreen]
automated[vbcol=seagreen]
where we[vbcol=seagreen]
them).[vbcol=seagreen]
http://www.microsoft.com/resources/...l_as_isoftp.asp[vbcol=seagreen]
|
|
|
|
|