Share via

Setting Active Directory User Isolation Using Iisftp.vbs

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

You can use the command-line script iisftp.vbs, which is stored in systemroot\System32, to query and set Active Directory directory service properties for a user's File Transfer Protocol (FTP) home directory. For more information about user isolation, see Isolating FTP Users.

Important

You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyComputer</STRONG>Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).

This topic includes the following information:

  • Syntax: The order in which you type a command and any arguments and options that follow it.

  • Parameters: The values that are given to variables in the command.

  • Examples: Sample code and an explanation of the results.

Syntax

iisftp /GetADProp UserID [/s Computer [/u [Domain\]User /p Password]]

iisftp /SetADProp UserID {msIIS-FTPDir|msIIS-FTPRoot} PropertyValue [/s Computer [/u [Domain\]User**/p** Password]]

Parameters

/GetADProp

Returns property values for a specific Active Directory user.

/SetADProp

Sets the property values for a specific Active Directory user.

UserID

Required. Specifies the logon ID of the Active Directory user.

msIIS-FTPDir|msIIS-FTPRoot

Required to set the home directory properties. Specifies isolation at either the directory or root level.

PropertyValue

Required to set the home directory properties. Specifies the value of the home directory and relative path.

/s Computer

Specifies the name or IP address of a remote computer (with no backslashes). The default is the local computer.

/u [Domain\]User

Connects to the Active Directory with the permissions of the specified user account in the user or domain\user format. This account must be a member of the Administrators group on the remote computer. By default, the script runs with the permissions of the current user of the local computer.

/p Password

Specifies the password of the user account that is specified in the /u parameter.

Examples

Example 1:

The following example returns the Active Directory properties of user "BSmith" on the local computer:

iisftp /GetADProp BSmith

In response, iisftp displays the following message, which is followed by the Active Directory properties for BSmith in the default domain. In this example, "Server" represents the machine name where drive D: is found, "Site Name" is the name you assigned to the FTP site, "Metabase Path" represents the metabase key assigned by IIS, "IP" is unassigned by default, "Port" is set to 21 by default, "Root" is the directory where the FTP files reside, "IsoMode" is set to "FTPRoot", and "Status" is set to "STARTED" by default.

Connecting to server ...Done.

Server = FTPServer

Site Name = Smittys

Metabase Path = MSFTPSVC/1452008083

IP = ALL UNASSIGNED

Port = 21

Root = D:\Public\Archives

IsoMode = FTPRoot

Status = STARTED

Example 2:

The following example sets the home directory properties in the Active Directory User object properties for user "Sales\MJones" on a remote computer:

iisftp /SetADProp Sales\MJones FTPDir MikesDir /s SVR16 /u Sales\Admin6 /p p@ssWor#

In response, iisftp displays the following message, which includes the Active Directory properties for MJones. In this example, "Server" represents the machine name where drive D: is found, "Site Name" is the name you assigned to the FTP site, "Metabase Path" represents the metabase key assigned by IIS, "IP" is unassigned by default, "Port" is set to 21 by default, "Root" is the directory where the FTP files reside, "IsoMode" is set to "FTPDir", and "Status" is set to "STARTED" by default.

Connecting to server ...Done.

Server = SVR16

Site Name = MikesDir

Metabase Path = MSFTPSVC/1452004045

IP = ALL UNASSIGNED

Port = 21

Root = D:\Public\Archives

IsoMode = FTPDir

Status = STARTED