People in daily life for the security of the network more and more attention, in the enterprise will also increase this concern, so user isolation is a good way to protect data files, that is, each user can only operate this user directory, unable to view and modify other users ' directories and files. The purpose of this is to better improve the security of the file server.
Similarly, we deploy a simple user isolation experiment that requires three server Server01 (domain control), Server02 (IIS), server03 (client).
Need in the site's home directory FTPRoot under the LocalUser folder to build the LocalUser folder, the next in the LocalUser built the user's home folder Yuanyuan, Panpan, Fangfang. There is also an anonymous access folder Pubulic. The user's home directory folder must be exactly the same as the user's login, and the anonymous Access folder must be public.
The specific experimental steps are as follows:
First we will install the FTP server on the SERVER02, select Server Manager to add roles and features, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image001 "border=" 0 "alt=" clip_ image001 "src=" http://s3.51cto.com/wyfs02/M02/6D/99/wKioL1VnmnGxep83AAEhRTPAl0E940.jpg "height=" 328 "/>
Next, check the FTP server in the Web server (IIS) and click Next.
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image002 "border=" 0 "alt=" clip_ image002 "src=" http://s3.51cto.com/wyfs02/M02/6D/9D/wKiom1VnmN_xXxsIAAGHQUOY1og107.jpg "height=" 435 "/>
Click "Next" to proceed,
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image003 "border=" 0 "alt=" clip_ image003 "src=" http://s3.51cto.com/wyfs02/M00/6D/99/wKioL1VnmnLSy4ATAAE2iwlwXtE237.jpg "height=" 435 "/>
Next, click on "Install", such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image004 "border=" 0 "alt=" clip_ image004 "src=" http://s3.51cto.com/wyfs02/M01/6D/99/wKioL1VnmnKg3whUAAEj7iwTr38801.jpg "height=" 445 "/>
After installing the FTP service, we want to create a new user on the FTP server, for demonstration convenience, I use the command directly to operate, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image005 "border=" 0 "alt=" clip_ image005 "src=" http://s3.51cto.com/wyfs02/M02/6D/99/wKioL1VnmnLDews4AAEpmVB5vbI741.jpg "height=" 419 "/>
Next, create the site home directory ftproot, user directory LocalUser, the anonymous Access folder must be public, note: The directory name must be identical to the user name. Such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image006 "border=" 0 "alt=" clip_ image006 "src=" http://s3.51cto.com/wyfs02/M00/6D/99/wKioL1VnmnLyl-TzAADdy9SP72M290.jpg "height=" 215 "/>
Next, we open IIS Manager, select Web site--right--Add an FTP site, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image007 "border=" 0 "alt=" clip_ image007 "src=" http://s3.51cto.com/wyfs02/M01/6D/99/wKioL1VnmnOStnPEAAFm9_LVcxU785.jpg "height=" 329 "/>
Next, we named the site as FTPRoot, the physical path to fill in the site root directory we created, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image008 "border=" 0 "alt=" clip_ image008 "src=" http://s3.51cto.com/wyfs02/M01/6D/99/wKioL1VnmnSh-JjJAACoXE5ngKY835.jpg "height=" 436 "/>
Next, we bind the IP,FTP port number of the IP,FTP server by default to 21,ssl select None, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image009 "border=" 0 "alt=" clip_ image009 "src=" http://s3.51cto.com/wyfs02/M02/6D/9D/wKiom1VnmOLhRVKNAAD2pX_hjss043.jpg "height=" "/>"
Next, select Basic Authentication, read (write) permissions to all users according to the requirements, click Finish, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image010 "border=" 0 "alt=" clip_ image010 "src=" http://s3.51cto.com/wyfs02/M02/6D/99/wKioL1VnmnbhanP0AADSUBVsKQg726.jpg "height=" 452 "/>
After we add the FTP site, we will start to create user isolation, first we click on the site FTPRoot, click FTP user Isolation, double-click Open, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image011 "border=" 0 "alt=" clip_ image011 "src=" http://s3.51cto.com/wyfs02/M00/6D/9D/wKiom1VnmOPyyyvBAAF17iplQYw724.jpg "height=" 336 "/>
Next, select the User name directory (disable global virtual directory) option and click Apply, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image012 "border=" 0 "alt=" clip_ image012 "src=" http://s3.51cto.com/wyfs02/M01/6D/9D/wKiom1VnmOPAQtRCAAFIbB6MMbw534.jpg "height=" 337 "/>
The above basically completed the user isolation operation, the following we came to SERVER03 (client) machine to verify that access is effective.
In the SERVER03 Explorer input Ftp://192.168.1.102/panpan Access Panpan folder, the following login authentication will appear, we enter the corresponding user name password, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image013 "border=" 0 "alt=" clip_ image013 "src=" http://s3.51cto.com/wyfs02/M02/6D/9D/wKiom1VnmOSw3us-AAHQBU0wAaI375.jpg "height=" 444 "/>
After authentication, we can access the contents, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image014 "border=" 0 "alt=" clip_ image014 "src=" http://s3.51cto.com/wyfs02/M00/6D/9D/wKiom1VnmOTTU3HyAACK10De6OU378.jpg "height=" 166 "/>
Next we use other users to log in to access the Panpan folder to see if it will be successful, enter another user's account and password, such as:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image015 "border=" 0 "alt=" clip_ image015 "src=" http://s3.51cto.com/wyfs02/M01/6D/9D/wKiom1VnmOSQLzD8AAHRw6Nx4w8589.jpg "height=" 447 "/>
After entering the user name password, the following dialog box prompts us to not have permission to access the file, verifying that our user isolation operation has been successful ~~~!
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image016 "border=" 0 "alt=" clip_ image016 "src=" http://s3.51cto.com/wyfs02/M02/6D/9D/wKiom1VnmOSgOGJRAAEMKs8d0Kk913.jpg "height=" 285 "/>
Next we want to connect the FTP server, run Ftp--open 192.168.1.102 (FTP server ip+ port number) on the command line, we can log on to the FTP server, download (because the previous permission is set to read-only, so only download operation) files and so on As shown in the following:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image017 "border=" 0 "alt=" clip_ image017 "src=" http://s3.51cto.com/wyfs02/M00/6D/9D/wKiom1VnmOSQWvmMAAHRn-1NRqs226.jpg "height=" 434 "/>
The above we deployed the user isolation site has been completed, the steps of the experiment is more detailed, we can also conduct experiments ah, thank you to watch, what is the ~~~~!!!
Deploying user-Isolated FTP sites for Windows server2012