Codify
   You are Here: » Home » Utilities » Transfer Server User Administration Tool
Contact Us
Level 1
24 Little Edward Street
Spring Hill, Queensland 4000
Australia
TelephoneTelephone: +61 (7) 3210 6268
FacsimileFacsimile: +61 (7) 3210 6269
Feel free to contact us online via our contact form.
Contact Us

Transfer Server User Administration Tool

Overview

The Transfer Server User Administration Tool is a simple ASP.NET web application that allows you to do basic Windows SAM account management on a standalone server. This application was specifically designed to support the scenario where:
  • You are running a file transfer server for a number of close collaborators on a project (other suppliers for a common customer, for example).
  • You do not wish to set up an entire AD infrastructure or ADFS etc to authenticate the users.
  • You want to run a stand-alone FTP/FTPS/HTTP/DAV server that does not interface with any of your existing infrastructure and so has no chance of granting external people access to your other Internet-facing servers.
  • You want to very easily and quickly add and remove users using a simple web based UI.
If you need these features then you've come to the right place!

Features

The application allows you to:
  • Create, update and delete users
  • Add users to and remove them from pre-existing groups
  • Operate on a subset of users on your server so that users cannot be added to built-in groups and also so that users granted access to the administrative site cannot modify pre-existing accounts created outside of the application

Installation Instructions

These set up instructions assume you are familiar with IIS administration and Windows security.

Create IIS FTP Transfer Server

The first step is to create your FTP and Web server that you will use for your transfer server. You should do this using IIS admin and ensure:
  • Create a new FTP server pointing to a new empty root
  • Dissallow anonymous access to your FTP server
  • Consider setting up FTPS if you're using IIS7
This is the FTP/FTPS server users will use to transfer files.

Create IIS HTTP Transfer Server

  • Create a new HTTP server pointing at the same root as above
  • Chance the authentication method to Basic authentication
  • You should consider binding an SSL certificate (even if self issued) to this server to protect user passwords in transit
  • Optionally consider enabling WebDAV to allow people to map the server as a drive under Windows Vista etc.
This is the HTTP/HTTPS/WebDAV server users will use to transfer files.

Create the user management HTTP server

  • Create a new user IIS virtual directory called "admin" in the HTTP Transfer Server created above. Point this at a filesystem folder that is outside the FTP root identified above
  • Copy the files from the ZIP at the end of this article into this folder.
  • Ensure that the ASP.NET script mappings are bound to that application by using aspnet_regiis.exe
  • Ensure that default.aspx is a default document type on that application 

Create groups for your suppliers and partners

The next step (we're nearly there) is to create groups for your partners, suppliers and customers. This step will vary based on your version of Windows, however for Windows 2003:
  1. Go to Start -> Control Panel -> Administrative Tools -> Computer Management.
  2. Expand "Local Users and Groups",
  3. Click on Groups
  4. Add a group for each type of user you wish to add. For example, Company A, Company B, Supplier A, etc
  5. When adding these groups, set the Description of the group to be {MANAGEDGROUP} - the application will only allow users to be added to groups if the group has this description.
  6. Create folders in your FTP root and apply ACLs (using Windows explorer) as needed. You should allow or disallow different managed groups access to folders based on your business requirements for who should be able to read or write content in a particular area.

Create the Administrative User

You need to create an account for yourself (or whoever will be managing the users on the server) and ensure that that account is a member of the Administrators group on that machine.

Adding and removing users

Once you have completed these steps you are ready to run the application to manage your users and group memberships. Assuming your server name is ftp.example.com, then you should navigate to https://ftp.example.com/admin. Once you log in with your Administrative user account you can create users, assign them to groups and so on.

Notes about security

  • Users added by the system have {MANAGEDUSER} in their description.
  • The system will only show and manipulate accounts with {MANAGEDUSER} in their description.
  • The people with the ability to add accounts and manipulate group memberships will need to be Administrators or Account Operators on the machine in question. Therefore, you should take care that granting this access does not grant other unintended access. Specifically, ensure your firewall ruleset prevents SMB and ensure that the user is denied RDP access.

Download

Download Now » (ZIP, 170 KB)
   Contact Details |  Privacy Policy
Subscribe to news Subscribe to news Subscribe to our blog Subscribe to our blog
Copyright © 1996-2009 Codify Pty Ltd, All Rights Reserved. Codify