I'm deploying an FTP Server with TLS on IIS 8.5 (Windows Server 2012 R2) with some success but now I'm stuck at this situation.
I can assign FTP Authorizations to the root FTP folder via Powershell using the following method (which reflects inside C:\Windows\System32\inetsrv\config\applicationHost.config exactly in the same way as GUI (IIS Management Console) does it). PS step for this is:
$CsvFtpGroups = $FTPGROUPS -join ','
$Param = @{
Filter = "/system.ftpServer/security/authorization"
Value = @{
accessType = "Allow"
roles = "$($CsvFtpGroups)"
permissions = "Read"
}
PSPath = 'IIS:\'
Location = $FTPSiteName
}
Add-WebConfiguration @Param
and XML result in applicationHost.config is this:
<location path="FTPServer">
<system.ftpServer>
<security>
<authorization>
<add accessType="Allow" roles="GROUP1,GROUP2" permissions="Read" />
</authorization>
</security>
</system.ftpServer>
</location>
Now the issue:
I want to remove inheritance for the previous to all subfolders because I need them to have specific authorisations which will be configured next.
When I use IIS Mgmt Console and manually remove this inherited authorisation from all subfolders I get this inside applicationHost.config:
<location path="FTPServer/Folder1">
<system.ftpServer>
<security>
<authorization>
<remove users="" roles="GROUP1,GROUP2" permissions="Read" />
</authorization>
</security>
</system.ftpServer>
</location>
And I can't add anything similar via PowerShell.
I've already tried this to no avail:
Remove-WebConfigurationProperty -PsPath "IIS:\" -Location "$($FTPSiteName)/$($FTPSubFolder1)" -Filter "system.ftpServer/security/authorization" -Name "." -AtElement @{users="";roles="$($roles)";permissions="Read"}
And also tried 'Adding' a 'remove' statement:
Add-WebConfigurationProperty -PsPath 'MACHINE/WEBROOT/APPHOST' -location "FTPServer/Folder1" -Filter "system.ftpServer/security/authorization/remove" -name "." -value @{users="";roles="GROUP1,GROUP2";permissions="Read"}
And finally also tried with:
Set-ItemProperty -Path "FTPServer/Folder1" -Name "system.ftpServer.security.authorization.remove" -Value @{users="";roles="GROUP1,GROUP2";permissions="Read"}
None of these worked. What can I try next?
I will provide you with severalexamples, you can modify some parts according to your needs.
This statement can add new authorization to subfile.
This statement can remove the authorization rules of the sub-file inherited from the root folder.