powershelliis-8windows-server-2012-r2ftp-server

Configuring IIS 8.5 via PowerShell: how remove inherit folder authorization

I'm deploying an FTP Server with TLS on IIS 8.5 (Windows Server 2012 R2) with some success but now I'm stuck at this situation.

I can assign FTP Authorizations to the root FTP folder via Powershell using the following method (which reflects inside C:\Windows\System32\inetsrv\config\applicationHost.config exactly in the same way as GUI (IIS Management Console) does it). PS step for this is:

$CsvFtpGroups = $FTPGROUPS -join ','
$Param = @{
    Filter   = "/system.ftpServer/security/authorization"
    Value    = @{
        accessType  = "Allow"
        roles       = "$($CsvFtpGroups)"
        permissions = "Read"
    }
    PSPath   = 'IIS:\'
    Location = $FTPSiteName
}
Add-WebConfiguration @Param

and XML result in applicationHost.config is this:

<location path="FTPServer">
    <system.ftpServer>
        <security>
            <authorization>
                <add accessType="Allow" roles="GROUP1,GROUP2" permissions="Read" />
            </authorization>
        </security>
    </system.ftpServer>
</location>

Now the issue:

I want to remove inheritance for the previous to all subfolders because I need them to have specific authorisations which will be configured next.

When I use IIS Mgmt Console and manually remove this inherited authorisation from all subfolders I get this inside applicationHost.config:

<location path="FTPServer/Folder1">
    <system.ftpServer>
        <security>
            <authorization>
                <remove users="" roles="GROUP1,GROUP2" permissions="Read" />
            </authorization>
        </security>
    </system.ftpServer>
</location>

And I can't add anything similar via PowerShell.

I've already tried this to no avail:

Remove-WebConfigurationProperty -PsPath "IIS:\" -Location "$($FTPSiteName)/$($FTPSubFolder1)" -Filter "system.ftpServer/security/authorization" -Name "." -AtElement @{users="";roles="$($roles)";permissions="Read"}

And also tried 'Adding' a 'remove' statement:

Add-WebConfigurationProperty -PsPath 'MACHINE/WEBROOT/APPHOST' -location "FTPServer/Folder1" -Filter "system.ftpServer/security/authorization/remove" -name "." -value @{users="";roles="GROUP1,GROUP2";permissions="Read"}

And finally also tried with:

Set-ItemProperty -Path "FTPServer/Folder1" -Name "system.ftpServer.security.authorization.remove" -Value @{users="";roles="GROUP1,GROUP2";permissions="Read"}

None of these worked. What can I try next?

Solution

  • I will provide you with severalexamples, you can modify some parts according to your needs.

    This statement can add new authorization to subfile.

    Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location 'FTPServer/Folder1' -filter "system.ftpServer/security/authorization" -name "." -value @{accessType='Allow';roles='GROUP3';permissions='Read,Write'}

    This statement can remove the authorization rules of the sub-file inherited from the root folder.

    Remove-WebConfigurationProperty  -pspath 'MACHINE/WEBROOT/APPHOST' -location 'FTPServer/Folder1' -filter "system.ftpServer/security/authorization" -name "." -AtElement @{users='';roles='GROUP1,GROUP2';permissions='1'}