How To Setup A Ftp Server On Windows

Documentation » Using WinSCP » Guides » Other »

Installing a secure FTP server on Windows using IIS

You may want to install a secure FTP server on Windows either every bit standalone file storage or to have means of editing your website hosted on IIS (Internet Information Services) web server. In both cases, y'all can use an optional FTP Server component of the IIS. It can be installed standalone or along with a Web Server.ane

• Installing FTP Server
  • On Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012
  • On Windows Server 2008 R2
  • On Windows Desktop (Windows xi, Windows 10, Windows 8, Windows 7 and Windows Vista)
• Opening IIS Manager
• Creating Document for the FTPS Server
• Servers behind external Firewall/NAT
• Windows Firewall Rules
• Restarting FTP Service
• Adding FTP Site
  • To a Web Site
  • Standalone FTP Site
• Connecting to Your FTPS Server
• Farther reading

Installing FTP Server

On Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012

• In Windows Server Manager go to Dashboard and run Manage > Add Roles and Features.

Advertisement

• In Add Roles and Features wizard:
  • Proceed to Installation Type step and confirm Role-based or feature-based installation.
  • Go along to Server Roles step and check Web Server (IIS) office. Note that information technology is checked already, if y'all had IIS installed as a Web Server previously. If your are prompted to install IIS Direction Console tool, confirm it.
  • Proceed to Web Server Office (IIS) > Role Services step and check FTP Server office service. Uncheck Web Server function service, if you practice non need it.
  • Continue to the end of the wizard and click Install.
  • Expect for the installation to complete.

Advertisement

Skip to the next stride.

On Windows Server 2008 R2

If you lot practice not have IIS installed notwithstanding:

• In Windows Server Director get to Roles node and in Roles Summary panel click Add Roles.
• In Add Roles wizard:
  • Keep to Server Roles step and check Web Server (IIS) role.
  • Proceed to Role Services stride and cheque FTP Server > FTP Service role service. Uncheck Web Server role service, if yous do not demand it. Make certain Management Service > IIS Direction Console function service is checked.
  • Proceed to the terminate of the wizard and click Install.
  • Wait for the installation to complete.

If you have IIS installed already (i.eastward. as a Spider web Server):

• In Windows Server Manager go to Roles node and in Web Server (IIS) > Part Services panel click Add Function Services.
• In Add Role Services wizard:
  • Cheque FTP Server > FTP Service function service.
  • Make sure that Direction Service > IIS Management Console is checked.
  • Confirm with Next button.
  • Proceed to the end of the sorcerer and click Install.
  • Look for the installation to consummate.

Advertising

Skip to the adjacent stride.

On Windows Desktop (Windows xi, Windows x, Windows 8, Windows 7 and Windows Vista)

• Get to Control Panel > Programs > Programs and Features > Turn Windows features on or off.
• On a Windows Features window:
  • Expand Internet Information Services > FTP Server and check FTP Service.
  • Expand Internet Information Services > Web Management Tools and check IIS Management Panel, if it is not checked even so.
  • Confirm with OK button.
  • Wait for the installation to complete.

Opening IIS Manager

• Go to Control Console > System and Security > Administrative Tools (Windows Tools on Windows 11) and open Net Information Services (IIS) Manager.
• Navigate to your Windows server node.

Advertisement

Creating Certificate for the FTPS Server

Yous need a TLS/SSL certificate to secure your FTP server. Ideally, you should acquire the certificate from a certificate potency.

Y'all may besides create a self-signed certificate locally, only in such case users of your FTPS server volition be warned, when connecting to the server.

To create the self-signed document:

• In IIS Manager, open up IIS > Server Certificates.
• Click on Create Cocky-Signed Certificate action.
• Specify a certificate name (e.1000. "FTP Server") and submit with OK.

Self-signed certificates created by former versions of IIS Manager do not work with FTPS clients that check for key usage violations.2 To create a certificate with a correct key usage, use New-SelfSignedCertificate PowerShell as an Administrator:

            New-SelfSignedCertificate            -FriendlyName            "FTP Server"            -CertStoreLocation cert:\localmachine\my -DnsName ftp.example.com

Servers backside external Firewall/NAT

If your server is behind an external firewall/NAT, yous need to tell the FTP server its external IP address, to permit passive style connections.

• In IIS Manager, open FTP > FTP Firewall Support.
• Specify your server's external IP address.
  For Microsoft Azure Windows servers you will notice the external IP address in Public IP address section of the virtual machine folio.

When behind an external firewall, you need to open ports for information connections (patently in addition to opening an FTP port 21 and possibly an implicit TLS/SSL FTP port 990). You lot won't probably want to open up whole default port range 1024-65535. In such case, you demand to tell the FTP server to utilise only the range that is opened on the firewall. Use a Data Channel Port Range box for that. Whatever fourth dimension you change this range, you will demand to restart FTP service. Learn how to open up ports on Microsoft Azure.

Advertisement

Click Utilize activeness to submit your settings.

Some external firewalls are able to monitor FTP control connection and automatically open and shut the data connection ports as needed. So you practise not need to have whole port range opened all the time, even when not in apply. This won't work with the secure FTPS as the command connection is encrypted and the firewall cannot monitor it.

Windows Firewall Rules

An internal Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535 when IIS FTP server is installed.

The rules are non enabled initially on some versions of Windows.3 To enable or change the rules, go to Control Panel > System and Security > Windows Defender Firewall4 > Advanced Settings > Inbound Rules and locate iii "FTP server" rules. If the rules are not enabled, click on Deportment > Enable Rule.

Restarting FTP Service

While the internal Windows firewall is automatically configured to open up FTP ports when FTP server is installed, this change does not seem to apply, until FTP service is restarted. The aforementioned is true for changing data channel port range.

To restart FTP service get to Control Panel > Arrangement and Security > Administrative Tools (Windows Tools on Windows 11) and open Services. Locate Microsoft FTP Service and click Restart service.5

Adding FTP Site

To a Web Site

If you desire to add FTP server to manage your existing spider web site remotely, locate your web site node in IIS Manager and:

• Click Add together FTP Publishing action.
• In Add FTP Site Publishing magician:
  • On an initial Binding and SSL Settings step, select Require SSL to disallow non-encrypted connections and select your certificate.
  • On Hallmark and Authorization Information step, select Basic hallmark and brand sure Anonymous authentication is not selected. Select which users (Windows accounts) you allow to connect to the server with what permissions. You can choose All users or select simply some. Practice not select Anonymous users.
  • Submit with End button.

Advert

Your secure FTPS server is now running and can be connected to.

Standalone FTP Site

If you lot desire to add a standalone FTP server to shop/substitution files, locate Sites node (binder) of your Windows server in IIS Managing director and:

• Click Add FTP Site action.
• In Add FTP Site wizard:
  • On an initial Site Information step, give a proper name to your FTP site (if it's the only site y'all are going to accept, simple "FTP site" suffice) and specify a path to a folder on your server's disk that is going to be accessible using FTP.
  • On a Binding and SSL Settings stride, select Require SSL to disallow non-encrypted connections and select your certificate.
  • On Hallmark and Authorization Information step, select Bones authentication and make sure Anonymous authentication is not selected. Select which users (Windows accounts) you let to connect to the server with what permissions. Yous can choose All users or select just some. Do not select Anonymous users.
  • Submit with Finish push.

Your secure FTPS server is at present running and tin can exist connected to.

Connecting to Your FTPS Server

For connecting to a Microsoft Azure Windows instance, come across a specific guide.

Start WinSCP. Login Dialog will appear. On the dialog:

• Select FTP protocol and TLS/SSL Explicit encryption.
• Enter your Windows server hostname to Host proper name field. Avert using an IP accost to allow WinSCP to verify that the hostname matches with host the server'southward certificate was issued to (non applicative to cocky-signed certificates).
• Specify username and countersign for Windows account you desire to connect with (when using domain accounts, yous need to specify a full username with format domain\username).
• You may desire to save your session details to a site so you lot practice not need to type them in every time you want to connect. Press Save push and blazon site proper name.
• Press Login to connect.
• If you are using self-signed document, you lot volition be prompted to accept it.

Advertisement

Further reading

• Installing secure FTP server on Microsoft Azure using IIS;
• Installing SFTP/SSH Server on Windows using OpenSSH;
• Upload files to FTP server or SFTP server;
• Automate file transfers (or synchronization) to FTP server or SFTP server.

Source: https://winscp.net/eng/docs/guide_windows_ftps_server

Posted by: brownvesect1978.blogspot.com

Share this post