Install FTP Server on IIS Windows Server

8/11/2019 Install FTP Server on IIS Windows Server

1/12

Install FTP Server on IIS of Windows Server

FTP (File Transfer Protocol) allow clients to transfer/download/upload their files using FileTransfer Protocol. FTP is very useful for Shared Hosting Service providers, Internet Service

providers etc. to allow their clients to upload/download/transfer files through FTP. In Windows

Server 2008 R2 Microsoft FTP 7.5 is available as Role Service for Web Server (IIS 7.5). FTP

7.5is tightly integrated with Web Server (IIS 7.5). Before installing FTP make sure Web

Server (IIS)is installed, referInstall IIS on Windows Server 2008.In this article we are going to

see how to setup a shared FTP Server for allowing clients of a Shared Web Server to transfer

contents of their websites.

Install FTP for IIS 7.5 on Windows Server 2008 R2

Click Start>> Administrative Tools>> Server Manager. In the Server Manager hierarchypane expand Rolesand then click on Web Server (IIS).

Click on Add Role Serviceswhich will launch Select Role Serviceswindow as shown below.Select FTP Serviceand FTP Extensibilityservices from the list. Click Next.
http://gopalthorve.com/install-iis-windows-server-2008/http://gopalthorve.com/install-iis-windows-server-2008/http://gopalthorve.com/install-iis-windows-server-2008/http://gopalthorve.com/wp-content/uploads/2012/05/install-ftp-iis-7-5-server-manager.pnghttp://gopalthorve.com/install-iis-windows-server-2008/


2/12

On Confirm Installation Selectionspage click Install.

On Installation Resultspage click Close to exit the Add Role Serviceswizard.
http://gopalthorve.com/wp-content/uploads/2012/05/install-ftp-iis-7-5-confirm-installation-selection.pnghttp://gopalthorve.com/wp-content/uploads/2012/05/install-ftp-iis-7-5-select-role-services.pnghttp://gopalthorve.com/wp-content/uploads/2012/05/install-ftp-iis-7-5-confirm-installation-selection.pnghttp://gopalthorve.com/wp-content/uploads/2012/05/install-ftp-iis-7-5-select-role-services.png


3/12

Check Firewall Rules to Allow inbound FTP Traffic

After installation of FTP Server make sure that there are Inbound firewall rules in place to allowinbound FTP traffic. To check this follow below steps:

Click Start>> Administrative Tools>> Windows Firewall with Advanced Security and then

click on Inbound Rulesand check if three inbound firewall rules exists as highlighted in belowsnapshot.

1. FTP Server (FTP Traffic-In): This rule allows inbound traffic on TCP port 21 for FTP

Service.

2. FTP Server Passive (FTP Passive Traffic-In): This rule allows inbound traffic on TCPports greater than 1023 for FTP Service. This is required for FTP Service to work in

passive mode.

3. FTP Server Secure (FTP SSL Traffic-In): This rule allows inbound traffic on TCP port990 for FTP Service over SSL.

If these rules doesnt exists then create them.
http://gopalthorve.com/wp-content/uploads/2012/05/install-ftp-iis-7-5-installation-results.png


4/12

Create a FTP Site using the FTP Site Wizard

We installed FTP for IIS 7.5 and also checked/created firewall rules to allow inbound traffic

necessary for serving FTP services. However without creating a FTP Site, the FTP Server

doesnt listen on port 21 and you can not connect to the FTP Server. Now we will create a

Default FTP Site.

Click Start>> Administrative Tools>> Internet Information Services (IIS) Manager.

Expand the Server from server hierarchy pane and then expand sites.

Right click on Sitesand then click on Add FTP Site
http://gopalthorve.com/wp-content/uploads/2012/05/install-ftp-iis-7-5-firewall-rules.png


5/12

Add FTP Site: FTP Site Information

FTP site name: Enter the name of this FTP Site.

Physical path: Select the physical folder from where contents to FTP Users will be

served. This is called root of the FTP Server. I choose %systemdrive%\inetpub\ftproot.

Click Next.
http://gopalthorve.com/wp-content/uploads/2012/06/install-ftp-iis-7-5-site-information.pnghttp://gopalthorve.com/wp-content/uploads/2012/05/install-ftp-iis-7-5-create-ftp-site.pnghttp://gopalthorve.com/wp-content/uploads/2012/06/install-ftp-iis-7-5-site-information.pnghttp://gopalthorve.com/wp-content/uploads/2012/05/install-ftp-iis-7-5-create-ftp-site.png


6/12

Add FTP Site: FTP Binding and SSL Settings

IP Address: Select IP address from the drop down list on which FTP Server will work.

Select All Unassigned to allow it to work on all IP addresses.

Port: Enter TCP port number on which this FTP Server will listen on. Default FTP port is

21. Enable Virtual Host Names: To bind a host name with this FTP site enable this option

and then specify host name e.g. ftp.gopalthorve.com.

Start FTP site automatically: Select this option to start this FTP site automatically.

SSL: SelectNo SSLoption. We will implement SSL feature some time later.

Click Next.

Add FTP Site: Authentication and Authorization Information

Authentication: Select Basic because we want to use Windows built-in authentication

method that requires users to provide valid Windows username and password to gainaccess to contents. Later we will configure FTP User isolation to restrict users to their

respected folders.

Allow access to: Select Specified roles or user groupsfrom the drop down list and thenenter the name of group which holds all FTP Users (as we discussed inLocal Users, localgroup and local security policies on Windows Server 2008). In my case the group is

FTPUsers.

Permissions: Select both Read and Write.

Click Finish to add the FTP Site.
http://gopalthorve.com/local-users-local-group-local-security-policies/http://gopalthorve.com/local-users-local-group-local-security-policies/http://gopalthorve.com/local-users-local-group-local-security-policies/http://gopalthorve.com/local-users-local-group-local-security-policies/http://gopalthorve.com/wp-content/uploads/2012/06/install-ftp-iis-7-5-binding-ssl-settings.pnghttp://gopalthorve.com/local-users-local-group-local-security-policies/http://gopalthorve.com/local-users-local-group-local-security-policies/


7/12


8/12

Parent Directory (%systemdrive%\HostingSpaces)

The parent directory which will contain sub-folders for each customer. I created

%systemdrive%\HostingSpaces directory which will hold a sub-directories in it for each ofclient.

NTFS Permissions for this directory:

1. Remove inheritable permissions from parent on %systemdrive%\HostingSpacesdirectory.

2. Grant permissions to SYSTEM, Administrators on this object.

Clients Home Directory (client1, client2 etc.)

Each shared hosting customer will have its own directory created under the parent directory and

each directory must be named after Windows Local User account name created for that particular

customer. Initially I have two customers respectively client1 and client2 and hence I createdtwo directories client1 and client2 in parent directory (%systemdrive%\HostingSpaces), also

create two Windows Local User account client1 and client2 and add them to FTPUsers group as

discussed inLocal Users, local group and local security policies on Windows Server 2008.Eachclients home directory must be given read/write permissions to that specific customer user

account e.g. client1s home folder is client1 and it must be given read/write permissions to user

client1.

NTFS Permissions for these directories:

1. It must inherit permissions from its parent i.e. %systemdrive%\HostingSpaces

2.

Each client must be granted access to its directory i.e. client1 user account must haveModify, Read & Execute, List folder contents, Read, Write permissions on its homedirectory client1.

Content Directories

Client can upload anything to this directory. By default it contains clients hosted domains here

i.e. client1domain1.com, client1domain2.com etc., which will further hold website contents inwwwroot directory, data in data directory and logs in logs directory.

FTP User Isolation

The FTP Site we recently created (Default FTP Site) allows each client session to start in the root

directory of FTP Site i.e. %systemdrive%\inetpub\ftproot, because there is not FTP User

Isolation configured on this FTP Site so far. By default FTP Site is configured to Do not isolate

users. Start users in: FTP root directory which allows every ftp session to start in ftp root

directory of the FTP Site.
http://gopalthorve.com/local-users-local-group-local-security-policies/http://gopalthorve.com/local-users-local-group-local-security-policies/http://gopalthorve.com/local-users-local-group-local-security-policies/http://gopalthorve.com/local-users-local-group-local-security-policies/


9/12

We want to configure FTP Site such that each customer account must have access to its own

folder only and each customers FTP session must start in its own home (root) folder named

after its username. Microsoft FTP support one such FTP User Isolation mode called Isolate

users. Restrict users to the following directory: User name directory (disable global virtual

directories). This mode requires us to createa folder named LocalUser under root of the FTP

Site (%systemdrive%\inetpub\ftproot\LocalUser) which will further contain customers homefolder (i.e. client1, client2 etc.). However I dont want to put customers folder in%systemdrive%\inetpub\ftproot\LocalUser folder instead I want to put all those folders in

%systemdrive%\HostingSpaces folder. To accomplish this we will need to create a Virtual

Directory called LocalUser under recently created FTP Site which will point to physical folder%systemdrive%\HostingSpaces folder. To create Virtual Directory follow below steps:

Create Virtual Directory

1. Start Internet Information Services (IIS) Manager. (Start >> Administrative Tools >>

Internet Information Services (IIS) Manager)

2.

Expand Sites3. Right click on Default FTP Site we created recently and then click Add Virtual

Directory4. Alias: Enter LocalUser in this text box, remember to type with exact case it must be

LocalUser with capital L and U.

5. Physical path: Select physical path where this virtual directory will point to i.e.

(%systemdrive%\HostingSpaces).

6. Click OK to create Virtual Directory.

Finally configuring FTP User Isolation
http://gopalthorve.com/wp-content/uploads/2012/06/setup-ftp-server-ftp-user-isolation-add-virtual-directory.png


10/12

1. Start Internet Information Services (IIS) Manager. (Start >> Administrative Tools >>

Internet Information Services (IIS) Manager)

2. Expand Sites3. Click on Default FTP Site we recently created.

4. Double click FTP User Isolationin feature view window in the middle.

5.

In Isolate users. Restrict users to the following directory: section select User namedirectory (disable global directories) option.6. Click Apply button to save changes.

Testing FTP Server

We have successfully setup FTP Server and now its time to check if everything is working fine.We can check FTP Server connectivity either using ftp command or using any FTP Client like

FileZilla Client.

Testing FTP Server using ftp command:

1. Open Command Prompt

2. Type ftpat command prompt.3. Type o 192.168.0.98 on the ftp prompt. Use IP address on which your FTP Server is

configured to listen on. If All Unassigned is used you can use any IP address of your

system as well as you can also use localhost.4. Type FTP User name e.g. client1.

5. Type Password for the FTP User e.g. password for user client1.

6.

If everything works fine then you will get the response 230 User logged in.7. Type dir command and you will get directory listing of client1 home folder.8. Type cd client1domain1.com command and current working directory (CWD) changes

to client1domain1.com

9. Type pwd command to know the current working directory.10.Type put command to upload local file to FTP Server. When prompted for local file

name enter entire file name along with path. When prompted for remote file simply press

enter to upload file with same name or enter new name for file on FTP Server.
http://filezilla-project.org/http://filezilla-project.org/http://gopalthorve.com/wp-content/uploads/2012/06/setup-ftp-server-configure-ftp-user-isolation.pnghttp://filezilla-project.org/


11/12

11.Type recv command to download file from FTP Server. When prompted for remote file

name enter name of the file to download and when prompted for Local file enter path

where you want to download the file.12.Type dele file_name command to delete file from FTP Server, replace file_name with

name of the file to be deleted.

13.

I have pasted a sample command session with my recently configured FTP Server.

C:\>ftp

ftp> o 192.168.0.98

Connected to 192.168.0.98.

220 Microsoft FTP Service

User (192.168.0.98:(none)): client1

331 Password required for client1.

Password:

230 User logged in.

ftp> dir

200 PORT command successful.

125 Data connection already open; Transfer starting.

06-06-12 07:37PM client1domain1.com

06-06-12 07:37PM client1domain2.com

226 Transfer complete.

ftp: 118 bytes received in 0.00Seconds 118000.00Kbytes/sec.

ftp> cd client1domain1.com

250 CWD command successful.

ftp> put

Local file c:\help.txt

Remote file




ftp: 5866 bytes sent in 0.02Seconds 244.42Kbytes/sec.

ftp> recv

Remote file help.txtLocal file d:\help.txt




ftp: 5866 bytes received in 0.00Seconds 5866000.00Kbytes/sec.

ftp> delehelp.txt

250 DELE command successful.

Checking FTP Server using FileZilla FTP Client

We can also check FTP Server by using GUI based FTP client likeFileZilla Client.Simply

download theFileZilla Clientand then install, after installation launchFileZilla.

1. Host: Enter IP address on which your FTP Server is listening on.

2. Username: Enter FTP Username e.g. client1

3. Password: Enter password for FTP User4. Port: Enter FTP Port default is 21.

5. Click Quickconnect button.
http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/http://filezilla-project.org/


12/12

6. Once connected you can download/upload/delete contents simply drag and drop

functionalities.

So thats it for FTP Server for now. As far as more FTP Server settings are concerned I will beputting it under comments area of this article. Later we will see how to create website in IIS 7.5.
http://gopalthorve.com/wp-content/uploads/2012/06/setup-ftp-server-checking-ftp-server-filezilla-client.png

Install FTP Server on IIS Windows Server

Documents

Transcript of Install FTP Server on IIS Windows Server