How To Create Ftp Site In Windows Server 2008 R2

Documentation » Using WinSCP » Guides » Other »

Installing a secure FTP server on Windows using IIS

You lot may want to install a secure FTP server on Windows either as standalone file storage or to have means of editing your website hosted on IIS (Internet Information Services) web server. In both cases, yous can use an optional FTP Server component of the IIS. Information technology can be installed standalone or along with a Web Server.i

• Installing FTP Server
  • On Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012
  • On Windows Server 2008 R2
  • On Windows Desktop (Windows 11, Windows 10, Windows 8, Windows seven and Windows Vista)
• Opening IIS Manager
• Creating Certificate for the FTPS Server
• Servers behind external Firewall/NAT
• Windows Firewall Rules
• Restarting FTP Service
• Adding FTP Site
  • To a Web Site
  • Standalone FTP Site
• Connecting to Your FTPS Server
• Further reading

Installing FTP Server

On Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012

• In Windows Server Manager become to Dashboard and run Manage > Add Roles and Features.

Advertising

• In Add Roles and Features wizard:
  • Proceed to Installation Type step and confirm Office-based or feature-based installation.
  • Proceed to Server Roles step and bank check Web Server (IIS) role. Note that information technology is checked already, if you lot had IIS installed as a Spider web Server previously. If your are prompted to install IIS Management Panel tool, confirm it.
  • Proceed to Web Server Role (IIS) > Role Services step and check FTP Server role service. Uncheck Web Server role service, if you do not need information technology.
  • Proceed to the end of the wizard and click Install.
  • Look for the installation to complete.

Advertisement

Skip to the next step.

On Windows Server 2008 R2

If yous do not accept IIS installed yet:

• In Windows Server Manager go to Roles node and in Roles Summary panel click Add Roles.
• In Add Roles magician:
  • Proceed to Server Roles step and bank check Web Server (IIS) part.
  • Proceed to Role Services footstep and check FTP Server > FTP Service role service. Uncheck Web Server part service, if you do not need it. Make certain Management Service > IIS Management Console role service is checked.
  • Proceed to the stop of the wizard and click Install.
  • Wait for the installation to complete.

If you have IIS installed already (i.due east. every bit a Web Server):

• In Windows Server Manager go to Roles node and in Web Server (IIS) > Office Services panel click Add Role Services.
• In Add Function Services wizard:
  • Check FTP Server > FTP Service office service.
  • Make sure that Management Service > IIS Management Panel is checked.
  • Confirm with Side by side push.
  • Proceed to the stop of the wizard and click Install.
  • Expect for the installation to consummate.

Advertisement

Skip to the next footstep.

On Windows Desktop (Windows 11, Windows 10, Windows 8, Windows 7 and Windows Vista)

• Become to Control Console > Programs > Programs and Features > Turn Windows features on or off.
• On a Windows Features window:
  • Expand Internet Information Services > FTP Server and check FTP Service.
  • Expand Internet Information Services > Spider web Management Tools and check IIS Management Console, if it is not checked yet.
  • Confirm with OK push.
  • Await for the installation to complete.

Opening IIS Managing director

• Go to Control Console > Arrangement and Security > Administrative Tools (Windows Tools on Windows 11) and open Internet Information Services (IIS) Manager.
• Navigate to your Windows server node.

Advertisement

Creating Certificate for the FTPS Server

You need a TLS/SSL certificate to secure your FTP server. Ideally, you lot should larn the certificate from a certificate authorisation.

You lot may also create a self-signed certificate locally, simply in such case users of your FTPS server will be warned, when connecting to the server.

To create the self-signed document:

• In IIS Manager, open IIS > Server Certificates.
• Click on Create Self-Signed Certificate action.
• Specify a certificate name (eastward.g. "FTP Server") and submit with OK.

Self-signed certificates created past old versions of IIS Manager practise not piece of work with FTPS clients that check for key usage violations.2 To create a certificate with a right key usage, apply New-SelfSignedCertificate PowerShell as an Administrator:

            New-SelfSignedCertificate            -FriendlyName            "FTP Server"            -CertStoreLocation cert:\localmachine\my -DnsName ftp.example.com

Servers behind external Firewall/NAT

If your server is behind an external firewall/NAT, you demand to tell the FTP server its external IP address, to let passive mode connections.

• In IIS Director, open FTP > FTP Firewall Back up.
• Specify your server's external IP address.
  For Microsoft Azure Windows servers you will notice the external IP address in Public IP address section of the virtual motorcar folio.

When behind an external firewall, you demand to open ports for data connections (obviously in add-on to opening an FTP port 21 and possibly an implicit TLS/SSL FTP port 990). You won't probably want to open whole default port range 1024-65535. In such example, y'all need to tell the FTP server to use only the range that is opened on the firewall. Use a Information Channel Port Range box for that. Any time you change this range, you lot volition need to restart FTP service. Learn how to open ports on Microsoft Azure.

Advertising

Click Utilize action to submit your settings.

Some external firewalls are able to monitor FTP control connection and automatically open up and close the data connection ports as needed. So you lot practise not need to have whole port range opened all the time, fifty-fifty when not in use. This won't work with the secure FTPS every bit the control connection is encrypted and the firewall cannot monitor it.

Windows Firewall Rules

An internal Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535 when IIS FTP server is installed.

The rules are not enabled initially on some versions of Windows.3 To enable or alter the rules, go to Control Panel > Organization and Security > Windows Defender Firewalliv > Advanced Settings > Inbound Rules and locate three "FTP server" rules. If the rules are non enabled, click on Actions > Enable Rule.

Restarting FTP Service

While the internal Windows firewall is automatically configured to open FTP ports when FTP server is installed, this change does not seem to utilise, until FTP service is restarted. The aforementioned is true for irresolute data channel port range.

To restart FTP service become to Control Panel > Organization and Security > Administrative Tools (Windows Tools on Windows 11) and open Services. Locate Microsoft FTP Service and click Restart service.5

Calculation FTP Site

To a Web Site

If you lot desire to add together FTP server to manage your existing web site remotely, locate your web site node in IIS Manager and:

• Click Add FTP Publishing activeness.
• In Add together FTP Site Publishing wizard:
  • On an initial Binding and SSL Settings step, select Require SSL to disallow non-encrypted connections and select your document.
  • On Authentication and Authorization Information stride, select Bones authentication and make sure Bearding authentication is not selected. Select which users (Windows accounts) y'all allow to connect to the server with what permissions. You lot can choose All users or select just some. Practise non select Anonymous users.
  • Submit with End button.

Advert

Your secure FTPS server is now running and can be connected to.

Standalone FTP Site

If you desire to add a standalone FTP server to store/exchange files, locate Sites node (binder) of your Windows server in IIS Manager and:

• Click Add together FTP Site activity.
• In Add FTP Site magician:
  • On an initial Site Information step, requite a name to your FTP site (if information technology'southward the merely site you are going to have, simple "FTP site" suffice) and specify a path to a folder on your server's disk that is going to be accessible using FTP.
  • On a Bounden and SSL Settings step, select Require SSL to disallow not-encrypted connections and select your certificate.
  • On Hallmark and Authorization Information step, select Basic authentication and make sure Anonymous authentication is not selected. Select which users (Windows accounts) you lot allow to connect to the server with what permissions. You tin can choose All users or select but some. Do not select Bearding users.
  • Submit with Finish button.

Your secure FTPS server is now running and can exist connected to.

Connecting to Your FTPS Server

For connecting to a Microsoft Azure Windows instance, see a specific guide.

Start WinSCP. Login Dialog will announced. On the dialog:

• Select FTP protocol and TLS/SSL Explicit encryption.
• Enter your Windows server hostname to Host name field. Avert using an IP address to allow WinSCP to verify that the hostname matches with host the server'due south certificate was issued to (not applicable to cocky-signed certificates).
• Specify username and password for Windows account y'all desire to connect with (when using domain accounts, yous need to specify a total username with format domain\username).
• You may want to salve your session details to a site then y'all do not need to type them in every time you want to connect. Press Salvage push and type site name.
• Printing Login to connect.
• If y'all are using self-signed document, you will be prompted to accept information technology.

Advertizement

Further reading

• Installing secure FTP server on Microsoft Azure using IIS;
• Installing SFTP/SSH Server on Windows using OpenSSH;
• Upload files to FTP server or SFTP server;
• Automate file transfers (or synchronization) to FTP server or SFTP server.

Source: https://winscp.net/eng/docs/guide_windows_ftps_server

Posted by: holtonthentand.blogspot.com

Share this post