Build an FTP site on Windows Server

Page creation date :

At first

Provides setup instructions for operating an FTP server on Windows Server.

Caveats

Avoid exposing ftp servers as they are on the Internet, because just building an FTP server doesn't encrypt your communications. If you use it, we recommend that you use it in a closed space as much as possible, such as an intranet. We recommend that you use SFTP, FTPS, and so on to publish ftp servers, such as on the Internet.

environment

Windows Server
  • Windows Server 2019

Currently, in Windows Server 2008 and later, other versions of Windows Server have much the same setup.

precondition

The contents introduced here assume the following conditions.

  • Basic authentication only (not encrypted)
  • Because it is not SFTP, I do not use a private key etc.
  • Since it is not FTPS, ssl etc. are not used.

Create an account with an FTP connection

Ftp accounts are treated as Windows user accounts. Therefore, you need to create a user on Windows. Passwords accessed via FTP are also registered with a Windows user account.

Right-click Start Menu and select Manage Computers.

Right-click Users and select New User.

Specifies the user name and password to use when connecting via FTP. The user name is "FtpUser", but since it is created for Tips, please enter the user name and password according to the operation when creating it in production. Depending on your Windows Server settings, you may not be able to register a simple password.

Since ftp users are not allowed to log in to Windows, "Users cannot change their passwords" and "Make passwords indefinite" are checked.

Prevent users from logging on to Windows because they are only used with FTP connections. Double-click the user you created.

Select the "Groups you belong to" tab and delete Users.

If you want to create multiple accounts, you need to create multiple Windows user accounts.

Create folders to use for FTP destinations

Creates a folder to upload or download when connected via FTP. You create a physical folder in Windows.

You can create it anywhere you want. Even if you create multiple FTP accounts, you can create one root folder, create a folder for each user internally, and assign permissions. (There are other ways to do it, but it will be long, so it will be discounted)

Here we are creating "C:\FtpFolder\".

Set permissions to allow ftp accounts to access files in folders. Open the folder properties that you want to use for FTP, and then click the Edit button from the Security tab.

Click the "Add" button.

Enter your account name "FtpUser" and click the confirm name button. If there are no errors, click the OK button.

Select the account you registered and allow the "Change" permission.

Just in case, make sure you have a file in place to make sure you're connected properly when you connect via FTP.

Build an FTP server

Install the FTP server role on Windows Server.

Run Server Manager.

Click Add Roles and Features.

Click Next.

Make sure role-based or feature-based installation is checked, and then click Next.

Verify that the server on which you want to install the FTP server role is selected, and then click Next.

Check web server (IIS).

A confirmation dialog will be displayed, and click the "Add Function" button. After you add IIS, click Next.

On the "Select Features" screen, click "Next" without doing anything.

Click Next.

Check ftp server. Also, the Web server is initially checked, so uncheck it if you don't need to publish the Web site.

When you are done, click the "Install" button.

Wait for the installation to complete. Close the screen when the installation is complete.

Building ftp sites

I just installed the FTP feature and still can't access the FTP site. In this section, you'll build an FTP site.

From Server Manager, select the Tools menu and select Internet Information Services (IIS) Manager. By the way, IIS can be opened from other places, such as the Start menu.

Right-click Sites and select Add FTP Site.

Set the FTP site name arbitrarily. FtpTest is used here. Physical Path specifies the folder path (C:\FtpFolder) for FTP that you created previously.

Leave the bindings as they are. Since ssl is not used this time, check ssl as "no".

Since authentication is required for accounts, check only "Basic".

For approval, enter FtpUser to select and access the specified user, since only the FtpUser account will be accessed this time. If you want to allow more than one account, enter it as a comma separate. You can change this setting later from ftp approval rules.

Check read and write permissions.

Check your firewall

If you do the previous settings correctly, you do not need to set up the firewall, but be sure to check it.

From Server Manager, select the Tools menu and choose Windows Firewall with added security. (You can also open it from the start menu, etc.)

Select "Rules of Reception",

  • FTP server (FTP traffic inbound)
  • FTP server security (FTP SSL traffic inbound)
  • FTP Server Passive (FTP Passive Traffic Inbound)"

Make sure that there is.

Restarting the FTP service

Immediately after setup, the FTP settings are not reflected, so restart the service. (Windows can also be restarted.)

Restart the Microsoft FTP Service from the service.

Ftp connection confirmation (active mode)

Try to make sure that other PCs can access it via FTP. If you can connect via FTP, you can use tools, etc. In the figure, it is accessed using the FTP command. For more information, see ftp commands. Here are a few simple steps:

In addition, I uploaded the "C:\Temp\a.txt" file as a test for uploading and downloading and downloaded it to "C:\Temp\a2.txt".

  1. Launch command prompt (or PowerShell)
  2. Type ftp to start using the FTP command
  3. Connect to server with "open <server name>"
  4. Enter a user name
  5. Enter password
  6. "ls" command displays a list of files and folders in the root folder
  7. Check the current current directory with the "pwd" command
  8. Upload files with the "put" command
  9. Download files with the "get" command
  10. Disconnect FTP with quit

Client folder results

Server folder results

Commandsthat contain retrievedinformation, such as ls , put , and get, may ask for firewall permission or time out by the firewall. This is because the server accesses the client by connecting FTP in active mode. If you continue to access in active mode, you must allow ftp .exe (32bit or 64bit) at the client-side firewall or connect in passive mode.

Ftp connection check (passive mode)

For Windows, the FTP command cannot connect in passive mode, so check with a tool called WinSCP. (Any tool that can use passive mode is fine.)

First, enter access information to the FTP server.

Open the settings and verify that passive mode is enabled.

Make sure you can connect.

About active and passive modes

I think that it is easier to understand the difference between active mode and passive mode by looking at the net etc. To make a simple difference, active mode accesses arbitrarily determined ports from the server to the client. Passive mode accesses arbitrarily determined ports from the client to the server. Therefore, depending on the mode, either of them must release access at the firewall.

Summary

You can now set up an FTP server on Windows Server. Ftp communication is not encrypted at this time. I would also like to introduce FTPS, which can communicate encrypted, in a separate article.

SFTP, an encrypted communication using a private key, is introduced on this page.