How To Setup Ftp Windows Server 2016

Documentation » Using WinSCP » Guides » Other »

Installing a secure FTP server on Windows using IIS

You may want to install a secure FTP server on Windows either every bit standalone file storage or to take ways of editing your website hosted on IIS (Net Information Services) web server. In both cases, y'all can use an optional FTP Server component of the IIS. It can be installed standalone or along with a Spider web Server.1

• Installing FTP Server
  • On Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012
  • On Windows Server 2008 R2
  • On Windows Desktop (Windows xi, Windows 10, Windows 8, Windows 7 and Windows Vista)
• Opening IIS Managing director
• Creating Certificate for the FTPS Server
• Servers backside external Firewall/NAT
• Windows Firewall Rules
• Restarting FTP Service
• Adding FTP Site
  • To a Web Site
  • Standalone FTP Site
• Connecting to Your FTPS Server
• Further reading

Installing FTP Server

On Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012

• In Windows Server Managing director get to Dashboard and run Manage > Add Roles and Features.

Advertisement

• In Add Roles and Features wizard:
  • Proceed to Installation Type stride and confirm Role-based or feature-based installation.
  • Proceed to Server Roles step and check Web Server (IIS) role. Note that it is checked already, if y'all had IIS installed every bit a Web Server previously. If your are prompted to install IIS Direction Panel tool, ostend it.
  • Proceed to Web Server Role (IIS) > Role Services step and check FTP Server part service. Uncheck Web Server role service, if you do not need information technology.
  • Proceed to the cease of the wizard and click Install.
  • Await for the installation to complete.

Advertisement

Skip to the next step.

On Windows Server 2008 R2

If you do not accept IIS installed yet:

• In Windows Server Manager go to Roles node and in Roles Summary panel click Add Roles.
• In Add Roles magician:
  • Proceed to Server Roles pace and cheque Web Server (IIS) role.
  • Go along to Role Services pace and bank check FTP Server > FTP Service role service. Uncheck Web Server function service, if you do not need information technology. Make certain Management Service > IIS Direction Console role service is checked.
  • Go on to the end of the wizard and click Install.
  • Wait for the installation to complete.

If you have IIS installed already (i.e. as a Web Server):

• In Windows Server Managing director become to Roles node and in Web Server (IIS) > Role Services panel click Add Part Services.
• In Add together Role Services wizard:
  • Bank check FTP Server > FTP Service part service.
  • Make sure that Management Service > IIS Direction Console is checked.
  • Confirm with Next button.
  • Proceed to the finish of the wizard and click Install.
  • Wait for the installation to consummate.

Advertisement

Skip to the next step.

On Windows Desktop (Windows xi, Windows 10, Windows eight, Windows 7 and Windows Vista)

• Go to Control Console > Programs > Programs and Features > Plough Windows features on or off.
• On a Windows Features window:
  • Expand Net Information Services > FTP Server and bank check FTP Service.
  • Expand Internet Information Services > Web Management Tools and check IIS Management Panel, if it is not checked yet.
  • Confirm with OK push button.
  • Await for the installation to complete.

Opening IIS Manager

• Go to Control Panel > System and Security > Administrative Tools (Windows Tools on Windows 11) and open up Internet Data Services (IIS) Manager.
• Navigate to your Windows server node.

Advertisement

Creating Certificate for the FTPS Server

You need a TLS/SSL certificate to secure your FTP server. Ideally, you should larn the certificate from a certificate authorisation.

You may likewise create a self-signed certificate locally, only in such instance users of your FTPS server volition be warned, when connecting to the server.

To create the self-signed certificate:

• In IIS Manager, open IIS > Server Certificates.
• Click on Create Self-Signed Certificate activeness.
• Specify a certificate name (due east.g. "FTP Server") and submit with OK.

Cocky-signed certificates created by old versions of IIS Manager exercise not work with FTPS clients that cheque for fundamental usage violations.ii To create a document with a correct cardinal usage, use New-SelfSignedCertificate PowerShell every bit an Ambassador:

            New-SelfSignedCertificate            -FriendlyName            "FTP Server"            -CertStoreLocation cert:\localmachine\my -DnsName ftp.case.com

Servers backside external Firewall/NAT

If your server is backside an external firewall/NAT, yous demand to tell the FTP server its external IP address, to allow passive mode connections.

• In IIS Manager, open FTP > FTP Firewall Support.
• Specify your server's external IP address.
  For Microsoft Azure Windows servers y'all will find the external IP accost in Public IP address section of the virtual machine page.

When backside an external firewall, you need to open ports for data connections (evidently in addition to opening an FTP port 21 and possibly an implicit TLS/SSL FTP port 990). You won't probably want to open whole default port range 1024-65535. In such case, you need to tell the FTP server to use merely the range that is opened on the firewall. Use a Data Channel Port Range box for that. Any time you change this range, you will need to restart FTP service. Acquire how to open ports on Microsoft Azure.

Advertisement

Click Utilise activeness to submit your settings.

Some external firewalls are able to monitor FTP control connection and automatically open and close the data connection ports as needed. Then yous do not need to have whole port range opened all the time, even when not in use. This won't piece of work with the secure FTPS as the control connection is encrypted and the firewall cannot monitor information technology.

Windows Firewall Rules

An internal Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535 when IIS FTP server is installed.

The rules are non enabled initially on some versions of Windows.3 To enable or change the rules, get to Control Panel > Arrangement and Security > Windows Defender Firewall4 > Avant-garde Settings > Inbound Rules and locate three "FTP server" rules. If the rules are not enabled, click on Actions > Enable Dominion.

Restarting FTP Service

While the internal Windows firewall is automatically configured to open FTP ports when FTP server is installed, this alter does not seem to apply, until FTP service is restarted. The same is true for changing data aqueduct port range.

To restart FTP service go to Control Panel > Organization and Security > Authoritative Tools (Windows Tools on Windows 11) and open up Services. Locate Microsoft FTP Service and click Restart service.5

Adding FTP Site

To a Web Site

If you want to add FTP server to manage your existing web site remotely, locate your spider web site node in IIS Manager and:

• Click Add FTP Publishing activeness.
• In Add together FTP Site Publishing magician:
  • On an initial Binding and SSL Settings step, select Require SSL to disallow non-encrypted connections and select your certificate.
  • On Authentication and Authorization Information step, select Basic authentication and make certain Anonymous authentication is not selected. Select which users (Windows accounts) yous allow to connect to the server with what permissions. You tin can choose All users or select only some. Do not select Bearding users.
  • Submit with Finish button.

Advertising

Your secure FTPS server is now running and can be connected to.

Standalone FTP Site

If you want to add a standalone FTP server to store/exchange files, locate Sites node (folder) of your Windows server in IIS Manager and:

• Click Add FTP Site action.
• In Add FTP Site magician:
  • On an initial Site Information stride, requite a name to your FTP site (if information technology's the only site y'all are going to take, elementary "FTP site" suffice) and specify a path to a folder on your server'southward disk that is going to be accessible using FTP.
  • On a Binding and SSL Settings step, select Require SSL to disallow non-encrypted connections and select your certificate.
  • On Authentication and Potency Information step, select Basic authentication and brand sure Bearding authentication is not selected. Select which users (Windows accounts) you lot allow to connect to the server with what permissions. You can choose All users or select simply some. Do not select Bearding users.
  • Submit with End button.

Your secure FTPS server is now running and can be connected to.

Connecting to Your FTPS Server

For connecting to a Microsoft Azure Windows instance, run across a specific guide.

Start WinSCP. Login Dialog volition announced. On the dialog:

• Select FTP protocol and TLS/SSL Explicit encryption.
• Enter your Windows server hostname to Host proper name field. Avoid using an IP address to allow WinSCP to verify that the hostname matches with host the server'south document was issued to (non applicable to self-signed certificates).
• Specify username and password for Windows account you want to connect with (when using domain accounts, you need to specify a full username with format domain\username).
• Yous may want to save your session details to a site so you lot practice not need to type them in every time y'all desire to connect. Press Save button and type site name.
• Printing Login to connect.
• If yous are using self-signed certificate, you will be prompted to accept information technology.

Advertising

Further reading

• Installing secure FTP server on Microsoft Azure using IIS;
• Installing SFTP/SSH Server on Windows using OpenSSH;
• Upload files to FTP server or SFTP server;
• Automate file transfers (or synchronization) to FTP server or SFTP server.

Source: https://winscp.net/eng/docs/guide_windows_ftps_server

Posted by: comptonwhicily74.blogspot.com

Share this post