Vous êtes sur la page 1sur 12

Install FTP Server on IIS of Windows Server

FTP (File Transfer Protocol) allow clients to transfer/download/upload their files using File
Transfer Protocol. FTP is very useful for Shared Hosting Service providers, Internet Service
providers etc. to allow their clients to upload/download/transfer files through FTP. In Windows
Server 2008 R2 Microsoft FTP 7.5 is available as Role Service for Web Server (IIS 7.5). FTP
7.5 is tightly integrated with Web Server (IIS 7.5). Before installing FTP make sure Web
Server (IIS) is installed, refer Install IIS on Windows Server 2008. In this article we are going to
see how to setup a shared FTP Server for allowing clients of a Shared Web Server to transfer
contents of their websites.
Install FTP for IIS 7.5 on Windows Server 2008 R2
Click Start >> Administrative Tools >> Server Manager. In the Server Manager hierarchy
pane expand Roles and then click on Web Server (IIS).

Click on Add Role Services which will launch Select Role Services window as shown below.
Select FTP Service and FTP Extensibility services from the list. Click Next.

On Confirm Installation Selections page click Install.

On Installation Results page click Close to exit the Add Role Services wizard.

Check Firewall Rules to Allow inbound FTP Traffic
After installation of FTP Server make sure that there are Inbound firewall rules in place to allow
inbound FTP traffic. To check this follow below steps:
Click Start >> Administrative Tools >> Windows Firewall with Advanced Security and then
click on Inbound Rules and check if three inbound firewall rules exists as highlighted in below
1. FTP Server (FTP Traffic-In): This rule allows inbound traffic on TCP port 21 for FTP
2. FTP Server Passive (FTP Passive Traffic-In): This rule allows inbound traffic on TCP
ports greater than 1023 for FTP Service. This is required for FTP Service to work in
passive mode.
3. FTP Server Secure (FTP SSL Traffic-In): This rule allows inbound traffic on TCP port
990 for FTP Service over SSL.
If these rules doesnt exists then create them.

Create a FTP Site using the FTP Site Wizard
We installed FTP for IIS 7.5 and also checked/created firewall rules to allow inbound traffic
necessary for serving FTP services. However without creating a FTP Site, the FTP Server
doesnt listen on port 21 and you can not connect to the FTP Server. Now we will create a
Default FTP Site.
Click Start >> Administrative Tools >> Internet Information Services (IIS) Manager.
Expand the Server from server hierarchy pane and then expand sites.
Right click on Sites and then click on Add FTP Site

Add FTP Site: FTP Site Information
FTP site name: Enter the name of this FTP Site.
Physical path: Select the physical folder from where contents to FTP Users will be
served. This is called root of the FTP Server. I choose %systemdrive%\inetpub\ftproot.
Click Next.

Add FTP Site: FTP Binding and SSL Settings
IP Address: Select IP address from the drop down list on which FTP Server will work.
Select All Unassigned to allow it to work on all IP addresses.
Port: Enter TCP port number on which this FTP Server will listen on. Default FTP port is
Enable Virtual Host Names: To bind a host name with this FTP site enable this option
and then specify host name e.g. ftp.gopalthorve.com.
Start FTP site automatically: Select this option to start this FTP site automatically.
SSL: Select No SSL option. We will implement SSL feature some time later.
Click Next.

Add FTP Site: Authentication and Authorization Information
Authentication: Select Basic because we want to use Windows built-in authentication
method that requires users to provide valid Windows username and password to gain
access to contents. Later we will configure FTP User isolation to restrict users to their
respected folders.
Allow access to: Select Specified roles or user groups from the drop down list and then
enter the name of group which holds all FTP Users (as we discussed in Local Users, local
group and local security policies on Windows Server 2008). In my case the group is
Permissions: Select both Read and Write.
Click Finish to add the FTP Site.

Planning directory structure for FTP Server
The FTP Server we setup above allows all clients to logon to the FTP Server and all FTPUsers
are granted access of the ftproot folder (i.e. %systemdrive%\inetpub\ftproot). As we are going to
configure a shared FTP Server to allow customers of a Shared Web server to manage contents of
their websites and accounts, the directory structure must be planned accordingly. Directories
must be organized in such a way so that we can easily manage and allow clients to access their
respective directories only. I have designed a directory structure as given below for my shared
FTP Server.

Parent Directory (%systemdrive%\HostingSpaces)
The parent directory which will contain sub-folders for each customer. I created
%systemdrive%\HostingSpaces directory which will hold a sub-directories in it for each of
NTFS Permissions for this directory:
1. Remove inheritable permissions from parent on %systemdrive%\HostingSpaces
2. Grant permissions to SYSTEM, Administrators on this object.
Clients Home Directory (client1, client2 etc.)
Each shared hosting customer will have its own directory created under the parent directory and
each directory must be named after Windows Local User account name created for that particular
customer. Initially I have two customers respectively client1 and client2 and hence I created
two directories client1 and client2 in parent directory (%systemdrive%\HostingSpaces), also
create two Windows Local User account client1 and client2 and add them to FTPUsers group as
discussed in Local Users, local group and local security policies on Windows Server 2008. Each
clients home directory must be given read/write permissions to that specific customer user
account e.g. client1s home folder is client1 and it must be given read/write permissions to user
NTFS Permissions for these directories:
1. It must inherit permissions from its parent i.e. %systemdrive%\HostingSpaces
2. Each client must be granted access to its directory i.e. client1 user account must have
Modify, Read & Execute, List folder contents, Read, Write permissions on its home
directory client1.
Content Directories
Client can upload anything to this directory. By default it contains clients hosted domains here
i.e. client1domain1.com, client1domain2.com etc., which will further hold website contents in
wwwroot directory, data in data directory and logs in logs directory.
FTP User Isolation
The FTP Site we recently created (Default FTP Site) allows each client session to start in the root
directory of FTP Site i.e. %systemdrive%\inetpub\ftproot, because there is not FTP User
Isolation configured on this FTP Site so far. By default FTP Site is configured to Do not isolate
users. Start users in: FTP root directory which allows every ftp session to start in ftp root
directory of the FTP Site.
We want to configure FTP Site such that each customer account must have access to its own
folder only and each customers FTP session must start in its own home (root) folder named
after its username. Microsoft FTP support one such FTP User Isolation mode called Isolate
users. Restrict users to the following directory: User name directory (disable global virtual
directories). This mode requires us to create a folder named LocalUser under root of the FTP
Site (%systemdrive%\inetpub\ftproot\LocalUser) which will further contain customers home
folder (i.e. client1, client2 etc.). However I dont want to put customers folder in
%systemdrive%\inetpub\ftproot\LocalUser folder instead I want to put all those folders in
%systemdrive%\HostingSpaces folder. To accomplish this we will need to create a Virtual
Directory called LocalUser under recently created FTP Site which will point to physical folder
%systemdrive%\HostingSpaces folder. To create Virtual Directory follow below steps:
Create Virtual Directory
1. Start Internet Information Services (IIS) Manager. (Start >> Administrative Tools >>
Internet Information Services (IIS) Manager)
2. Expand Sites
3. Right click on Default FTP Site we created recently and then click Add Virtual
4. Alias: Enter LocalUser in this text box, remember to type with exact case it must be
LocalUser with capital L and U.
5. Physical path: Select physical path where this virtual directory will point to i.e.
6. Click OK to create Virtual Directory.

Finally configuring FTP User Isolation
1. Start Internet Information Services (IIS) Manager. (Start >> Administrative Tools >>
Internet Information Services (IIS) Manager)
2. Expand Sites
3. Click on Default FTP Site we recently created.
4. Double click FTP User Isolation in feature view window in the middle.
5. In Isolate users. Restrict users to the following directory: section select User name
directory (disable global directories) option.
6. Click Apply button to save changes.

Testing FTP Server
We have successfully setup FTP Server and now its time to check if everything is working fine.
We can check FTP Server connectivity either using ftp command or using any FTP Client like
FileZilla Client.
Testing FTP Server using ftp command:
1. Open Command Prompt
2. Type ftp at command prompt.
3. Type o on the ftp prompt. Use IP address on which your FTP Server is
configured to listen on. If All Unassigned is used you can use any IP address of your
system as well as you can also use localhost.
4. Type FTP User name e.g. client1.
5. Type Password for the FTP User e.g. password for user client1.
6. If everything works fine then you will get the response 230 User logged in.
7. Type dir command and you will get directory listing of client1 home folder.
8. Type cd client1domain1.com command and current working directory (CWD) changes
to client1domain1.com
9. Type pwd command to know the current working directory.
10. Type put command to upload local file to FTP Server. When prompted for local file
name enter entire file name along with path. When prompted for remote file simply press
enter to upload file with same name or enter new name for file on FTP Server.
11. Type recv command to download file from FTP Server. When prompted for remote file
name enter name of the file to download and when prompted for Local file enter path
where you want to download the file.
12. Type dele file_name command to delete file from FTP Server, replace file_name with
name of the file to be deleted.
13. I have pasted a sample command session with my recently configured FTP Server.
ftp> o
Connected to
220 Microsoft FTP Service
User ( client1
331 Password required for client1.
230 User logged in.
ftp> dir
200 PORT command successful.
125 Data connection already open; Transfer starting.
06-06-12 07:37PM <DIR> client1domain1.com
06-06-12 07:37PM <DIR> client1domain2.com
226 Transfer complete.
ftp: 118 bytes received in 0.00Seconds 118000.00Kbytes/sec.
ftp> cd client1domain1.com
250 CWD command successful.
ftp> put
Local file c:\help.txt
Remote file
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
ftp: 5866 bytes sent in 0.02Seconds 244.42Kbytes/sec.
ftp> recv
Remote file help.txt
Local file d:\help.txt
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
ftp: 5866 bytes received in 0.00Seconds 5866000.00Kbytes/sec.
ftp> dele help.txt
250 DELE command successful.
Checking FTP Server using FileZilla FTP Client
We can also check FTP Server by using GUI based FTP client like FileZilla Client. Simply
download the FileZilla Client and then install, after installation launch FileZilla.
1. Host: Enter IP address on which your FTP Server is listening on.
2. Username: Enter FTP Username e.g. client1
3. Password: Enter password for FTP User
4. Port: Enter FTP Port default is 21.
5. Click Quickconnect button.
6. Once connected you can download/upload/delete contents simply drag and drop

So thats it for FTP Server for now. As far as more FTP Server settings are concerned I will be
putting it under comments area of this article. Later we will see how to create website in IIS 7.5.