Windows Server 2012 – Install and Configure an FTP Server

KB ID 0000847

Problem

FTP might be an ages old solution for moving files around, but a lot of people swear by it. With Windows Server it’s still supported, even if it is hidden as a ‘role service’.

Solution

Create a Security Group For Domain FTP Access

Note: For a Standalone/Workgroup server see below for setting up users and groups.

1. Launch Server Manager > Tools > Active Directory Administrative Center.

Active Directory Administrative Center

2. New > Group.

Create New Domain Group

3. Give the group a sensible name.

New Domain Group

4. Here I’m going to create a user to test with, in production you would just use the domain users who you want to give access to.

x

5. I will simply create a user called ‘ftpuser’.

Create Domain User

6. Add the domain user(s) to your new security group.

Add Users to Group

7. Create a folder that will be the ‘root’ of your FTP site.

FTP Root Folder

8. Grant your security group rights to this folder (Note: By default they will only get Read rights, you will need to add ‘Write’ if you want your users to be able to ‘put’ files).

Grant Write Rights

Create a Security Group For Workgroup / Standalone FTP Access

1. From Server Manager > Tools >Computer Management.

Launch Computer Management

2. System Tools > Local Users and Groups > Groups.

Create Loacal Users

3. Give the group a sensible name.

Create Users

4. I’m going to create a test user called ftpuser, this is done in Local users and groups > Users.

User Password

5. Place the user(s) you want to grant access to, into your local security group.

User Properties

6. Crete a folder that will be the ‘root’ of your FTP site and open its properties.

Folder Properties

7. On the security Tab > Advanced > Grant your security group rights to this folder (Note: By default they will only get Read rights, you will need to add ‘Write’ if you want your users to be able to ‘put’ files).

Enable FTP Put

Windows Server 2012 Install FTP

1. From Server Manager > Tools > Add Roles and Features.

dd Roles and Features

2. Next.

Skip Page

3. Next

Role or Feture Based

4. Next

Services Selection

5. Select Web Server (IIS) > Select Add (when prompted) > Next.

Instal IIS 2012

6. Next

Role Features

7. Next

Web Server IIS

8. Locate and Select FTP Server AND FTP Extensibility > Next.

FTP Extensibility

9. Install

Confirm Install

10. Close.

Reboot post install

11. Reboot the server. This is because some of the firewall settings have a habit of not enabling until the server has restarted, this does not happen all the time, so you may be lucky and not need to reboot. But I’m a firm believer in ‘If something can go wrong, it will go wrong’.

Reboot 2012

Windows Server 2012 Configure FTP

1. Windows Key > Internet Information Services (IIS) Manager.

IIS Manager

3. Expand the servername > Right click ‘Sites’ > Add FTP Site.

Add FTP Site 2012

4. Give the site a name > Browse to the folder you are going to use as the FTP ‘root’ folder > Next.

PAth to FTP Root

5. Select No SSL (I’m not going to secure the site with web certificates) > Next.

FTP Enable SSL

6. Authentication = Basic > Allow Access to = Selected roles or user groups > Permissions = Select read and write as appropriate > Finish.

Allow group FTP Access Server 2012

7. Windows Key+R > firewall.cpl > Allow an app or feature through Windows Firewall.

Allow FTP through firewall 2012

8. Ensure FTP Server is allowed for the ‘profile’ that your network card has been allocated.

Firewall Settings for FTP

9. Advanced Settings.

2012 Network and Sharing Center

10. Incoming Rules.

Server2012 Incoming Rules

11. There should be three FTP Settings, by default they should be enabled (for FTP Port 21, Passive Ports, and Secure FTP / TCP 990).

2012 Firewall FTP Settings

Windows 2012 FTP Server – Testing Access

1. You can test the firewall is open by opening a telnet session to the server on port 21;

telnet {ip address or name of server} 21

TestPort 21 with Telnet

2. This is what you should see (or in some cases a blinking cursor, if you are going through a firewall or device that suppresses response headers).

220 Microsoft FTP Service

3. Or you can use a web browser and navigate to ftp://{ip address or name of the FTP server}.

Test FTP with web browser

4. Or from command line you can use the direct ftp command like so;

ftp {ip address or name of server}

Command Line FTP commands

Windows 2012 FTP Server – Testing External Access

To access the server externally (from the internet), requires your remote users to know either the public IP address or the public name of the server. In addition FTP (TCP Port 21) needs to be open to that IP address. This can be done by giving the server its own public IP address, or by Port Forwarding FTP from your public IP address to the private IP address of the FTP server. How that is done will differ depending on your firewall or router.

Note: If you have a Cisco Firewall, I’ll put the links you require on the bottom of the page.

1. Here I’m on an external machine, and I’m using FileZilla (a free FTP client) to connect to my FTP server.

FTP Quickconnect

2. Just to test I’ll drag a file to the FTP server, to make sure I can write/put files.

Directory Listing Successfull

3. Here is the file uploaded.

Using FileZilla

4. Back on the server, in the ‘root’ folder you can see the file successfully uploaded.

sucessfull ftp transfer

 

Related Articles, References, Credits, or External Links

Cisco Firewall (ASA/PIX) – Granting Access to an FTP Server

Cisco PIX / ASA Port Forwarding

Add a Static (One to One) NAT Translation to a Cisco ASA 5500 Firewall

Author: Migrated

Share This Post On