Windows 2019
Sponsored Link

FTP Server : Add FTP Site
2019/09/06
 
Add FTP Site to use FTP file transfer from Client computers.
For example, Configure FTP site to create a local group [FTPGroup] and add local users you allow to use FTP to the group, and also grant read and write authority to the group.
[1] Run PowerShell with Admin Privilege and Configure FTP Service.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# add a group [FTPGroup] for FTP
PS C:\Users\Administrator> New-LocalGroup -Name "FTPGroup" 

Name     Description
----     -----------
FTPGroup

# add users to the [FTPGroup] you allow to use FTP
# add [Serverworld] user to [FTPGroup] as an example below
PS C:\Users\Administrator> Add-LocalGroupMember -Group "FTPGroup" -Member "Serverworld" 

# confirm
PS C:\Users\Administrator> Get-LocalGroupMember -Name "FTPGroup" 

ObjectClass Name             PrincipalSource
----------- ----             ---------------
User        RX-7\Serverworld Local

# add FTP site
# -Name [any name you like]
# -IPAddress [listening IP address] (below is 0.0.0.0 (all))
# -Port [listening port]
PS C:\Users\Administrator> New-WebFtpSite -Name "FTPSite01" -IPAddress "*" -Port 21 

Name             ID   State      Physical Path                  Bindings
----             --   -----      -------------                  --------
FTPSite01        2    Started                                   ftp *:21:

# set physical folder that is used for FTP site
# example below, create a [FTPSite01] folder under the [C:\inetpub\ftproot] that is created by default and set it
PS C:\Users\Administrator> mkdir 'C:\inetpub\ftproot\FTPSite01' 
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name physicalPath -Value 'C:\inetpub\ftproot\FTPSite01' 

# allow no SSL/TLS connection
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.security.ssl.controlChannelPolicy -Value "SslAllow" 
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.security.ssl.dataChannelPolicy -Value "SslAllow" 

# set basic authentication
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.security.authentication.basicAuthentication.enabled -Value $true 

# set read and write authority to [FTPGroup] group
PS C:\Users\Administrator> Add-WebConfiguration "/system.ftpServer/security/authorization" -Location FTPSite01 -PSPath IIS:\ -Value @{accessType="Allow";roles="FTPGroup";permissions="Read,Write"} 

# set external IP address (the one client computers can connect)
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.firewallSupport.externalIp4Address -Value "10.0.0.101" 

# set NTFS access authority to the physical folder
# example below, add full control
PS C:\Users\Administrator> icacls C:\inetpub\ftproot\FTPSite01 /grant FTPGroup:F 
processed file: C:\inetpub\ftproot\FTPSite01
Successfully processed 1 files; Failed processing 0 files

# restart FTP site
PS C:\Users\Administrator> Restart-WebItem -PSPath 'IIS:\Sites\FTPSite01' 
FTP Server : Add FTP Site (GUI)
 
On GUI configuration, set like follows.
[2] Add a local group and add local users to the group you allow to use FTP site.
On this example, Create a [FTPGroup] group and add [Serverworld] user to the group to allow to use FTP site. For creating local user and others, refer to here.
[3] Create a physical folder for FTP site's root path and add access authority for the group added on [2] to the folder. On this example, create a [FTPSite01] folder under the [C:\inetpub\ftproot] that is created by default and set it.
[4] Add FTP Site.
Run [Start] - [Server Manager] and Click [Tools] - [Internet Information Services (IIS) Manager]. Next, Select the [Site] and right click it, then Open [Add FTP Site].
[5] Input any name for [FTP site name], specify physical Path for [Physical path] that you added on [3] section.
[6] This is Binding setting section. It's OK to keep default for IP Address and Port.
For the case of this default setting, FTP service listens on 0.0.0.0:21.
For [SSL] section, Select [No SSL] on this example.
If you'd like to configure with SSL, refer to here.
[7] This is Authentication and Authorization settings section.
On this example, set [Basic] for authentication and [Specified roles or user groups] for Authorization.
[8] For Authorization setting, if selected [Specified roles or user groups], it needs to specify group you allow to access. On this example, set the group created on [2] section.
[9] FTP site has been added. Select the new FTP site on the left pane and click [FTP Firewall Support] on center pane.
[10] Set IP address that client computers can connect to.
That's OK to configure FTP site.
Matched Content