Install and Configure FTP on Windows 2012 R2, Allow Incoming FTP Traffic in Firewall

FTP is a famous network protocol to transfer files internally and externally over TCP network. When you have a Windows 2012 R2 server in your environment, you may need to setup FTP site and set permissions to make the file transfer simple, faster and secure. The below step by step guide explains how to install and configure FTP on Windows 2012 R2 server, also shows how to enable FTP incoming packets in the Windows firewall without completely disabling firewall services.

We have already published a guide about installing and configuring FTP in Windows 8 or 8.1, when you have it on 2012 R2 server, it act professionally on server hardware and Operating System.

Windows 2012 R2 has come with Internet Information Services (IIS) 8.5 with several improvement. FTP sites and options are available under IIS settings in Windows 2012 R2. IIS 8.5 role needs to installed before setting up FTP site/service on the latest Windows server.

Steps to Install and Configure FTP on Windows 2012 R2 Server

1) Let us install the web service (IIS) role first.
Open server manager and select Add Roles and Features.

select Add Roles and Features

Click Next and select Role-based installation, to install any roles or features on Windows 2012 R2 server this should be selected.

role based installation

Select the local server and click Next.

Read Also: By any time if you have forgotten the administrator or your password, this tool would be helpful to reset in 2 minutes.

2) Select Web Server (IIS) and all recommended features in the popup screen as below.

select iis8.1

3) It is not required to select any features in the Features page.

When you reached the Web server Role features, select FTP services and FTP extensibility (optional only) features.

select ftp services

4) Confirm the selection and click Install to start the installation.

Once the FTP server role has been installed, you can access the IIS 8.5 (Internet Information Services Manager) from server manager form Windows 2012 R2.

Open IIS in Windows 2012 R2

5) It will open the IIS settings where you can host websites and FTP sites. But here we will be creating and setting up FTP site only in Windows 2012 R2 Server.

Few things you need to consider before implementing FTP server setup.

a) Are you going to use SSL (Certificate) or Non SSL security settings in your FTP site?. SSL is secured and the FTP traffic will be encrypted. But you need to have a valid internal or external certificate for this purpose if you select SSL.

b) How users will be authenticated? is it local or integrated with Active Directory?

c) How you are going to manage read only and write access to your FTP site?

d) If the server have multiple NICs and IPs, on which IP you want to publish your FTP site? based on that you have to bind the FTP service to particular IP (NIC) in Windows 2012 R2 server.

Once you have decided above points, go to our earlier guide which shows how to install and setup FTP on Windows 8.1 OS. The settings and configuration steps are very similar.

Remember, setting up the permission of your FTP site is very important. Because we may no need to give write access to all users and in most of the time none of the users should read/see what is on the FTP site without authentication ( that means, no anonymous access)

ftp access in Windows 2012 R2

You will be needing to setup and allow FTP traffic through the Windows firewall or any other specific firewall/Antivirus software you have installed.  Once you setup the FTP site, you can check the every permission and access level with any FTP client program, like Filezilla.

1 thought on “Install and Configure FTP on Windows 2012 R2, Allow Incoming FTP Traffic in Firewall”

  1. Yeah, this and every website like this DOES NOT WORK! Re loaded OS, IIS and FTP roles over and again, reloaded AD re did network shares etc. So let me break it down like this…

    I have a HOST SERVER (SERVER01) and it has a RAID5 that is immense and should hold all data redundantly (inetpub, etc.)

    It HOSTS 2 VM’s! (Server01A, and Server01B)

    Server01A – DNS, DHCP, AD (Regular old AD)

    Server01B – IIS (WWW, FTP, Murmur voice chat)

    I have ALREADY LEARNED NOT TO ATTEMPT TO ‘USE A MAPPED DRIVE FOR HOSTING!’ (If you think your IIS truly understands “P:…….” you’re wrong. It will ONLY REACT POSITIVELY TO “\SERVERNAMESHARED-DIR” so, time for you to stop chasing your tail over that, now….

    The problem is, my UNC (the Raid5 on Host box) Has FTP Read/Write through IIS on the VM, you can read and execute… no issues…. You are an ADMINISTRATOR (or DOMAIN ADMIN) and you FTP in (e.g. you are PART of a group (OU) that can work on the domain AND in a separate FTP group for the ppl I only want to give Up and download access to) no worries. You log in, download, upload to the folder (and amongst ALL folders I mean… you ARE an ADMIN)

    You log in as Joe-Average, FTP schmuck… You may read and execute… YOU CANNOT WRITE TO THIS NON-INHERITING COMPLETELY SEPARATED FOLDER THAT HAS ‘Everyone’ AUTHORIZED WITH A $100 BILL PINNED TO ITS ASS SCREAMING ‘VICTIM HERE! VICTIM HERE!!’ ACROSS MY NETWORK AND OUT MY FIREWALL…

    I have changed Shares, Permissions, ACLs, Inheritances, I have read and re read MCSA books etc and WTF….
    WHY!?!?!?!?!

Comments are closed.