FTP is a famous network protocol to transfer files internally and externally over the TCP protocol. When you have a Windows 2016 or 2019 server on your environment, you may need to set up FTP site and configure proper permissions to make the file transfer simple, faster and secure. The below step by step guide explains how to install and configure FTP service on Windows 2012 R2 (and later versions) servers. Also, the reference links show how to enable FTP incoming packets in the Windows firewall without disabling firewall services completely.
Windows 2012 R2 has Internet Information Services (IIS) version 8.5 with several improvements. The later Windows Server Operating Systems such as 2016 and 2019 has the latest IIS. FTP server settings are available under IIS service, hence the IIS role needs to be installed before setting up FTP site on the Windows server.
Steps to Install and Configure FTP on Windows Server
1) Let us install the web service (IIS) role first.
Open server manager and select Add Roles and Features.
Click Next and select Role-based installation, to install any roles or features on Windows server this should be selected.
Select the local server and click Next.
2) Select Web Server (IIS) and all recommended features in the popup screen as below.
3) It is not required to select any other features in the Features page.
When you reached the Web server Role features, select FTP services and FTP extensibility (optional only) features.
4) Confirm the selection and click Install to start the installation.
Once the FTP server role has been installed, you can access the IIS (Internet Information Services Manager) from server manager from Windows 2012 R2.
5) It will open the IIS settings where you can host the www websites and FTP sites. But for this demonstration purpose, we will create and set up an FTP site only.
Few things you need to consider before implementing an FTP server setup.
- Are you going to use SSL (Certificate) or Non-SSL security settings on your FTP site?
- SSL is more secured and the traffic will be encrypted. But you need to have a valid internal or external certificate for this purpose if you select SSL.
- How users will be authenticated? Is it local or integrated with Active Directory?
- How are you going to manage read-only and write access to your FTP site?
- If the server has multiple network cards and IPs, on which IP do you want to publish your FTP site? Based on these points, you have to bind the FTP service to particular IP (NIC) in Windows server.
Once you have decided above points, go to our earlier guide, which shows how to install and setup FTP on Windows 10 OS. The settings and configuration steps are very similar.
Remember, setting up the permission for your FTP site is very important. Because we do not need to give write access to all users and in most of the time, none of the users should read the files on the FTP site without authentication (that means, no anonymous access).
Must Do Steps
You will be needing to set up and allow FTP traffic through the Windows firewall or any other specific firewall/Antivirus software you have installed. Once you have done all setup, you can check the connectivity, permission and access level by using any FTP client program, like Filezilla.