How to setup FTP server / users on Windows 2012 R2

Introduction

This tutorial should assist with creating FTP server on Windows 2012 R2 – Depend on your version – Your setting might be slightly different.

Even there are too many free third-party tools like Filezilla that provide a client access to FTP serve..

Here you have the steps I followed to set up my FTP server in Windows 2012 R2.
The steps below assume you are using IIS 8.5 that comes by default with Windows 2012 R2

Prerequisites

  • A Windows 2012 R2 server.
  • An administrative account.

1- Enable Web Server (IIS) role and FTP Server role service.

  1. Log in to the server by using an administrative account
  2. Open Server Manager
  3. Go to Manage > Add Roles and Features
  4. Click Next
  5. Select Role-based or feature-based installation
  6. Click Next
  7. Select Select a server from the server pool, and select your server
  8. Click Next.
  9. Scroll down and put a check mark in Web Server (IIS)
  10. An Add features window pops up. Put a check mark in the Include management tools (if applicable) option
  11. Click Add Features button
  12. Click Next
  13. Click Next
  14. Click Next
  15. Scroll down and put a check mark in: FTP serverFTP Service and FTP Extensibility.
  16. Click Next
  17. Click Install
  18. When installation is finished, click Close

2- Create FTP users

You need to create users in Windows in order to be able to use FTP services.
You can use either local or domain users.
In this case, I will create some local users.
The only thing that changes if you use domain users is, when you log in to FTP, you must use the domain/account format.

  1. In Server Manager go to Tools
  2. Click Computer Management
  3. Click Local Users and Groups
  4. Click Users
  5. In the center pane, right-click a blank area and then select New User…
  6. Enter the username information and click the Create button
  7. Create as many usernames you need here.

Optionally, you can create a group that contains all the FTP users in the Groups folder and add the users you created above.

3- Configuring FTP global IIS settings.

You need to configure some global settings for your IIS server before creating your FTP site.
It is very easy, follow the steps below:

  1. In Server Manager go to Tools
  2. Click Internet Information Services (IIS) manager.
  3. In the left pane, double-click the server icon (in the tree below the option Start Page)
  4. If a window pops up asking about Microsoft Web Platform, select Do not show this message, and click the No button
  5. In the center pane, double-click the FTP Authentication icon
  6. If you want to allow anonymous users,right-click Anonymous Authentication and set it to Enable.
  7. To allow access to the windows users you created in Part Two above, right-click Basic Authentication and set it to Enable.
  8. In the left pane, double-click the server icon.
  9. Double click the FTP Authorization Rules option
  10. Delete all rules in the center pane.
  11. After all rules have been deleted, right-click a blank area in the center pane and select the option Add Allow Rule…
  12. Click the option Specified users.
  13. In the text box type the usernames (separated by commas) you created in Part Two above.
  14. Check either the boxes Read or Write depending the access you want to grant to the user or group of users you are adding.
  15. Click the OK button
  16. Repeat steps 8 to 15 if you want to add more users with different Read / Write permissions.

4- Creating FTP site.

  1. Open Windows Explorer
  2. Navigate to C:\inetpub\ftproot
  3. This is the default local folder where the FTP directory tree will be saved
  4. You can create your own folder in another directory or hard drive if you want.
  5. Create your own folder at this point if it is desired.
  6. Open Server Manager
  7. Go to Tools
  8. Click on Internet Information Services (IIS) Manager
  9. In the left pane, right-click the server icon (in the tree below the option Start Page)
  10. Click Add FTP Site
  11. In FTP site name type a friendly name for your site. (My FTP Site  for example)
  12. In Physical path browse to the folder you creates in steps 2 to 5
  13. Click Next
  14. In IP Address, click the drop down menu, and select the server’s IP address you want to assign to the site
  15. Port remains as 21 by default. You can change it if you want.
  16. Ensure the option Start FTP site automatically is checked
  17. Select the No SSL option if you are nor required to use certificates. Otherwise, select one of the other options.
  18. Click Next
  19. In the Authentication section, put a check mark in Anonymous If you want to allow anonymous users.
  20. Put a check mark also in Basic to allow access to users created in Part Two.
  21. In the Allow access to: drop down menu, select: Specified Users
  22. In the text box type the usernames of the users you created in Part Two.
  23. Check the box Read to grant read access to users.
  24. Check the box Write to grant write access to users.
  25. Click Finish

5- IIS Firewall setup.

  1. In Server Manager go to Tools
  2. Click Internet Information Services (IIS) manager.
  3. In the left pane, double-click the server icon (in the tree below the option Start Page)
  4. In the center pane, double-click the FTP Firewall Support icon
  5. In the Data Channel Port Range box, make sure the value is 0-0 to use the default port range.
  6. Or, you can change it if you want by your own set of ports.
  7. Click Apply
  8. Close Internet Information Services (IIS) Manager

6- Windows Firewall setup.

By default, all exceptions needed for FTP are added to the Windows Firewall at the time you enable the FTP Server role.
Anyway, for troubleshooting purposes, I will show the configuration that needs to be in place in order to allow FTP traffic in your server.

  1. Open Server Manager
  2. In the left pane, click Local Server
  3. In the right pane, click the hyperlink beside the Windows Firewall option. It should say Public:On  (or Off).
  4. The Windows firewall window opens. In the left pane click Advanced Settings
  5. The Windows Firewall with Advanced Security window opens. In the left pane click Inbound Rules.
  6. In the right pane, verify there’s a rule called FTP Server (FTP Traffic-In)
  7. Double click this rule.
  8. In the General tab, verify the option Enabled is checked.
  9. Go to the Protocols and Ports tab.
  10. Verify the Protocol type is TCP and the Local port value is 21.
  11. Go to the Advanced tab
  12. Make sure the profiles: DomainPrivate and Public are checked.
  13. Click OK button
  14. Execute the same validation in steps 7-13 for the FTP Server Passive (FTP Passive Traffic-In)rule. Except that the local port value in this rule should be1024-65535
  15. Execute the same validation in steps 7-13 for the FTP Server Secure (FTP SSL Traffic-In) rule.Except that the local port value in this rule should be 990
  16. In the left pane, click Outbound Rules
  17. Execute the same validation in steps 7-13 for the FTP Server (FTP Traffic-Out) rule. Except that the local port value in this rule should be 20
  18. Execute the same validation in steps 7-13 for the FTP Server Secure (FTP SSL Traffic-Out) rule. Except that the local port value in this rule should be 989
  19. Close all windows.

 7- Testing

  • The last part is to test your work.
  • Make sure you can connect to the FTP service, first from the local machine and then form a remote computer.
  • Try to log in, put files, get files, show folder contents, etc