Installing a Secure FTP Server on Windows using IIS

Installing a Secure FTP Server on Windows using IIS

Installing a secure File Transfer Protocol (FTP) server on Windows might be useful for storing files locally or for making changes to a website housed on an Internet Information Services (IIS) web server. In any case, you have the option of making use of a component of the Internet Information Services (IIS) that is known as the FTP Server.

Files can be transferred from one system to another using a protocol called FTP, which is also known as a File Transfer Protocol. On the other hand, the Secure File Transfer Protocol (SFTP) is a component of the SSH protocol, which fundamentally supplanted Telnet as well as the previous Rlogin. Using Internet Information Services (IIS) on a Windows server, this tutorial will show you how to configure a secure FTP server.

What does FTPS stand for?

The File Transfer Protocol Secure (FTPS) relies on SSL (Secure Sockets Layer) to encrypt communications between the client and the server. SSL makes use of certificates as a means of establishing the identity of a message’s sender and adding an extra degree of safety to communications that are transmitted across private or public networks (Internet).

Putting IIS and FTP Server features into operation

IIS is normally configured to be installed automatically on Windows Servers; however, the FTP server feature is typically configured to be disabled automatically. Because of this, the first thing you need to do is enable FTP server features. To activate the FTP server function on Windows Server 2022, Windows Server 2019, Windows Server 2016, or Windows Server 2012, please follow the procedures below:

  • Launch Manage >> Add Roles and Features by going to the Dashboard in Windows Server Manager and selecting that option.
  • While using the Add Roles and Features wizard, go to the step under “Installation Type” and select either “Role-based” or “Feature-based” installation.
  • Move on to the next stage, which is called Server Roles, and make sure the Web Server (IIS) role is selected. It is important to note that the box is already checked if you have previously had IIS installed as a Web Server. Confirm the installation of the utility known as the IIS Management Console if you are prompted to do so.
  • Navigate to the Web Server Role (IIS) >> Role Services step, and then verify that the FTP Server role service is active. If you do not require the Web Server role service, deselect the checkbox that enables it.
  • Confirm your installation by clicking “Next”. then continue with the installation, and wait for it to finish.

How exactly can I create SSL certificate?

This SSL certificate contains information about the server identity as well as the encryption mechanism that was used when the secure connection was initially established. Using certificates, end users can verify the legitimacy of a remote system more easily and conveniently.

You have the option of generating one of the following three distinct sorts of certificates, depending on the particulars of your circumstance:

  1. Certificates that bear the signature of a Certification Authority These are the kinds of certificates that are utilized in production servers as well as when users connect to the server from outside the network (NAT and firewall) over the Internet. FTP clients can rest easy knowing that the server they are connecting to is who it purports to be thanks to certificates that have been signed by a Certificate Authority.
  2. Certificates for a Domain are certificates that can only be used within an organization (across different domains), and they are signed by the certificate authority of the organization. Users who are already a part of the domain will not be presented with any form of a cautionary message; nevertheless, users who are not a part of the domain will be presented with such a notification.
  3. Next, is the self-signed website which is possible for internal websites to make use of certificates that have been self-signed; however, the customer will always be given a warning regarding the possibility of the website making use of such certificates. Creating your own form of identity is comparable to signing your own name on a certificate. You are aware that the identification card is authentic; nonetheless, other individuals will not be able to verify that it belongs to you unless it was produced by an authorized party.

IIS’s assistance with the creation of SSL certificates

IIS allows you to generate a certificate that is self-signed, as well as a certificate for your domain. If you want to enable FTPS connections from users who are situated outside your company, however, you will need a certificate that has been signed by a CA. 1.

  1. IIS Manager can be started by selecting it from the list of administrative tools that is currently available. In addition, you can start the IIS Manager on your computer by typing “inetmgr” into the “Run” function that is located on your machine.
  2. While in the IIS manager, choose the connection (or server) you want to work with, and then go to the “Server Certificates” menu option.
  3. Generate a certificate that you have signed yourself by going to the Actions menu on the right-hand side of the IIS Manager and selecting the option that says “Create Self-Signed Certificate.”
  4. Give it a name that will be familiar to others, and then click the Ok button when you are finished.
  5. Keep in mind that even though your self-signed certificate doesn’t pose a risk, none of the web browsers or FTP clients are aware of its existence; as a result, your FTP clients will issue a warning about it. This is the case even though your self-signed certificate ought to be entirely safe for use.

Creating a certificate for an existing or new domain

A domain certificate is required for you to use the FTPS server that is a component of your domain. If you wish to use the server, you must first obtain a domain certificate.

  1. Select “Server Certificates” from the menu, and then select “Create Domain Certificate” from the drop-down menu that appears.
  2. You will be required to supply information on your Distinguished Name (DN) to enroll and create a Certificate Signing Request (CSR).
  3. In the “Common name” box, enter the Fully Qualified Domain Name (FQDN) of the computer or web server you are working with.
  4. When filling out the Organization section, be sure to use the official name of your company.
  5. When you are filling out the Organization Unit (OU), please use the appropriate department or area (optionally for Active Directory domains).
  6. Specify the Online Certificate Authority that is active on your domain. If there is an Online Certification Authority that can be located online, you should be allowed to “select” from the list of accessible certification bodies. If the “Select” option is unavailable to you, you are still able to define the DA by giving it an appropriate name such as CertificateAuthorityNameNameServerName.
  7. Make use of the SSL/TLS Certificate management solutions that are provided by a third party.

You have the option of using either the Internet Information Services (IIS) to generate certificates for your company or opting instead for third-party alternatives.

How does one go about creating a brand-new user for FTP using Microsoft Windows?

You will need to create a new user account that has the correct permissions before you can connect to the FTPS server.

  1. Make sure all the users and groups for the local area are activated. Next, navigate to Computer Management by selecting Tools from the Server Manager menu.
  2. To manage local users and groups, expand the Systems tools > menu and select “Local Users and Groups” from the drop-down list that appears. You also have the option of pressing the Win key and the R key simultaneously to bring up the “Run” menu, where you may then type “lusrmgr.msc” in the box that displays.
  3. Go to the Action menu, then select “New User” from the available options.
  4. In the “New User” window that is presently active, enter the user’s credentials into the appropriate fields.
  5. From the menu, select the “Create” option.

Now that the user has been established, let’s check to see that they have permission to access the root folder on the FTP server.

The folder for storing material that is utilized by default in IIS bears the name “inetpub,” and it is referred to by that name. Entering the C:inetpub directory will allow you to locate the folder with the name “ftproot.” Right-clicking on the “Properties” menu item will bring up its contents. Once you are on the “Security” tab, you will want to select the “Edit” button from the toolbar.

You can adjust the permissions for the user account that you made in the past by navigating to that account. For instance, you can restrict or enable the user’s access to the resources included within the FTP Root folder. We have created a user, but to view the content folder that we have stored on the FTP server, we will also need access.

Include information for both the authentication and authorization processes.

On the following screen, you will be given the chance to select which users are connecting to your FTPS server and how they are doing so. You can also specify how they are connecting. You have the choice of selecting either the Anonymous protocol (with encryption turned on) or the Basic protocol, depending on the type of SSL certificate you have (with no encryption).

If you have already created an FTP user with IIS, then you will have the ability to view that user if you want to (as was demonstrated in the previous section). However, select “All Users” from the drop-down menu if you wish to enable access to the FTP server for every user on the domain. If this is not something you wish to do, you can choose the users in the text box.

In addition, you have the option to grant the FTP server user read, write, or read/write access from within this box. Once your FTP site has been established, you will be able to find it in the “Sites” area of the IIS Manager. This will be the case once it has been successfully built. First things first, make sure that the status is now set to “started.”

Establish login credentials and permissions for the file transfer protocol server

  1. After you have successfully built your new FTP site, you will need to click the “FTP Authentication” button.
  2. Make sure that “Basic Authentication” is turned on and that “Anonymous Authentication” is turned off when you go to the next window. One more time, this is dependent on the certificate that you currently hold.
  3. From the menu, pick “Add Allow Rule.” When you get to this screen, pick the option that says “All users” (unless you want to identify specific users), and then grant the permissions that are required.
  4. Return to the list of features for the FTP site, and then pick “IIS Manager Permissions” from the menu. If you do not see this feature, you will need to go back to Server Manager > Server Roles > Web Server (IIS) > Management Tools > and check to see if all the Management tools are selected. If you do not see this feature, you will need to go back to Server Manager > Server Roles > Web Server (IIS) > Management Tools >. You will need to return to Server Manager > Server Roles > Management Tools > if you do not see this feature there.
  5. Using the mouse, choose the “Allow User” option. To utilize the FTP site, you will first need to select the proper user from the drop-down menu in the following window. You are now able to proceed to select the “Select” button in Windows, as we have just finished creating a new user.
  6. The next step is to find the object name, which should be the user, and then click the “Ok” button after you are finished. is a SaaS MFT file transfer platform that enables companies to securely share files with users, teams, and other companies (B2B). is a unique solution that combines the fundamental benefits of managed file transfer (MFT) software with the benefits of file transfer protocol (FTP) software in terms of automation and security.

SolarWinds NPM

You can quickly identify, diagnose, and fix network performance issues and outages using SolarWinds Network Performance Monitor, a robust and reasonably priced network monitoring tool. SolarWinds Orion has privileged access to IT systems as an IT monitoring solution to collect log and system performance data.

Leave a Reply