Configuring an FTP server on Windows Server 2019 consists of several stages. First, you need to install the server itself, then create and isolate users, configure a firewall, and establish an FTP connection. This guide will explain all the steps in detail.
First, let's quickly remember what an FTP server is. It is only the first part of the infrastructure that allows data to be transferred between hosts. The second part is the client. A connection is established between them that uses the File Transfer Protocol.
This connection's primary benefit is its cross-platform compatibility. Nevertheless, there are a number of drawbacks, including slow file sharing and security problems. The protocol is still frequently used in spite of all of that.
This is how FTP client works on Windows
To continue with this guide, you need a host with Windows Server 2019 installed and configured.
To install an FTP server:
Open the Start menu and launch Server Manager. You will configure the basic settings through this utility.
Click Add roles and features.
The Add Roles and Features Wizard will launch. Click Next.
Select the Role-based or feature-based installation option and click Next.
In the next window, select the default server; this is the server where roles should be installed.
Check the role Web Server (IIS).
In the next window, click Add features.
Skip the next two steps by clicking Next; nothing needs to be changed.
In Role Services select FTP Service and IIS Management Console.
Check the list of components ready for installation and click Install.
After installation is complete, close the wizard window.
To configure a firewall that protects an FTP server on Windows, go to the Tools menu in the Server Manager top right and run Windows Defender Firewall with Advanced Security.
In the left menu, go to Inbound rules.
In the right menu, select New rule.
In the rule settings, select the Predefined type and the FTP server value.
Select all the options, click Next, and then Finish.
To apply the new configuration, reboot the server.
One of the protocol's main problems is its low level of security. Therefore, you need to be very strict about the list of users who can connect to the server. For this purpose, groups or individual users are configured.
Go to the Tools menu in the Server Manager and select Computer Management.
Go to Local Users and Groups.
Right-click the context menu of the Users item and proceed to create a new account.
Enter your username and password. Select your account settings. For example, you can enable a requirement to change your password the first time you connect. Or vice versa, prohibit changing passwords.
For the system to accept a password, it must meet at least three of the four following security requirements:
Have lowercase Latin letters.
Have uppercase Latin letters.
Have numbers.
Have special characters like !, $, #, %.
We must add an FTP site in order to continue working. Once users have been created, we go back to the Server Manager. This is where all Windows FTP server setup will happen.
Go to the Tools and launch the Internet Information Services Manager tool.
In the Connections section, double-click the sever and select Add FTP Site.
Enter the site name and select the folder with its content.
Specify the IP address to connect or set the mode to All Unassigned.
Configure SSL settings. You can choose not to use encryption or enable it and add your own certificate. Click Next.
Select Basic authentication. Grant authorization permission to Specified Users.
Enter the name of the created account.
Grant the read and write permissions.
Click Finish.
In one of the previous steps, we showed how to create users which can connect to the server. However, more is needed to provide even minimal security. Another critical point is isolation.
For example, we are configuring a server for a television network. Departments within the company must share videos: camera operators submit the footage, editors modify it, and correspondents view it.
Isolation allows you to ensure that each type of user has access only to specific directories.
We have an FTP site. Let's go to the settings and restrict availability zones between different accounts.
Go to the Tools and launch the Internet Information Services Manager tool.
Right-click on your FTP site and select FTP User Isolation.
Select User name directory and click Apply.
Right-click on the FTP site and add a virtual directory.
Enter your login and, in the line below, the full path to the folder this account can use.The directory should already exist. We recommend using the login in the directory name to make it easier to figure out who can go where.
We have one virtual directory. Let's change access permissions.
Right-click on our new virtual directory and go to editing permissions.
Open the Security tab and click Advanced.
Disable inheritance and save changes.
Return to the Security options.
Click Edit under the list of groups/users.
Remove the Users group and add a new user.
Enter the FTP user name and run name checking.
Click OK to save your changes.
Select the new user, check all the permission checkboxes in the Allow column, and click Apply.
The configuration of the FTP server for Windows is complete.
We figured out how to create an FTP server on Windows Server 2019 and set up user accounts. Finally, let's see how to connect to our file storage.
A client is required to establish a connection. One of the most popular is FileZilla. You can also use WinSCP.
To connect, you will need:
The server IP address.
Name and password for the created account.
After establishing the connection, the user will see the directory you specified in the site settings. If you have configured directory isolation, the user will go to the virtual directory and cannot move to other people's folders.
Installed FTP Server on Windows Server 2019