Log In

How to Set Up an FTP Server on Windows Server 2019

How to Set Up an FTP Server on Windows Server 2019
04.04.2024
Reading time: 5 min
Hostman Team
Technical writer

Configuring an FTP server on Windows Server 2019 consists of several stages. First, you need to install the server itself, then create and isolate users, configure a firewall, and establish an FTP connection. This guide will explain all the steps in detail.

First, let's quickly remember what an FTP server is. It is only the first part of the infrastructure that allows data to be transferred between hosts. The second part is the client. A connection is established between them that uses the File Transfer Protocol.

The main advantage of this connection is that it is cross-platform. However, there are many disadvantages: the file sharing is not very fast, and there are security issues. Despite all that, the protocol is still widely used.

Install FTP server

To continue with this guide, you need a host with Windows Server 2019 installed and configured. 

To install an FTP server:

  1. Open the Start menu and launch Server Manager. You will configure the basic settings through this utility.

  2. Click Add roles and features.

  3. The Add Roles and Features Wizard will launch. Click Next.

  4. Select the Role-based or feature-based installation option and click Next.

  5. In the next window, select the default server; this is the server where roles should be installed.

  6. Check the role Web Server (IIS).

  7. In the next window, click Add features.

  8. Skip the next two steps by clicking Next; nothing needs to be changed.

  9. In Role Services select FTP Service and IIS Management Console.

  10.  Check the list of components ready for installation and click Install.

After installation is complete, close the wizard window. 

Firewall setup

To configure a firewall that protects an FTP server on Windows, go to the Tools menu in the Server Manager top right and run Windows Defender Firewall with Advanced Security

  1. In the left menu, go to Inbound rules.

  2. In the right menu, select New rule.

  3. In the rule settings, select the Predefined type and the FTP server value.

  4. Select all the options, click Next, and then Finish.

To apply the new configuration, reboot the server.

User management

One of the protocol's main problems is its low level of security. Therefore, you need to be very strict about the list of users who can connect to the server. For this purpose, groups or individual users are configured.

  1. Go to the Tools menu in the Server Manager and select Computer Management.

  2. Go to Local Users and Groups.

  3. Right-click the context menu of the Users item and proceed to create a new account.

  4. Enter your username and password. Select your account settings. For example, you can enable a requirement to change your password the first time you connect. Or vice versa, prohibit changing passwords.

For the system to accept a password, it must meet at least three of the four following security requirements:

  • Have lowercase Latin letters.

  • Have uppercase Latin letters.

  • Have numbers.

  • Have special characters like !, $, #, %.

Adding a site

For further work, we need to add an FTP site. After creating users, we return to the Server Manager. All Windows FTP server setup will take place here. 

  1. Go to the Tools and launch the Internet Information Services Manager tool.

  2. In the Connections section, double-click the sever and select Add FTP Site.

  3. Enter the site name and select the folder with its content.

  4. Specify the IP address to connect or set the mode to All Unassigned.

  5. Configure SSL settings. You can choose not to use encryption or enable it and add your own certificate. Click Next.

  6. Select Basic authentication. Grant authorization permission to Specified Users.

  7. Enter the name of the created account.

  8. Grant the read and write permissions.

  9. Click Finish.

Directory Isolation

In one of the previous steps, we showed how to create users which can connect to the server. However, more is needed to provide even minimal security. Another critical point is isolation.

Let's say we are setting up a server for a television company. The company needs to share videos between departments: the camera operators upload the footage, the editors edit it, and the correspondents watch it.

Isolation allows you to ensure that each type of user has access only to specific directories.

We have an FTP site. Let's go to the settings and restrict availability zones between different accounts.

  1. Go to the Tools and launch the Internet Information Services Manager tool.

  2. Right-click on your FTP site and select FTP User Isolation.

  3. Select User name directory and click Apply.

  4. Right-click on the FTP site and add a virtual directory.

  5. Enter your login and, in the line below, the full path to the folder this account can use.The directory should already exist. We recommend using the login in the directory name to make it easier to figure out who can go where.

We have one virtual directory. Let's change access permissions.

  1. Right-click on our new virtual directory and go to editing permissions.

  2. Open the Security tab and click Advanced.

  3. Disable inheritance and save changes.

  4. Return to the Security options.

  5. Click Edit under the list of groups/users.

  6. Remove the Users group and add a new user.

  7. Enter the FTP user name and run name checking.

  8. Click OK to save your changes.

  9. Select the new user, check all the permission checkboxes in the Allow column, and click Apply.

The configuration of the FTP server for Windows is complete.

Connection via FTP

We figured out how to create an FTP server on Windows Server 2019 and set up user accounts. Finally, let's see how to connect to our file storage.

A client is required to establish a connection. One of the most popular is FileZilla. You can also use WinSCP.

To connect, you will need:

  • The server IP address.

  • Name and password for the created account.

After establishing the connection, the user will see the directory you specified in the site settings. If you have configured directory isolation, the user will go to the virtual directory and cannot move to other people's folders.

Share