Setup FTP 7.5 on Windows Server 2008 and publish through Forefront TMG 2010

There are two FTP servers that can be used with IIS 7. FTP 7.0 is included with Windows Server® 2008. FTP 7.5 is included with Windows Server® 2008 R2. you can download new FTP 7.5 from FTP for IIS 7.0 (x86) or FTP for IIS 7.0 (x64) depending on server architecture.

  • You must be using Windows Server 2008.
  • You must uninstall FTP 6.0 that is included with Windows Server 2008 before you install FTP 7.5.
  • IIS 7 must be installed, and IIS Manager should be installed if you are going to manage the FTP server by using the IIS Manager user interface.
  • You must be an administrator to install the FTP server.
  • IIS 7 supports a shared configuration environment, which must be disabled on each server in a Web farm before you install FTP server on each node.
  • Forefront TMG for publishing FTP to extranet
To install the FTP service on Windows Server 2008 R2

On the Start menu, click Administrative Tools, and then click Server Manager.

In the Server Manager Pane, in the Roles Summary section, click Web Server (IIS).


In the Web Server (IIS) section, click Add Role Services.

  2 3

 4 5

Under Role services, select FTP Publishing Service. This will install the FTP service and the FTP management console. Note that for Windows Server 2008, do not Select FTP publishing service. Download FTP 7.5 and install separately once IIS installation is completed.

Click Next, and then click Install.


To install FTP 7.5 separately: If you are using Windows Server 2008 R2, download FTP7.5 from Microsoft Download Center and install separately.

Double click on ftp7_x86_75, Click Next and Accept Eula, Click Next and continue installation.

 8 9

 10 11

 12 13 

Click Finish once installation completed.

Verify FTP services Started

Click on Start Menu, Click on Administrative Tools, Click Services

Check Microsoft FTP Services and IIS Admin Services Started and Set Start-up type Automatic


Click on Start Menu, Click on Administrative Tools, Click Event Viewer, Expand Windows Logs, Click on Setup


As a best practice Check IIS setup completed with no error

To Add FTP Site from the IIS management Console

Expand down to Sites

Click Add FTP site from the actions menu

Specify a Site name, Specify a physical path Anon FTP

 15 16

 17 18

For this article, I am showing anonymous ftp however, anonymous ftp isn’t recommended in production environment.

19 20

Select and ip address (this would be your internal one) leave the port on 21

(Do not specify a host name – if you want make it simple and easy)

Check Start FTP Site Automatically , I selected No SSL, You can select SSL if you want to. For this article, I leave it as no SSL. For Authentication I check Anonymous. Authorisation Allow access to Anonymous users With Read and Write. However, in production environment, never allow anonymous access.  

 To setup the permissions in the local file system.

Right Click on newly created FTP site, Click on Edit Permission.


Right Click and get to the security tab and then click on Advanced


Click Change Permissions, Un-check “Include inheritable permissions from the object’s parent”

Click Add to add the original permission. Add or modify preferred permission.

Close this all off. Follow the following steps to add anonymous access.

Open the advanced permissions again (it should be nicely refreshed now)

Click add, From the location field change this to the server, Enter the user name IUSR click check name and OK (this is the “Anonymous User” account)

I Select Full control for this folder sub folders and files ( you can fiddle here if you want to restrict more)

Close that all off.

To publish FTP Site to extranet or internet: Click on FTP server (not site)>Click FTP Firewall Support, Type preferred port range and IP address of external NIC of TMG server. 



To Install Certificate for Secure FTPS

 31 32

 33 34

 35 36


To Publish FTP site from Forefront TMG 2010: you can publish ftp server using non-web publishing rule. To do this, right click on firewall policy>new>create non web publishing policy.

 40 41

 42 43

 44 45

 46 47


Apply changes. Click ok. right click on newly firewall policy>click configure ftp>uncheck Read only>Apply and ok.

49 50

Apply changes. OK. Click on System>Application Filters>FTP Access Filter>click Allow active FTP access. Apply and ok.

 51 52

To Create FTP access rules in Forefront TMG 2010: Create another rule allowing ftp for internal networks.

 53 54

55 56

 57 57a

 58 59

 60 61

Test FTP connections using any ftp client.


In conclusion, this is a test ftp server, there are lot more to do in terms of securing ftp and publishing for individual users.

About Raihan Al-Beruni

My Name is Raihan Al-Beruni. I am working as an Infrastructure Architect in Data Center Technologies in Perth, Western Australia. I have been working on Microsoft technologies for more than 15 years. Other than Microsoft technologies I also work on Citrix validated solution and VMware data center virtualization technologies. I have a Masters degree in E-Commerce. I am certified in Microsoft, VMware, ITIL and EMC. My core focus is on cloud technologies. In my blog I share my knowledge and experience to enrich information technology community as a whole. I hope my contribution through this blog will help someone who wants more information on data center technologies.
This entry was posted in Windows Server and tagged , , , , , . Bookmark the permalink.

3 Responses to Setup FTP 7.5 on Windows Server 2008 and publish through Forefront TMG 2010

  1. Con Stantine says:

    very useful information bro…
    well done


  2. Nikhil says:

    It’s really a amazing blog with proper guided posts

    Thanks for a fantastic task


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s