There are two FTP servers that can be used with IIS 7. FTP 7.0 is included with Windows Server® 2008. FTP 7.5 is included with Windows Server® 2008 R2. you can download new FTP 7.5 from FTP for IIS 7.0 (x86) or FTP for IIS 7.0 (x64) depending on server architecture.
- You must be using Windows Server 2008.
- You must uninstall FTP 6.0 that is included with Windows Server 2008 before you install FTP 7.5.
- IIS 7 must be installed, and IIS Manager should be installed if you are going to manage the FTP server by using the IIS Manager user interface.
- You must be an administrator to install the FTP server.
- IIS 7 supports a shared configuration environment, which must be disabled on each server in a Web farm before you install FTP server on each node.
- Forefront TMG for publishing FTP to extranet
To install the FTP service on Windows Server 2008 R2
On the Start menu, click Administrative Tools, and then click Server Manager.
In the Server Manager Pane, in the Roles Summary section, click Web Server (IIS).
In the Web Server (IIS) section, click Add Role Services.
Under Role services, select FTP Publishing Service. This will install the FTP service and the FTP management console. Note that for Windows Server 2008, do not Select FTP publishing service. Download FTP 7.5 and install separately once IIS installation is completed.
Click Next, and then click Install.
To install FTP 7.5 separately: If you are using Windows Server 2008 R2, download FTP7.5 from Microsoft Download Center and install separately.
Double click on ftp7_x86_75, Click Next and Accept Eula, Click Next and continue installation.
Click Finish once installation completed.
Verify FTP services Started
Click on Start Menu, Click on Administrative Tools, Click Services
Check Microsoft FTP Services and IIS Admin Services Started and Set Start-up type Automatic
Click on Start Menu, Click on Administrative Tools, Click Event Viewer, Expand Windows Logs, Click on Setup
As a best practice Check IIS setup completed with no error
To Add FTP Site from the IIS management Console
Expand down to Sites
Click Add FTP site from the actions menu
Specify a Site name, Specify a physical path Anon FTP
For this article, I am showing anonymous ftp however, anonymous ftp isn’t recommended in production environment.
Select and ip address (this would be your internal one) leave the port on 21
(Do not specify a host name – if you want make it simple and easy)
Check Start FTP Site Automatically , I selected No SSL, You can select SSL if you want to. For this article, I leave it as no SSL. For Authentication I check Anonymous. Authorisation Allow access to Anonymous users With Read and Write. However, in production environment, never allow anonymous access.
To setup the permissions in the local file system.
Right Click on newly created FTP site, Click on Edit Permission.
Right Click and get to the security tab and then click on Advanced
Click Change Permissions, Un-check “Include inheritable permissions from the object’s parent”
Click Add to add the original permission. Add or modify preferred permission.
Close this all off. Follow the following steps to add anonymous access.
Open the advanced permissions again (it should be nicely refreshed now)
Click add, From the location field change this to the server, Enter the user name IUSR click check name and OK (this is the “Anonymous User” account)
I Select Full control for this folder sub folders and files ( you can fiddle here if you want to restrict more)
Close that all off.
To publish FTP Site to extranet or internet: Click on FTP server (not site)>Click FTP Firewall Support, Type preferred port range and IP address of external NIC of TMG server.
To Install Certificate for Secure FTPS
To Publish FTP site from Forefront TMG 2010: you can publish ftp server using non-web publishing rule. To do this, right click on firewall policy>new>create non web publishing policy.
Apply changes. Click ok. right click on newly firewall policy>click configure ftp>uncheck Read only>Apply and ok.
Apply changes. OK. Click on System>Application Filters>FTP Access Filter>click Allow active FTP access. Apply and ok.
To Create FTP access rules in Forefront TMG 2010: Create another rule allowing ftp for internal networks.
Test FTP connections using any ftp client.
In conclusion, this is a test ftp server, there are lot more to do in terms of securing ftp and publishing for individual users.