Configuring a FTP Server using Microsoft Windows Server 2003 OS

.:: File Transfer Protocol ( FTP ) ::.

File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another over a TCP/IP based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server. FTP users may authenticate themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to allow it.

Installing the FTP Service

FTP depends on Microsoft Internet Information Services (IIS). So, IIS and the FTP Service must be installed on the computer. To install IIS and the FTP Service, follow these steps:

1. Click Start, → Control Panel, and click on Add or Remove Programs.

2. Click Add/Remove Windows Components.

3. In the Components list, click Application Server, click Internet Information Services (IIS) (but do not select or clear the check box), and then click Details.
4. Click to select the following check boxes (if they are not already selected):

• Common Files
• File Transfer Protocol (FTP) Service
• Internet Information Services Manager

5. Click to select the check boxes next to any other IIS - related service or sub-component that you want to install, and then click OK.
6. Click Next.
7. When you are prompted, insert the Windows Server 2003 CD-ROM into the computer's CD-ROM or DVD-ROM drive or provide a path to the location of the files, and then click OK.

(**This CD must be the same type of edition and service pack, otherwise it may not work)

8. Click Finish.

IIS and the FTP Service are now installed. You must configure the FTP Service before you can use it.

-----------------------------

Configuring the FTP Service

To configure the FTP Service to allow only anonymous connections, follow these steps:

1. Start Internet Information Services Manager from Start → Administrative Tools → Internet Information Services (IIS) Manager.

2. Expand Server_name, where Server_name is the name of the server.
3. Expand FTP Sites.

4. Right-click Default FTP Site, and then click Properties.
5. Click the Security Accounts tab.
6. Click to select the Allow Anonymous Connections check box (if it is not already selected), and then click to select the Allow only anonymous connections check box.
   
   When you click to select the Allow only anonymous connections check box, you configure the FTP Service to allow only anonymous connections. Users cannot log on by using user names and passwords.
7. Click the Home Directory tab.
8. Click to select the Read and Log visits check boxes (if they are not already selected), and then click to clear the Write check box (if it is not already cleared).
9. Click OK.
10. Quit Internet Information Services Manager.

The FTP Server is now configured to accept incoming FTP requests. Copy or move the files that you want to make available to the FTP publishing folder for access. The default folder is

drive : \Inetpub\Ftproot, where drive is the drive on which IIS is installed.

-----------------------------

Creating an FTP Site

When you install the FTP Service, IIS creates a default FTP site. You can use the default FTP site or you can create a new FTP site. To create a new FTP site:

1. Click Start, → Administrative Tools, and click on Internet Information Services (IIS) Manager.
2. In the console tree, expand ServerName, where ServerName is the name of the server, right-click FTP Sites, point to New, and then click FTP Site. The FTP Site Creation Wizard starts.

3. Click Next.
4. On the FTP Site Description page, type a description for the FTP site in the Description box, and then click Next.

5. On the IP Address and Port Settings page, specify the IP address to use for the FTP site, specify the TCP port to use (if it is different from the default TCP port 21), and then click Next.
6. On the FTP User Isolation page, specify the user isolation option that you want, and then click Next.
7. On the FTP Site Home Directory page, specify the path of your home directory in the Path box, and then click Next.
8. On the FTP Site Access Permissions page, specify the permissions that you want, and then click Next.
9. Click Finish.

-----------------------------

Creating an FTP server with multiple users

If You want to create an FTP server that has multiple users that will all connect to individual folders but you do not want these users to see any folder but their own, you have to read the following:

Apparently Microsoft's documentation has an error in it. The process given below can be more helpful than the Microsoft's documentation. We're going to isolate the users using the IIS Virtual Directory wizard.Firstly, You need to create local usernames for all users.

1. Go to Start → Program Files → Administrative Tools → Computer Management

2. Open Local Users & Groups on the right pane. Double click on the Users folder. Right click on the left pane and select New User.

3. Give the username you want to use, write the full name and description and set a password (full name and description is not mandatory).
4. If you want to create multiple users do the same repeatedly.
5. Click OK.

Secondly, Now you have to create the physical directory that the user will get in to download files which be placed there. Navigate to C:\Inetpub\ftproot\ and create a folder named localuser. Inside the localuser directory you have to create folders according to the users. The folder names must be typed out exactly as the usernames are. Place whatever files you want these users to be able to download into those two user directories.
Thirdly, Set the permissions on the folders. Right click the folders and select either Properties or Sharing and Security. On the Security tab you can remove the main Users group and replace it with your username created for its appropriate folder.
Fourthly, Set up the actual site in IIS.

1. Go to Start → Program Files → Administrative Tools → Internet Information Services (IIS) Manager

2. On the right pane you want to open up your Local Computer name and then right click on FTP Sites folder.
3. Select New FTP Site. A screen comes up Welcome to the FTP Site Creation Wizard.
4. Select NEXT.
5. Type in the name of the Site. Select NEXT.
6. Type the IP address of the computer or if you see "All Unassigned" you can leave it at that. The port is 21.

**In order for outside users to connect to your FTP server your port 21 must be opened on your switch or router so make sure this is done beforehand. You will also need the External IP address of the machine you are creating the FTP server on so that the outside world can get in. If it's an internal FTP site then you can just give out the internal IP address to your users on your network**

7. Select NEXT. There are three options, you need Isolate Users (Users must be assigned an FTP home directory within the root of this FTP site)

8. Select the radio button next to this option and then select NEXT.
9. The home directory is the FTP server root or C:\Innetpub\ftproot. Select Browse to navigate to this directory and then click NEXT.

10. The next page is the Permissions screen. Give the permissions as you need. Select NEXT.

11. The FTP Site Creation Wizard completes successfully. If it does not end successfully make sure you read what the problem is.
Fifthly, Now you have to create the actual virtual directories in IIS which are going to point to your physical directories.

1. Right click on the created FTP Server name and select New → Virtual Directory. A page comes up "Welcome to the Virtual Directory Creation Wizard". Select NEXT.

2. Type your alias. It is the username you have created before from users menu.

3. The next screen is the path to the physical directory. Select Browse and navigate to C:\Inetpub\ftproot\localuser\username and then select NEXT.

4. Set the permissions for Read or Write or both on the next page like you did before and select NEXT.

5. Select Finish to complete the Virtual directory creation wizard. You should see it completed successfully.

6. Repeat the wizard for all remaining users.

7. If you right click on the virtual directories and go to Permissions you will see that the username which matches the virtual directory can access the folder as well as the local administrators.

Now you can connect via a browser window and you should be able to connect.

Remember Outside World uses the External IP of the machine. People on your network can use the Internal IP of the machine.

-----------------------------

Configuring Anonymous User Access

You can configure the FTP site for anonymous access by using a predefined user name and password or you can configure the site to require a user name and password that corresponds to a valid Windows user account. When you configure the site to require a user name and password, credentials and data is sent across the network in plain text and are not encrypted in any way. Information is susceptible to interception.

If you intend to put sensitive data on your FTP site, or if secure communications is important, consider using FTP over an encrypted channel such as a virtual private network (VPN) that is secured with Point-to-Point Tunneling Protocol (PPTP) or Secure Internet Protocol (IPSec). Or, consider using Web Authoring with Web-based Distributed Authoring and Versioning (WebDAV). WebDAV uses Secure Sockets Layer (SSL).
To configure anonymous user access do the following :

1. Click Start, → Administrative Tools, and click on Internet Information Services (IIS) Manager.
2. In the console tree, expand ServerName, where ServerName is the name of the server, expand FTP Site, right-click your FTP site, and then click Properties.
3. Click the Security Accounts tab, and then do one of the following:
   • To permit anonymous connections to the FTP site, click to select the Allow anonymous connections check box (if it is not already selected). If you want to use a Windows user account other than the default IUSER_ComputerName, specify the user name and password in the User name and Password boxes.
     If you want to permit only anonymous connections, click to select the Allow only anonymous connections check box.
4. Click OK.
5. Quit Internet Information Services (IIS) Manager.

-----------------------------

Limit Access to Specific Computers

To limit access to only certain computers or groups of computers:

1. Click Start, → Administrative Tools, and click on Internet Information Services (IIS) Manager.
2. In the console tree, expand ServerName, where ServerName is the name of the server, expand FTP Site, right-click your FTP site, and then click Properties.
3. Click the Directory Security tab.
4. Do one of the following:
   • To deny access, click Granted Access, and then click Add. In the Deny Access dialog box that appears, specify the option that you want, and then click OK.
     
     The computer or group of computers that you specified is added to the list.
   • To grant access, click Denied Access, and then click Add. In the Grant Access dialog box that appears, specify the option that you want, and then click OK.
     
     The computer, group of computers, or domain that you selected is added to the list.
5. Click OK.
6. Quit Internet Information Services (IIS) Manager.

-----------------------------

If you are prompted to insert the Windows Server 2003 CD-ROM into the computer's CD-ROM or DVD-ROM drive do so. Setup copies the FTP server and tool files to your computer.

(**This CD must be the same type of edition and service pack, otherwise it may not work)

Help Links:

1. http://en.wikipedia.org/wiki/File_Transfer_Protocol
2. http://support.microsoft.com/kb/323384
3. http://support.microsoft.com/kb/816525
4. http://support.microsoft.com/kb/326214
5. http://www.tek-tips.com/viewthread.cfm?qid=872498&page=6

N.B.

**This tutorial is created using Microsoft Windows Server 2003 Service Pack 1