Install and configure an FTP server with PowerShell

In this post you will learn how to install an FTP server with PowerShell. I will show you how to configure the site name, port, and root folders. Then I will explain how to create FTP users, how to authenticate users, and how to configure the SSL policy and NTFS permissions.
Latest posts by Prateek Singh (see all)

Install the FTP feature ^

Before you can begin configuring your FTP server, you first need to install the required Windows features: FTP, the Web Server (IIS), and the Management Tools to administer it with PowerShell.

Install the FTP feature

Install the FTP feature

After the installation completes, import the WebAdministration module. This will map an Internet Information Services (IIS) drive (IIS:\) through which we will configure our FTP site later in this article.

Configuring the site name, port, and root folder ^

Now you can create a new FTP site using the New-WebFtpSite cmdlet by providing an FTP site name, root folder for your FTP site, and port number. I'm choosing port 21, which is the default FTP port, but you can also specify any custom port for your FTP site.

Create the FTP site

Create the FTP site

After running the cmdlet, you'll see the FTP site and bindings in IIS Manager.

The FTP site in IIS

The FTP site in IIS

Create FTP users ^

After creating a new FTP site, you can create a Windows user or group through which you can control the access to the FTP server. Let's first create the Windows local group:

Then we will create a new local FTP user with a username and password:

Later we will add the FTP user to the Windows group:

Create FTP group and users

Create FTP group and users

Authenticating FTP users to access FTP server data ^

Now we enable basic authentication on the FTP site and authorize the Windows group that contains the FTP user so it can access the FTP site.

Enable basic authentication and an authorization rule

Enable basic authentication and an authorization rule

You can also check these settings under IIS Manager > FTP Site > FTP Authorization Rules.

Authorization rule in IIS

Authorization rule in IIS

SSL policy and NTFS permissions to the FTP root folder ^

Next, we change the SSL policy from Require SSL to Allow SSL connections.

Setting the SSL policy

Setting the SSL policy

The commands below set the NTFS permissions on the FTPRoot folder to allow the FTP user group to access the files.

SSL policy and NTFS permissions

SSL policy and NTFS permissions

You can verify this from the FTP root folder properties under the Security tab.

NTFS Permissions on the folder

NTFS Permissions on the folder

After all the configurations are complete, it is advisable to restart the FTP site:

You can then test the FTP server, which should allow you to access files, content, and directories under the FTP root folder.

Testing the FTP server

Testing the FTP server

Conclusion ^

Setting up an FTP server on a Window server requires configuration at many levels. With PowerShell you can install Windows FTP features and create the FTP server with the detailed configuration very easily. You can also create new FTP users and authorize them to access the FTP root directory in an automated fashion. This can come in handy if you have to apply the same settings for several machines.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

3+
avatar
Share
4 Comments
  1. Nelson 1 year ago

    Excellent post, thank you very much. I had some problems creating the local group, the local user and adding it to the group, I used these commands for that:

    # Create the local Windows group
    $FTPUserGroupName = "FMS FTP Users"
    New-LocalGroup -Name $FTPUserGroupName -Description "Members of this group can connect throgh FTP"
    # Create an FTP user
    $FTPUserName = "FtpManager"
    $FTPPassword = ConvertTo-SecureString "p@ssw0rd" -AsPlainText -Force
    New-LocalUser -Name $FTPUserName -Password $FTPPassword -Description "User account to access FMS FTP" -PasswordNeverExpires -UserMayNotChangePassword
    # Add an FTP user to the group FTP Users
    Add-LocalGroupMember -Name $FTPUserGroupName -Member $FTPUserName

    1+

  2. Alex 1 year ago

    The was fantastic and very detailed. I am going through trying to automate many repetitive tasks and setting up an FTP server was the next one in line. This is a huge help!

    0

  3. I just tried to make a comment on this article.

    I don't think that [ ADSI ]"WinNT://$Etc" works when you have LSA disabled, which I do. Because apparently when you're in the world of Cyber Security... it's a good way to get trolled... learned my lesson with that one.

    At any rate... I have reworked this script. I included the local user parameters that Nelson suggested, as that is definitely easier to manage than using the shellsharpnet method that the author originally used.

    I've had issues using both methods. Despite that, I have a script in a testable format, feel free to scope it out and see if it works for you.

    I was looking to add a GUI module, but it's not high on my priority list at the moment.

    https://github.com/mcc85s/PSD-Remaster/blob/master/Provision-FTPServer.ps1

     

    0

  4. Prabhu 11 months ago

    Is there a way to set SSL to No SSL in Binding and SSL settings screen please. 

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account