Documentation » Using WinSCP » Guides » Other » Show
You may want to install a secure FTP server on Windows either as standalone file storage or to have means of editing your website hosted on IIS (Internet Information Services) web server. In both cases, you can use an optional FTP Server component of the IIS. It can be installed standalone or along with a Web Server.1
Installing FTP ServerOn Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012
Advertisement
Advertisement Skip to the next step. On Windows Server 2008 R2If you do not have IIS installed yet:
If you have IIS installed already (i.e. as a Web Server):
Advertisement Skip to the next step. On Windows Desktop (Windows 11, Windows 10, Windows 8, Windows 7 and Windows Vista)
Opening IIS Manager
Advertisement Creating Certificate for the FTPS ServerYou need a TLS/SSL certificate to secure your FTP server. Ideally, you should acquire the certificate from a certificate authority. You may also create a self-signed certificate locally, but in such case users of your FTPS server will be warned, when connecting to the server. To create the self-signed certificate:
Self-signed certificates created by old versions of IIS Manager do not work with FTPS clients that check for key usage violations.2 To create a certificate with a correct key usage, use New-SelfSignedCertificate PowerShell as an Administrator: New-SelfSignedCertificate -FriendlyName "FTP Server" -CertStoreLocation cert:\localmachine\my -DnsName ftp.example.comServers behind external Firewall/NATIf your server is behind an external firewall/NAT, you need to tell the FTP server its external IP address, to allow passive mode connections.
When behind an external firewall, you need to open ports for data connections (obviously in addition to opening an FTP port 21 and possibly an implicit TLS/SSL FTP port 990). You won’t probably want to open whole default port range 1024-65535. In such case, you need to tell the FTP server to use only the range that is opened on the firewall. Use a Data Channel Port Range box for that. Any time you change this range, you will need to restart FTP service. Learn how to open ports on Microsoft Azure. Advertisement Click Apply action to submit your settings.
Some external firewalls are able to monitor FTP control connection and automatically open and close the data connection ports as needed. So you do not need to have whole port range opened all the time, even when not in use. This won’t work with the secure FTPS as the control connection is encrypted and the firewall cannot monitor it. Windows Firewall RulesAn internal Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535 when IIS FTP server is installed. The rules are not enabled initially on some versions of Windows.3 To enable or change the rules, go to Control Panel > System and Security > Windows Defender Firewall4 > Advanced Settings > Inbound Rules and locate three “FTP server” rules. If the rules are not enabled, click on Actions > Enable Rule. Restarting FTP ServiceWhile the internal Windows firewall is automatically configured to open FTP ports when FTP server is installed, this change does not seem to apply, until FTP service is restarted. The same is true for changing data channel port range. To restart FTP service go to Control Panel > System and Security > Administrative Tools (Windows Tools on Windows 11) and open Services. Locate Microsoft FTP Service and click Restart service.5 Adding FTP SiteTo a Web SiteIf you want to add FTP server to manage your existing web site remotely, locate your web site node in IIS Manager and:
Advertisement Your secure FTPS server is now running and can be connected to.
Standalone FTP SiteIf you want to add a standalone FTP server to store/exchange files, locate Sites node (folder) of your Windows server in IIS Manager and:
Your secure FTPS server is now running and can be connected to. Connecting to Your FTPS ServerFor connecting to a Microsoft Azure Windows instance, see a specific guide. Start WinSCP. Login Dialog will appear. On the dialog:
Advertisement
Further reading
Last modified: 2022-06-21 by martin What is the role of IIS server?IIS fulfills the role of the Web server, responding to requests for files from Web clients such as IE, and logging activity.
How do I log into IIS server?To connect to a web server by using IIS Manager
Open IIS Manager. For information about opening IIS Manager, see Open IIS Manager (IIS 8). In the Connections pane, expand Create New Connection in the toolbar. Click Connect to a Server to open the Connect to Server Wizard.
How do I use IIS on Windows?Enabling IIS and required IIS components on Windows 10. Open Control Panel and click Programs and Features > Turn Windows features on or off.. Enable Internet Information Services.. Expand the Internet Information Services feature and verify that the web server components listed in the next section are enabled.. Click OK.. What is IIS service name?Microsoft Internet Information Services (IIS, formerly called Internet Information Server) is a set of Internet-based services for servers using Microsoft Windows.
|