Windows PC FTP Server
FTP is the senior citizen of file transfer protocols, and even though it’s old, it’s still rather active and useful. To the downside, in a manner of speaking, the world has chosen to ignore some of its good points by choosing to not make room for them in commonly available networking products, thus marginalizing a productive old timer.
Both Windows Server 2012 and Windows 7 allow a computer to become an FTP server by activating the FTP feature in Information Information Services (IIS). Configuration afterward is a snap and is virtually identical on both architectures.
The unfortunate downside with FTP is that this ease only applies to unsecured FTP, which actually may be just what you need. The configuration below documents unsecured FTP that requires a valid user id and password, but the anonymous FTP setup should be obvious as you move along.
Secure FTP is easy to set up. The only problem is that most routers really don’t like it and won’t let secure FTP pass through the firewall most modern routers include as a standard feature. Yes, the FTP protocol states standard FTP uses ports 20 and 21, plus you can add implicit or explicit (FTPS) SSL security. IIS will permit it, although the configuration is a little tricky and includes some less than obvious requirements in the certificate binding screen. Plus, your FTP client has to invoke the call to the server using a little different technique to enter the user id. But, it’s not difficult. Windows firewall doesn’t cause problems and requires no configuration on your part, normally.
Your router is the bad guy here, but it’s only doing what you asked it to do.
The FTP protocol states that ports 20 and 21 carry FTP. Secure FTP starts here but, during the negotiation and transfer, it also uses almost random ports. If your router doesn’t support this (which is separate and distinct from the features built into some routers that allow them to become FTP servers just by plugging in a USB drive), it will block the ancillary traffic. There are three ways to get past this;
Buy a router that supports secure FTP, if you can find one
Use an inferior router with no firewall support
Turn off all firewall support for one IP address on your router and allow all incoming traffic from the internet to reach your server (called a DMZ)
None of these options are especially attractive.
Thus, unsecured FTP is your most practical option … and as I said above, it may be just what you want. File can be located and transferred by using an open source FTP client such as FileZilla or WinSCP, or just by typing ftp://your-URL.com from your browser.
Secured file transfers can be made using WebDAV or a VPN if you need them. WebDAV and / or an SSTP VPN make secure file transfers across the internet as easy as copying to and from a USB drive. You just map a network location using Windows Explorer and you’re ready to go.
The bare minimum requirements for FTP support in IIS are documented below. It’s assumed that you have already installed IIS and you are simply adding new features. If not, then make sure to add the IIS Management Console, Windows Authentication, and, pretty much, everything that looks interesting. You can always come back and add or remove features whenever you like.
Windows PC uses the Programs and Features / Turn Windows Features on or off option in the Control Panel.
Windows Server requires you to modify the IIS server role.
Start the IIS Management Console and, on the right, click Add FTP Site.
Name your site and point to the location of the files. Click Next.
Fill in the screen as below and click Next.
Define the authentication characteristics. Click Finish.
Make sure that users will have NTFS authorization to the FTP site. Right click on the FTP site in the left panel and select Edit Permissions, then select the Security tab.
From your browser, enter ftp://your-URL.com and you should connect. If you required authentication, a user id and password prompt will be displayed.