Set Up an FTP Server on Windows


Fully Functional for 14 Days

FTP functions on a client-server model. The server hosts the files to be shared and the client provides the interface to access, download, or upload files to the file server. The computers transferring the files can be within the same network where the FTP server is configured, as well as outside the network (over the Internet). FTP uses two ports, one for connection and one for sending data.


FTP can run in two modes: active and passive. And, it uses two channels between the client and server: the command channel and the data channel. The command channel is for sending the commands and responses, and the data channel is for sending the actual data. As for the active and passive modes, in the active mode, the client launches the command channel, and the server establishes the data channel. In the passive mode, both the command and data channels are established by the client.


Most organizations prefer passive mode. In this mode, the client initiates both channels; therefore, the organization has less or no alterations to make on the client firewall. The connection is from the client to the server, and the data will be return traffic to the client. Overall, organizations can allow their users (clients) to connect to FTP servers without compromising network security.

Setting up FTP in passive mode

Setting up FTP in passive mode

Primarily, the command channel is opened by the client to the FTP server on port 21. The client also opens two random, unprivileged ports on the client (typically a port greater than 1023). We’ll call the first port P and the second port P+1. The FTP client initiates the connection to the server by sending a PASV command. The client connects to the server from port P to server port 21 with the PASV command. The server then opens another unprivileged port Q (any port greater than 1023), and sends the port information back as a reply to the PASV command. Now the client initiates the connection from port P+1 to port Q on the server to start the data transfer.



  1. The client contacts the server using the PASV command on port 21.
  2. The server replies using the port 2000. Here, port 2000 is the port that the server will be listening to for the data connection.
  3. The client initiates the connection from port 1025 to 2000 (on the server).
  4. The server sends back the ACK (acknowledgement).

Opening up channels on FTP client and server

Client side: Data and other communications from the client should reach the FTP server. Make sure you allow the outgoing data and other communications from the client to go to the FTP server.


Server side: Port 21 should be open, as that is the port which receives the PASV command for initiating the connection. The port used by the server to respond to the client can be anything between Port 22 to 1022. Because the FTP server specifies a random port (anything greater than 1023), those ports should be open for communication.



  • FTP depends on IIS (Internet Information Services). Both IIS and FTP services should be installed for the configuration of the FTP server.
  • A root folder is required for FTP publishing. The folder can be created under:
  • Next, you need to set permissions to allow anonymous access to the folder. Use the following command on a CMD prompt to grant access:
    “ICACLS "%SystemDrive%\ftp\ftproot" /Grant IUSR:R /T”
  • "%SystemDrive%\ ftp \ftproot"
    (or the path to the root folder) should be set as the path for your FTP site. Even the software firewall (Windows firewall, Symantec, etc.) should allow connections to the FTP server.

Enabling FTP in Windows

Enabling FTP in Windows

In this example, we will use Windows Server 2008 R2 to configure FTP.


If IIS is not installed,

  1. Navigate to Start > Control Panel > Administrative Tools > Server Manager in Windows Server Manager
  2. Go to Roles node. Right-click on Roles, and click Add Roles.

  1. In the Add Roles window, open Server Roles and check Web Server (IIS).
  2. Proceed through the setup wizard, and click Install. Wait for the installation to complete.

If IIS is installed already (as a Web server)

If IIS is installed already (as a Web server)

  1. Navigate to Start > Control Panel > Administrative Tools > Server Manager
  2. In the Windows Server Manager, go to Roles node, and expand Web Server (IIS).
  3. Right-click on Web Server (IIS), and click on Add Role Services

  1. In the Add Role Services window, go to Roles Services, and check FTP Server.
  2. Confirm that IIS Management Console is checked under Management Tools
  3. Click Next, and then Install. Wait for the installation to complete.

Transferring files

To transfer files, you should add an FTP site. Once the FTP site is enabled, clients can transfer to and from the site using the FTP protocol.

Setting up an FTP site

Setting up an FTP site

  1. Navigate to Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.
  2. Once the IIS console is open, expand the local server.
  3. Right-click on Sites, and click on Add FTP Site

  1. In the Add FTP Site window, type the FTP server name and the content directory path, and click Next. The directory path should be the same as the one we set permissions to allow anonymous access above, we used:
    %SystemDrive%\ ftp \ftproot

  1. In the Binding and SSL Settings window, type the IP address of the server. Check the Start FTP Site Automatically option. Choose SSL Based on Constraint. Click Next.

  1. Now, select Basic for authentication.
  2. Click Finish. Now, the FTP site creation is complete.

Note: Basic authentication means there is no encryption used. Thus, username/password are sent in clear text. Basic authentication matches the username/password from the Active Directory database. You can also create accounts in IIS. This can be done from under Management Tools in Web Server (IIS) role. Under Authorization, you can select All Users to allow FTP access to all users from the domain. Also, check both Read and Write under Permissions Based on Requirement.

Accessing files on the FTP server

Accessing files on the FTP server

To access files on the FTP server, open a file explorer and type ftp://serverIP. The FTP server asks for a username and password. Enter the username and password (Windows or Active Directory credentials) and click Logon. The files and folders display under the FTP server.

Serv-U Managed File Transfer Server

Secure FTP server software that provides comprehensive security, automation, and centralized control for file transfers across your organization

Let’s talk it over.
Contact our team. Anytime.