Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
# add a group [FTPGroup] for FTP
PS C:\Users\Administrator> New-LocalGroup -Name "FTPGroup"
Name Description
---- -----------
FTPGroup
# add users to the [FTPGroup] you allow to use FTP
# add [Serverworld] user to [FTPGroup] as an example below
PS C:\Users\Administrator> Add-LocalGroupMember -Group "FTPGroup" -Member "Serverworld"
# confirm
PS C:\Users\Administrator> Get-LocalGroupMember -Name "FTPGroup"
ObjectClass Name PrincipalSource
----------- ---- ---------------
User RX-7\Serverworld Local
# add FTP site
# -Name [any name you like]
# -IPAddress [listening IP address] (below is 0.0.0.0 (all))
# -Port [listening port]
PS C:\Users\Administrator> New-WebFtpSite -Name "FTPSite01" -IPAddress "*" -Port 21
# set physical folder that is used for FTP site
# example below, create a [FTPSite01] folder under the [C:\inetpub\ftproot] that is created by default and set it
PS C:\Users\Administrator> mkdir 'C:\inetpub\ftproot\FTPSite01'
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name physicalPath -Value 'C:\inetpub\ftproot\FTPSite01'
# set SSL/TLS required
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.security.ssl.controlChannelPolicy -Value "SslRequire"
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.security.ssl.dataChannelPolicy -Value "SslRequire"
# confirm Thumbprint of certificate
PS C:\Users\Administrator> Get-ChildItem Cert:\LocalMachine\My
PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My
Thumbprint Subject
---------- -------
42B8869979FACD6A81AB214D72E499D4E59E88D3 CN=rx-7.srv.world
# add cert store and Thumbprint
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.security.ssl.serverCertStoreName -Value "My"
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.security.ssl.serverCertHash -Value "42B8869979FACD6A81AB214D72E499D4E59E88D3"
# set basic authentication
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.security.authentication.basicAuthentication.enabled -Value $true
# set read and write authority to [FTPGroup] group
PS C:\Users\Administrator> Add-WebConfiguration "/system.ftpServer/security/authorization" -Location FTPSite01 -PSPath IIS:\ -Value @{accessType="Allow";roles="FTPGroup";permissions="Read,Write"}
# set external IP address (the one client computers can connect)
PS C:\Users\Administrator> Set-ItemProperty "IIS:\Sites\FTPSite01" -Name ftpServer.firewallSupport.externalIp4Address -Value "10.0.0.101"
# set NTFS access authority to the physical folder
# example below, add full control
PS C:\Users\Administrator> icacls "C:\inetpub\ftproot\FTPSite01" /grant "FTPGroup:(OI)(CI)(F)"
processed file: C:\inetpub\ftproot\FTPSite01
Successfully processed 1 files; Failed processing 0 files
# restart FTP site
PS C:\Users\Administrator> Restart-WebItem -PSPath 'IIS:\Sites\FTPSite01'
|