Automate FTP 7.5 installation and FTP site creation
With the imminent release of Windows 7 and Server 2008 R2 to the general public, some of you may want to automate the installation FTP 7.5 on the machine. Thanks to pkgmgr, this is made amazingly simple!
To install both the UI and the FTP service, simply run the following command in an elevated cmd shell:
cmd /c "pkgmgr /iu:IIS-FTPSvc;IIS-FTPExtensibility”
However, for a more lightweight installation where you just want to install the service, this is possible via:
cmd /c "pkgmgr /iu:IIS-FTPSvc”
On this line of thinking about automating simple and common tasks, here’s a simple batch script that sets up a basic ftp site on port 21 with a data directory at C:\inetpub\ftproot
(can be a different drive depending on system) and allows read/write access to all users who already have access to the would-be server. NOTE: NO FURTHER SECURITY IS IN PLACE.
You can copy and paste this directly into an elevated cmd shell window or make a batch file out of it to distribute it across multiple machines or change the values of the variables (ftproot
and ftpsite
).
cd %windir%\system32\inetsrv
REM ftproot is the location of the ftp data directory
set ftproot=%systemdrive%\inetpub\ftproot
REM ftpsite is the name of the ftp site
set ftpsite="ftp site"
if not exist “%ftproot%” (mkdir "%ftproot%")
cacls "%ftproot%" /G IUSR:W /T /E
appcmd add site /name:%ftpsite% /bindings:ftp://*:21 /physicalpath:"%ftproot%"
appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.ssl.controlChannelPolicy:"SslAllow"
appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.ssl.dataChannelPolicy:"SslAllow"
appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.authentication.basicAuthentication.enabled:true
appcmd set config %ftpsite% /section:system.ftpserver/security/authorization /+[accessType='Allow',permissions='Read,Write',roles='',users='*'] /commit:apphost
The site created allows any user that has access to the machine to login remotely with his Windows credentials. He also has both read and write access to the folder (ftproot). The site does block against anonymous user logins, though. Furthermore, while SSL is allowed, it is not required, meaning clients are not required to connect over an encrypted channel.