Setting up FTP Server on Small Business Server (SBS 2003)

Setting up FTP Server on Small Business Server (SBS 2003)
Page content

Installing and Running FTP on Windows Small Business Server 2003

Assumptions

Small Business Server 2003

IIS is already installed

Separate broadband router, such as Linksys router, connecting to the Internet via DSL or Cable Modem

Overview

One of the most common setup scenarios for SBS 2003 servers is to install IIS.

Here we assume IIS has been installed.

The underlying issue is that the File Transfer Protocol (FTP) service is not installed by default.

File Transfer Protocol (FTP) utilizes TCP port 21

The FTP service allows file transfer protocol connections to the server.

Since FTP is not installed by default, to use your SBS server as an FTP server, you need to install and configure the FTP service.

Details and References

Details

  1. Install the FTP service.

a. Ensure you have your SBS Media in your SBS server CD or DVD drive, or that you have an on-disk (or network-available) copy of the SBS media to which you can point during setup of FTP.

b. Log into your SBS server as an administrator.

c. Do the following:

Start

Control Panel

Double-click Add or Remove Programs; then click Add/Remove Windows Components.

This brings up the Windows Components Wizard. Under Components, click Internet Information Services; then click Details.

Within the details dialog box, click the check-box beside the FTP Service (make sure it is ‘checked’); then click OK.

Click Next. You should see a status bar showing the progress of the setup.

If the SBS routines find the setup files in their path, they will proceed with the install of FTP; otherwise, they will prompt you with a message similar to “Please insert the SBS setup CD.” This option will allow you also to browse to / point to where the setup files may be located. We will assume you have the setup files on the hard drive under c:\sbssetup and that you browse to that location.

When Setup is done, Click Finish to close the wizard.

Steps

  1. Install the FTP service.

a. Ensure you have your SBS Media in your SBS server CD or DVD drive, or that you have an on-disk (or network-available) copy of the SBS media to which you can point during setup of FTP.

b. Log into your SBS server as an administrator.

c. Do the following:

Start

Control Panel

Double-click Add or Remove Programs; then click Add/Remove Windows Components.

This brings up the Windows Components Wizard. Under Components, click Internet Information Services; then click Details.

Within the details dialog box, click the check-box beside the FTP Service (make sure it is ‘checked’); then click OK.

Click Next. You should see a status bar showing the progress of the setup.

If the SBS routines find the setup files in their path, they will proceed with the install of FTP; otherwise, they will prompt you with a message similar to “Please insert the SBS setup CD.” This option will allow you also to browse to / point to where the setup files may be located. We will assume you have the setup files on the hard drive under c:\sbssetup and that you browse to that location.

When Setup is done, Click Finish to close the wizard.

  1. Ensure the FTP service is started. After FTP has been installed, go to ‘services’ (Click = ‘Start’, then browse to ‘Run’, then type ‘services.msc’ and press ) This will take you to the services control user interface, which allows you to start/stop services and set service parameters.

Highlight the FTP service, right-click it, then go to ‘Properties,’ and ensure the FTP service is ‘Started’ and is set for Automatic startup.

  1. Enable any firewall / router rules to allow FTP inbound through the firewall. Whichever firewall you are using the - SBS server’s built-in firewall or a Linksys broadband router - you must allow Port 21 to pass inbound through the firewall. The assumption is that you want to provide inbound FTP capability to outside clients.

We will assume a Linksys broadband router, in which case you go to its configuration page and Enable the ‘Virtual Server’ option for FTP. This basically is a pre-defined application service on Linksys that has the necessary port listed and makes for easily allowing FTP inbound to your network.

The specific instructions will vary by firewall or router vendor and model

  1. Setup any FTP ‘virtual directories,’ which are logical pointers to folders on your server where FTP files will reside.

Go to the IIS management interface, expand the FTP server, right click on it, click “New,”

then “Virtual Folder” and give a name to the virtual folder.

Example: Let’s say you setup a windows folder C:\patches to hold all MS patches.

Now, assume you want Microsoft Engineering to be able send a file inbound to your FTP server, to that virtual folder.

So, for the virtual folder name, you choose a useful name, such as “patches,” and you point it to the “c:\patches” folder.

Note: Be sure you click the check-box for “Allow Write” in the settings of the virtual folder, so that authorized external users can write to the virtual folder

Note also: When you connect inbound to this server and authenticate, the virtual folder name can be used in “cd” (change directory) commands - i.e., after you are connected, ftp> cd /patches (this will take you to the ‘patches’ virtual FTP folder)

Steps - Continued from Page 1

  1. Create an FTP user group (on a non-domain server [single server with Active Directory], this will be a “local group;” on an Active Directory domain, this will be a “Global Security group”).

Assuming we have an Active Directory domain: From Windows 2003 Active Directory Users and Computers, create a Group called “FTP Users.”

  1. Create an FTP-authorized user (alternatively, you can add existing users to the “FTP Users” group)

Assuming a new user: From AD Users and Computers, create a user called “mseng” (for Microsoft Engineering).

Set a complex password for the “mseng” user (8 or more characters, containing an upper-case, a lower-case, at least one number and at least one special character. Set the user account per your policy - i.e., if you never expire nor force password changes on external FTP users, then set the account password to “never expire.”

Add the “mseng” user to the “FTP Users” group.

  1. Add FTP Users group for access to the folder. In Windows 2003, navigate to the folder c:\patches, right-click the folder, go to the Security tab and add the “FTP Users” group to this “c:\patches” folder - ensure that you select “modify” access to the c:\patches folder, so that any future users added to the “FTP Users” group will be allowed to write to this folder.

  2. Test the FTP user and connectivity from both an internal and external workstation. Here we assume that, from your inside network, you have gone to https://www.whatismyip.com and obtained the IP address of your outside interface - or that you made note of the address while you were setting up the FTP inbound rules on your firewall. We will assume also that you know the internal IP address of your server - for the internal FTP test. Either way, we will refer to the destination FTP server address the “FTP-server-IP.”

First, create a ’test’ file on your local FTP client workstation (the one from which you will be initiating the FTP connection).

Click Start, browse to Run, type the word “command” and press - this will take you to the command line interface

Type “cd/d c:\” and press - this will take you to the top of the C:\ drive

Create a ‘myfile.txt’ file at the top of your C: drive, with just a single word, such as ’test’ in the text file (use ’notepad’ to create it).

a) Internally - go to a workstation on your internal network, go to a command line, type FTP and press , then follow the steps after “b” below

b) Externally - go to a workstation outside your network, go to a command line, type FTP and press , then follow the steps below

From the command line, type FTP and press - this will take you into the FTP client interface

This will take you to the FTP client interface prompt, similar to this: ftp>

From the ftp client prompt, type “open FTP-server-IP” (where the FTP-server-IP is the internal or external IP address

ftp> open FTP-server-IP (where FTP-server-IP might be your internal server IP, such as 192.168.1.14 [if you are testing internally]; or it might be something like 98.193.206.17 [if you are testing from outside your network, FTPing into your network])

Username: mseng (or “mydomain\mseng” [where ‘mydomain’ is the AD domain name of your internal domain)

Password: whatever-complex-password-you-set-for-the-account

Now, do both a “put” (file send to the server) and a “get” (file retrieve from the server)

ftp> put myfile.txt myfile.txt (you should see a message showing that a file was successfully created)

ftp> get myfile.txt c:\newfile.txt (you should see a message showing that a file was successfully retrieved [newfile.txt file created])

Exit from FTP:

ftp> bye

c:\>

That’s about all there is to it. You’ve installed, configured and tested FTP and allowed it through your firewall.

References:

Microsoft documentation on setup/install of SBS 2003 can be found here.

A detailed MSDN Article on setting up FTP can be found here.