File Transfer Protocol (FTP) provides a fast way to transfer files for just about any OS via the Internet, which is why many people think of Linux when they think of setting up an FTP site. However, Windows 2000 and even Windows NT servers can act as FTP servers, providing a file-sharing service to users and customers and giving added value to your server investment. In this Daily Drill Down, I’ll explain how to set up and configure an FTP server using Windows 2000 and Windows NT.

Why would I need an FTP server?
Although not as user-friendly as transferring files from a Web site using the HTTP protocol, FTP is much faster. Because it’s standards-based, an FTP server can store files for just about any OS that can support an FTP client. So, supporting FTP on your Windows server might be the only way to share files with OSs that don’t have Active Directory clients such as OS/2 and Linux.

Also, using an FTP server, you can share the files on your servers with users outside of your LAN without having to go through the headaches of configuring Routing and Remote Access Services (RRAS). If your server is connected to the Internet, users on the outside can’t connect to it using their regular Microsoft client, but they can if you’ve configured an FTP server. Although it’s not as handy as the direct connection the client provides, it still gives your users or customers a way to access files.

Setting up the service
The Windows 2000 FTP server functions as a part of IIS 5.0. Although you probably installed Internet Information Services (IIS) when you installed your Windows 2000 server, you should make sure that both IIS and its FTP component are installed before proceeding. To do so, click Start | Settings | Control Panel. When Control Panel appears, double-click Add/Remove Programs. In the left pane of the Add/Remove Programs window, click Add/Remove Windows Components.

You’ll then see the Windows Components wizard. Scroll down the Components list until you see Internet Information Services (IIS). Select it and click Details. The IIS window then appears. Scroll through the Subcomponents Of Internet Information Services (IIS) list box and make sure that the following files are selected:

  • Common Files
  • Documentation
  • File Transfer Protocol (FTP) Server
  • Internet Information Services Snap-In

If all of the components are selected, you’re ready to go. Just click Cancel and close the wizard. Select any components you will need, and then click OK. Follow your way through the wizard answering any questions it provides.

If the wizard asks you for a path for an FTP root folder, you can enter any directory you want. The default is C:\Inetpub\Ftproot. If you want to choose a different location, go ahead, but make sure that you select a hard drive formatted as NTFS.

Configuring FTP
After you’ve ensured that the service exists on your server, you’re ready to configure it for your clients. To begin, click Start | Programs | Administrative Tools | Internet Services Manager. You’ll then see the Internet Services Manager MMC appear. In the left pane, click on your Windows 2000 server. All the available IIS services for the server will appear in the right pane.

To configure the FTP server, right-click Default FTP Site and click Properties to view the Default FTP Site Properties screen shown in Figure A.

Figure A
Configure your Windows FTP server from the Default FTP Site Properties page.

On this screen, you can completely configure access to the FTP server by editing items on the property pages.

The FTP Site tab
The FTP Site tab controls the server’s identification, connection settings, and logging. In the Identification box, you can change the name of the server by entering a name in the Description field. The IP Address drop-down list controls the IP address on which the FTP server listens. However, you’ll only need to specify this if your Windows 2000 server has more than one NIC. The TCP Port field controls the port on which the server listens. By default, the FTP server listens on the Internet standard port of 21. You can change this port number to any number you want or leave it set to the default.

The Connection box controls how many users can access the server at one time. Select Unlimited if you don’t want to set a limit to the number of users who can use the FTP server. If you expect a lot of traffic or have limited bandwidth, you probably should enter a low number in the Limited To field; the exact number will depend on the number of people you expect to be accessing the server at once. You may also want to set a low number for the Connection Timeout field to make sure that users don’t consume a session by idling. For example, rather than the default value of 900 seconds (15 minutes), you may want to have idle sessions time out in 300 seconds (5 minutes).

If you select Enable Logging, you can log access to your FTP server. Choose between three logging formats:

  • Microsoft IIS Log File Format
  • OBDC Logging
  • W3C Extended Log Format

Finally, you can see who’s connected to your FTP server by clicking the Current Sessions button.

The Security Accounts tab
On the Security Accounts tab, you can control who can access files on your FTP server. Selecting Allow Anonymous Connections means anyone can access the server. Windows 2000 will use the user ID that you enter in the Username field to access your server. If you want users to use their Windows 2000 login ID and password, deselect Allow Anonymous Connections.

The Messages tab
The Messages tab provides a place for you to display messages to FTP users. Messages are in a free-form text basis. You can enter three types of messages:

  • Welcome: These are messages that appear on screen when users log in to the FTP server. You can use this message to remind users of your download and upload policies.
  • Exit: This message would appear when a user logs off the FTP server. Because users will typically just close their FTP programs rather than logging off, don’t expect them to see this.
  • Maximum Connections: This message would appear when a user tries to log on to the FTP server but the FTP server won’t let them on because the maximum number of users is currently logged on. You’ll use this to give them alternate FTP site addresses or remind them about your reconnection policy.

The Home Directory tab
This tab controls where FTP files reside. By default, they reside on the server in the FTP directory you specified when you installed FTP. You can also locate the files on a shared drive on another server on your network. The FTP Site Directory box on this tab allows you change the default FTP directory.

It also allows you to control whether users can only download files from the FTP site or whether they can also upload them. By default, the Read box is selected, which allows downloads. To allow uploads, select the Write box.

This tab also allows you to control how files appear to the FTP client software. By selecting UNIX or MS-DOS Directory Listing styles, you can alter the way files and dates appear when clients obtain file directories.

The Directory Security tab
The Directory Security tab gives you a place to lock down which computers can access the FTP server. By default, all computers can access the FTP server. You can change this by clicking the Denied Access radio button. Doing so will block all users from accessing the FTP server.

The Except Those Listed Below list box allows you to provide a list of TCP/IP addresses that are the exceptions to the Grant Access or Deny Access rules. So, if you want to block the entire planet except for a range of local TCP/IP addresses, you’d select Deny Access and then add the range of addresses that were allowed to the list box. Conversely, if you wanted to grant access to everyone but wanted to block selected addresses of known hackers, you’d select Grant Access and then add the list of addresses you want to block to the list box.

Making the connection
After you’ve made the configurations you want, click OK to close the Default FTP Site properties page. Make sure the FTP server is ready to accept connections by looking at the center pane of the IIS MMC. Verify that the Default FTP Site status shows Running in the State column. If it does, you’re ready. Fire up an FTP client program on a workstation and try it out.

Windows NT 4.0 can do it too
If you have some old Windows NT 4.0 servers still on your network, you can use them as FTP servers too. Windows NT 4.0 supports FTP as part of IIS, just like in Windows 2000, and it works very similarly to the way it does under IIS 5.0 on Windows 2000. You can deploy FTP using IIS 2.0 and IIS 3.0 that came with earlier versions of Windows NT 4.0, but you really should apply the latest service packs and install IIS 4.0, as it is faster, more stable, and more secure than previous versions.

To configure FTP on Windows NT 4.0, click Start | Programs | Windows NT 4.0 Option Pack | Microsoft Internet Information Server | Internet Service Manger. When the Internet Server Manager starts, the same instructions from above on configuring FTP also apply to Windows NT.

FTP is easy to use, simple to setup and administer, and a fast way to transfer files. For Windows 2000 servers, using FTP can be a good way to get some added value out of your investment. And deploying FTP on your Windows NT 4.0 servers can allow you to squeeze a few more years of productivity out of them.