Windows 2022 FTP Services

rr-4098 2,051 Reputation points
2023-06-15T03:32:41.4733333+00:00

I have never used the Windows FTP services before and have the following questions.

  1. How to you move the default directory for FTP users? Is this tied to the default site?
  2. In order to use local user account for sign in, I need to enable Basic auth correct?
  3. If I do not have a SSL cert, and use a self signed will the site still be secure?
Windows development | Internet Information Services
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
{count} votes

Accepted answer
  1. Yurong Dai-MSFT 2,846 Reputation points Microsoft External Staff
    2023-06-15T08:14:10.1533333+00:00

    Hi @rr-4098

    How to you move the default directory for FTP users? Is this tied to the default site?

    For this question, I'm not sure if you're asking about the user directory or the default home directory for FTP.

    Here's how to change the Users folder location:

    Open the FTP User Isolation icon from within the IIS website that contains your FTP and make changes as necessary, you can refer to this document for details on User Isolation: Configuring FTP User Isolation in IIS 7

    If you want to change the Default Home directory of FTP, you just need right click on the FTP site and choose Advanced Settings, then change the PhysicalPath to one you want.

    Note that these actions do not affect the default site or its configuration.

    In order to use local user account for sign in, I need to enable Basic auth correct?

    Yes, you usually need to enable basic authentication. This form of authentication requires that users valid user accounts on your server or domain before they can log in. Due to the underlying design of the File Transfer Protocol (FTP), user names and passwords are transmitted over FTP in plain text, making them vulnerable to network discovery. It is therefore recommended that you use Basic authentication with SSL.

    If I do not have a SSL cert, and use a self signed will the site still be secure?

    If you don't have an SSL certificate and use a self-signed certificate, the site will still work, but it won't provide the same level of security as a trusted SSL certificate from a recognized certificate authority. Self-signed certificates are not verified by a trusted third party, so users visiting the site may see a warning or error message indicating that the certificate is not trusted. But the actual data transmission can still be encrypted, providing a level of security.

    Be aware that self-signed certificates may be more vulnerable to certain types of attacks, so getting a trusted SSL certificate is recommended if security is a concern.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the email notification for this thread.

    Best regards,

    Yurong Dai

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Limitless Technology 44,776 Reputation points
    2023-06-15T10:38:47.1766667+00:00
    Hello rr-4098,
    
    Thank you for your question and for reaching out with your question today.
    
    When it comes to Windows FTP services, here are the answers to your questions:
    
    1. Moving the default directory for FTP users: By default, the FTP user's home directory is located at `%SystemDrive%\inetpub\ftproot`. To change the default directory for FTP users, you can follow these steps:
    
       a. Open Internet Information Services (IIS) Manager.
       b. Expand the server node and navigate to "Sites" or "FTP Sites."
       c. Select the FTP site you want to configure.
       d. Double-click on the "FTP User Isolation" feature.
       e. Choose the desired isolation mode (e.g., "User name directory" or "Physical directory").
       f. Configure the appropriate directory for each FTP user or virtual directory.
    
       Note: Moving the default directory is typically associated with configuring user isolation and can be done at the FTP site level.
    
    2. Enabling Basic authentication for local user account sign-in: Yes, to use local user accounts for FTP authentication, you need to enable Basic authentication in IIS. Here's how:
    
       a. Open IIS Manager.
       b. Navigate to the FTP site you want to configure.
       c. Double-click on the "Authentication" feature.
       d. Enable "Basic Authentication."
       e. Disable other authentication methods if desired (e.g., Anonymous authentication).
    
       With Basic authentication enabled, users will be prompted for their credentials when accessing the FTP site.
    
    3. Self-signed SSL certificate and site security: If you use a self-signed SSL certificate for your FTP site, the site will still be encrypted, providing a secure connection between the client and the server. However, self-signed certificates are not trusted by default by client systems or web browsers, which means users may see security warnings when accessing the site. To avoid these warnings, it is recommended to obtain a trusted SSL certificate from a certificate authority.
    
    It's important to note that FTP is not the most secure protocol, as data transfers are not encrypted by default. If security is a top priority, you may consider using FTPS (FTP over SSL/TLS) or SFTP (SSH File Transfer Protocol), which provide enhanced security features for FTP file transfers.
    
    Remember to always follow best practices for securing your FTP server, such as using strong passwords, limiting user access, and implementing additional security measures as needed.
    
    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
    
    If the reply was helpful, please don’t forget to upvote or accept as answer.
    
    Best regards.
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.