Tip #91: Did you know … How to automate FTP 7.5 installation and site creation?

With the imminent release of Windows 7 and Server 2008 R2 to the general public, some of you may want to automate the installation FTP 7.5 on the machine. Thanks to pkgmgr, this is made amazingly simple!
To install both the UI and the FTP service, simply run the following command in an elevated cmd shell:

cmd /c "pkgmgr /iu:IIS-FTPSvc;IIS-FTPExtensibility”

However, for a more lightweight installation where you just want to install the service, this is possible via:

cmd /c "pkgmgr /iu:IIS-FTPSvc”

On this line of thinking about automating simple and common tasks, here’s a simple batch script that sets up a basic ftp site on port 21 with a data directory at C:\inetpub\ftproot (can be a different drive depending on system) and allows read/write access to all users who already have access to the would-be server. NOTE: NO FURTHER SECURITY IS IN PLACE.

You can copy and paste this directly into an elevated cmd shell window or make a batch file out of it to distribute it across multiple machines or change the values of the variables (ftproot and ftpsite).

 cd %windir%\system32\inetsrv 
 REM ftproot is the location of the ftp data directory 
 set ftproot=%systemdrive%\inetpub\ftproot 
 REM ftpsite is the name of the ftp site 
 set ftpsite="ftp site" 
 if not exist "%ftproot%" (mkdir "%ftproot%") 
 cacls "%ftproot%" /G IUSR:W /T /E 
 appcmd add site /name:%ftpsite% /bindings:ftp://*:21 /physicalpath:"%ftproot%" 
 appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.ssl.controlChannelPolicy:"SslAllow" 
 appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.ssl.dataChannelPolicy:"SslAllow" 
 appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.authentication.basicAuthentication.enabled:true 
 appcmd set config %ftpsite% /section:system.ftpserver/security/authorization /+[accessType='Allow',permissions='Read,Write',roles='',users='*'] /commit:apphost 

The site created allows any user that has access to the machine to login remotely with his Windows credentials. He also has both read and write access to the folder (ftproot). The site does block against anonymous user logins, though. Furthermore, while SSL is allowed, it is not required, meaning clients are not required to connect over an encrypted channel.

Kern Handa | SDET | IIS Team