The built-in FTP service for Windows is part of the IIS web server and is quite complicated to set up and get working for many applications.

We generally use the free FileZilla Server for Windows FTP server requirements.

As an administrator, on the FileZilla server:

1. Create a FTP home directory for the new user
   • Probably a sub-directory of your main FTP top-level share
   • ex: E:\Shares\FTP\jdoe
2. Open the FileZilla Server Interface on your server
3. Edit → Users → Add
4. Define account settings
5. Add the shared folder (FTP home directory)
6. Set permissions to the shared folder

The FileZilla Server supports:

• Unencrypted (normal) FTP
• FTP over TLS (FTPS), including
  • Explicit on port 21
  • Implicit on port 990

However, FileZilla Server does not support SFTP (SCP/SSH)

1. Create a dedicated filezilla user account to run the FileZilla server process
   • Member of the Administrators group
   • Password never expires
2. Download and install the latest FileZilla Server version
   • https://wiki.filezilla-project.org/FileZilla_FTP_Server
3. Modify the FileZilla Server service (Log On tab) to run as the filezilla user
   • services.msc
4. Configure Passive Mode settings
   • Specify a range of ports (5000-5010 used here)
5. Configure FTPS (TLS) security with a self-signed certificate
   • FTP over TLS settings
   • Generate a new certificate
6. Modify the Windows firewall to permit FTP traffic
   • Add a rule named FTP Ports
   • TCP ports 21 and 990
   • Also add the Passive Mode port range you define (5000-5010 used here)
7. In your external firewall, forward all the same ports in to the FileZilla Server

Make sure the FileZilla Server process is running under a user with administrative permissions. We add the filezilla user to the Administrators group.