Configure FTP from the command line (IIS)

Published on June 26, 2012

Configure FTP from the command line (IIS)

    Continuing the study of the IIS command line begun here , I propose to get acquainted with how FTP can be configured in IIS.
    Starting with version 7, IIS introduced the universal command-line tool AppCmd. And now you can create, configure, and use FTP services from the command line in exactly the same way as you can do now (starting with IIS 7) with websites. Let's look at an example in more detail.

    Install FTP


    First you need to install the necessary components. Suppose we already have preinstalled IIS and we only need FTP services. We will use the pkgmgr package manager:
    pkgmgr /iu:IIS-FTPServer;IIS-FTPSvc;IIS-FTPExtensibility;
    


    Configure FTP


    IIS is now ready to configure the first FTP. To use AppCmd, you must use the full path to the command:% windir% \ system32 \ inetsrv \ appcmd.exe, or write the path to the PATH environment variable. It will be enough for us to run appcmd directly from its directory:

    cd %windir%\system32\inetsrv 
    set ftproot=%systemdrive%\inetpub\ftproot
    set ftpsite=MyFtp
    if not exist "%ftproot%" (mkdir "%ftproot%") 
    appcmd add site /name:%ftpsite% /bindings:ftp://*:21 /physicalpath:"%ftproot%" 
    appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.authentication.AnonimouseAuthentication.enabled:true 
    appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.ssl.controlChannelPolicy:"SslAllow" 
    appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.ssl.dataChannelPolicy:"SslAllow" 
    appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.directoryBrowse.showFlags:DisplayVirtualDirectories 
    appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.userIsolation.mode:StartInUsersDirectory 
    appcmd set config %ftpsite% /section:system.ftpserver/security/authorization /+[accessType='Allow',permissions='Read',roles='',users='*'] /commit:apphost
    

    This script will create a folder inetpub\ftprooton the system drive, and bind it to the root folder of our MyFtp site. We also configured our site to use anonymous authentication. And put SSL in allow mode (it requires by default). The last line, we have distributed read permissions to all users. Now we just have to add virtual folders to our site and we can use it, and the showFlags: DisplayVirtualDirectories parameter will allow us to see not only the root directory, but also the virtual directories too.
    And so, add the directories:
    appcmd add vdir /app.name:"%ftpsite%/" /path:/path1 /physicalPath:D:\path1
    appcmd add vdir /app.name:"%ftpsite%/" /path:/path2 /physicalPath:\\MEDIASERVER\path2
    


    Check


    To check, we also use the command line and the ftp command:
    c:\Users\User>ftp server
    Connected to SERVER.domain.corp.
    220 Microsoft FTP Service
    User (SERVER.domain.corp:(none)): anonymous
    331 Anonymous access allowed, send identity (e-mail name) as password.
    Password:
    230-User logged in.
     Win32 error:   The operation completed successfully.
     Error details: File system returned an error.
    230 End
    ftp> dir
    200 EPRT command successful.
    125 Data connection already open; Transfer starting.
    06-01-12  04:33PM       <DIR>          path1
    06-01-12  04:33PM       <DIR>          path2
    226 Transfer complete.
    ftp: 93 bytes received in 0,00Seconds 93000,00Kbytes/sec.
    ftp>
    


    Why not PowerShell


    In order to write a script for powershell, you need some minor cosmetic changes.
    So in order to install FTP services you need to do:
    Add-WindowsFeature Web-Ftp-Server,Web-Ftp-Service,Web-Ftp-Ext
    

    To create an FTP site:

    $ftproot="$env:systemdrive\inetpub\ftproot"
    $ftpsite="MyFtp"
    if (-not (test-path $ftproot)){ new-item -path $ftproot -type directory }
    new-item -path IIS:/sites/$ftpsite -type site -bindings @{protocol='ftp';bindingInformation=':21:'} -physicalpath:$ftproot
    


    Similarly, you can add virtual directories:
    new-item -path IIS:/sites/$ftpsite/path1 -type virtualdirectory -physicalpath d:\share
    

    But I did not find a solution to working with the configuration of intelligible solutions. All that I found here and here . The latter did not inspire me in the light of the fact that some changes should be made at the APPHOST level.
    So if there are suggestions and comments - always welcome. With pleasure I will add.