Automate FTP 7.5 installation and FTP site creation

With the imminent release of Windows 7 and Server 2008 R2 to the general public, some of you may want to automate the installation FTP 7.5 on the machine. Thanks to pkgmgr, this is made amazingly simple!
To install both the UI and the FTP service, simply run the following command in an elevated cmd shell:


cmd /c "pkgmgr /iu:IIS-FTPSvc;IIS-FTPExtensibility”

However, for a more lightweight installation where you just want to install the service, this is possible via:


cmd /c "pkgmgr /iu:IIS-FTPSvc”

On this line of thinking about automating simple and common tasks, here’s a simple batch script that sets up a basic ftp site on port 21 with a data directory at C:\inetpub\ftproot (can be a different drive depending on system) and allows read/write access to all users who already have access to the would-be server. NOTE: NO FURTHER SECURITY IS IN PLACE.


You can copy and paste this directly into an elevated cmd shell window or make a batch file out of it to distribute it across multiple machines or change the values of the variables (ftproot and ftpsite).


cd %windir%\system32\inetsrv 
REM ftproot is the location of the ftp data directory 
set ftproot=%systemdrive%\inetpub\ftproot 
REM ftpsite is the name of the ftp site 
set ftpsite="ftp site" 
if not exist “%ftproot%” (mkdir "%ftproot%") 
cacls "%ftproot%" /G IUSR:W /T /E 
appcmd add site /name:%ftpsite% /bindings:ftp://*:21 /physicalpath:"%ftproot%" 
appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.ssl.controlChannelPolicy:"SslAllow" 
appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.ssl.dataChannelPolicy:"SslAllow" 
appcmd set config -section:system.applicationHost/sites /[name='%ftpsite%'].ftpServer.security.authentication.basicAuthentication.enabled:true 
appcmd set config %ftpsite% /section:system.ftpserver/security/authorization /+[accessType='Allow',permissions='Read,Write',roles='',users='*'] /commit:apphost


The site created allows any user that has access to the machine to login remotely with his Windows credentials. He also has both read and write access to the folder (ftproot). The site does block against anonymous user logins, though. Furthermore, while SSL is allowed, it is not required, meaning clients are not required to connect over an encrypted channel.

2 Comments

  • Your code can be changed a bit regarding to double quotes if the sitename contains space. I changed to following to associate ftp with "Default Web Site"

    cd %windir%\system32\inetsrv

    set ftpsite=Default Web Site
    set ftproot=%systemdrive%\inetpub\wwwroot

    appcmd set SITE "%ftpsite%" /bindings:ftp://*:21,http://*:80
    appcmd set config -section:system.applicationHost/sites "/[name='%ftpsite%'].ftpServer.security.ssl.controlChannelPolicy:SslAllow"
    appcmd set config -section:system.applicationHost/sites "/[name='%ftpsite%'].ftpServer.security.ssl.dataChannelPolicy:SslAllow"
    appcmd set config -section:system.applicationHost/sites "/[name='%ftpsite%'].ftpServer.security.authentication.basicAuthentication.enabled:true"
    appcmd set config -section:system.applicationHost/sites "/[name='%ftpsite%'].ftpServer.security.authentication.anonymousAuthentication.enabled:true"

    @REM Before adding all user read/write permission, remove all users in case it's there already
    appcmd set config "%ftpsite%" /section:system.ftpserver/security/authorization /-[users='*'] /commit:apphost
    appcmd set config "%ftpsite%" /section:system.ftpserver/security/authorization /+[accessType='Allow',permissions='Read,Write',roles='',users='*'] /commit:apphost

  • very good admin

Comments have been disabled for this content.