This topic describes how to build an FTP site on a Windows instance. This method is applicable to Windows Server 2008 and later. In this example, Windows Server 2012 R2 is used.


  • You must have registered an Alibaba Cloud account. If not, create a new Alibaba Cloud account first.
  • You must have created an ECS instance. The resources of the instance used in this topic are as follows:
    • Instance type: ecs.c6.large
    • Operating system: Windows Server 2012 R2 64-bit


Step 1: Add IIS and FTP server roles

You must install IIS and FTP services before you build an FTP site.

  1. Connect to the Windows ECS instance. For more information, see Connect to a Windows instance.
  2. In the taskbar, click the Server Manager icon.
    server manager
  3. In the top navigation bar, choose Manage > Add Roles and Features.
  4. In the dialog box that appears, keep the default settings and click Next to go to the Select server roles step.
  5. Select Web Server (IIS). In the message that appears, click Add Features and then click Next.
    web server
  6. In the Select role services step, select IIS Management Console and FTP Server, and then click Next.
    ftp server
  7. Click Install.

Step 2: Create an FTP username and password

To create a username and password for FTP, perform the following operations. If you want to allow access to the site from anonymous users, skip this step.

  1. In the taskbar, click Start.
  2. Click Administrative Tools and double-click Computer Management.
  3. In the left-side navigation pane, choose Local Users and Groups > Users.
  4. Right-click anywhere in the blank space in the middle and choose New User... from the shortcut menu.
    In this example, the username is ftptest.
    Note The password must contain uppercase letters, lowercase letters, and digits. Otherwise, the password is invalid.

Step 3: Configure permissions for a shared file

You must configure access and modification permissions on the folder shared to users on the FTP site.

  1. Create a folder for FTP on the server disk. Right-click the folder and choose Properties from the shortcut menu.
    In this example, a folder named ftp is created under Disk C.
  2. Click the Security tab and click Edit.
  3. Click Add.
  4. In the dialog box that appears, enter Everyone for the object name and click OK.
  5. In the Group or user names section, click Everyone and configure permissions for Everyone as needed. Then, click OK.
    In this example, all permissions are granted.

Step 4: Create and configure an FTP site

After you install FTP and configure permissions on the shared folder, perform the following operations to create an FTP site:

  1. In the taskbar, click the Server Manager icon.
  2. In the top navigation bar, choose Administrative Tools > Internet Information Services (IIS) Manager.
  3. In the left-side navigation pane, right-click Sites and choose Add FTP Site... from the shortcut menu.
    add FTP
  4. In the dialog box that appears, enter the FTP site name and Physical path of the shared folder, and then click Next.
    In this example, the FTP site name is set to ftptest and the Physical path is set to the path of the FTP folder created in Step 3: Configure permissions for a shared file.
  5. Keep the default All Assigned selection for the IP Address field. You can configure a port number as needed. The default FTP port is 21.
  6. Select one of the following options for the SSL field and click Next.
    • Allow SSL: allows the FTP server to connect to the client in the both SSL encrypted and unencrypted states.
    • Require SSL: requires SSL encryption for communication between the FTP server and the client.
    • No SSL: does not require SSL encryption.
  7. Select one or more authentication methods.
    • Anonymous: allows users that provide the anonymous or ftp username to access the content.
    • Basic: requires users to provide valid usernames and passwords to access the content. The basic authentication method transmits the unencrypted password through the network. Therefore, you must only use the basic authentication method when you are sure that the connection between the client and the FTP server is secure, such as when SSL encryption is used.
  8. Select one of the following options from the Allow access to: drop-down list:
    • All users: All users, both anonymous and identified users, can access the relevant content.
    • Anonymous users: Anonymous users can access the relevant content.
    • Specified roles or user groups: Only specific roles or members of the specified user group can access the relevant content. Enter the role or user group in the corresponding field.
    • Specified users: Only specified users can access the relevant content. Enter the usernames in the corresponding field.
  9. Select the Read and Write permissions for the authorized users. Click Finish.

After the preceding operations are complete, you can view information about the FTP site.

Step 5: Configure security groups and the firewall

After the FTP site is built, you must create an inbound rule for security groups of the instance to allow traffic on the FTP port. For more information, see Add security group rules. For more information about specific configurations, see Scenarios for security groups and Typical applications of commonly used ports.

By default, the instance firewall allows traffic for the FTP service on TCP port 21. If you want to use other ports, you must create a new rule as an inbound rule of the firewall.

For more information about firewall configurations, visit Build an FTP Site on IIS.

Step 6: Test the client

To test the client, perform the following operations:

  1. Configure Internet Explorer.
    1. Open Internet Explorer and choose Tools > Internet options.
    2. Click the Advanced tab. In the Settings section, select Enable folder view for FTP sites and clear Use Passive FTP (for firewall and DSL modem compatibility).
  2. Double-click This PC. In the search box, enter ftp://IP address of the server:FTP port. If you do not specify a port, the default port 21 is used. For example, you can enter

    If a dialog box that prompts you to enter your username and password appears, the configuration is complete. After you enter the username and password, you can perform FTP file operations based on your permissions. In this example, the ftptest username and the corresponding password configured in the Step 2: Create an FTP username and password section are used.

What to do next

You can perform security hardening on the FTP service. For more information, see FTP anonymous logon and weak password vulnerabilities.

If you want to manage files stored on Object Storage Service (OSS) based on FTP, you can install ossftp. For more information, see Quick installation of ossftp. After ossftp receives a common FTP request, ossftp will map operations on files and folders as operations on OSS.