How do I set up Windows NT 4.0, 2000, or XP Professional to accept FTP transfers?
Note: FTP, though efficient for transferring files, lacks any significant security features. Usernames, passwords, and files are sent across the network unencrypted (i.e., in plaintext). In addition, there are no built-in safeguards to ensure that computers connecting to yours via FTP are who they claim to be. For information about secure file transfer options, see the following Information Technology Security Office page:
http://itso.iu.edu/Secure_File_Transfer_AlternativesFor your Windows workstation to be able to accept FTP connections, you must install and activate an FTP server. Follow the appropriate instructions below:
Windows 2000 and XP
Setting up an FTP server in Windows XP Professional or 2000 involves the installation of Internet Information Services (IIS) and, thus, requires administrative rights. This suite of Windows components handles all the functions formerly handled by Windows NT's Peer Web Services. IIS, and consequently FTP server capability, is not included in Windows XP Home Edition.
Note: At Indiana University, the University Information Security Office (UISO) recommends that you normally refrain from running your Windows computer as an administrator. For more, see What is the principle of least privilege?
Note: IIS is known to have serious security flaws and has been targeted by several computer viruses, including Code Red and Nimda. If you install IIS on your computer, UITS strongly advises that you also install any security update patches available from Microsoft. The appropriate patches for Windows 2000 are available at the following URL: http://support.microsoft.com/kb/300972 Microsoft claims that Windows XP already blocks the viruses in question, but you should check frequently for any updates that may be released. See the following site for IIS updates: http://technet.microsoft.com/en-us/windowsserver/2000/bb735378.aspx
Installing IIS
- For Windows XP Professional systems running in the default
Start menu configuration, click
Start, thenControl Panel, thenAdd or Remove Programs. In Windows 2000 (or in XP if it is set to classicStartmenu view), clickStart, thenSettings, thenControl Panel, and then double-clickAdd/Remove Programs.
- Click
Add/Remove Windows Components.
- Double-click
Internet Information Services. This will open another window listing the IIS subcomponents.
- Check the box next to
File Transfer Protocol (FTP) Server. TheCommon FilesandInternet Information Services Snap-Inboxes will also check by default. Make sure no other boxes are checked, and then clickOK.
Note: Windows may prompt you for your Windows CD at this point.
Configuring the FTP server
- On the desktop, double-click
My Computer, and then double-click the hard drive on which you have Windows installed.Note: The Windows XP default desktop view and
Startmenu are different from the Windows Classic View (e.g., in Windows 2000). Therefore, navigating to certain items can be different. In the interest of broad applicability, most Knowledge Base instructions assume you are using Classic View. For information about switching your Windows XP default view to Classic View, see In Windows XP, how do I switch to the Windows Classic View, Classic theme, or Classic Control Panel? - Open the folder
inetpub. Right-click theftprootfolder and selectProperties.
- Click the
Sharingtab. Select the radio buttonShare this folderand clickPermissions. From the list that appears, selectEveryone, and then clickRemove.
- Click the
Add...button. In the drop-down list, select your computer's name. In the list of user groups that appears in the center scrollbox, selectUsers. ClickAdd, thenOK. In thePermissionswindow, set the access level. If a user needs only to download files from your computer, set the access toRead. To give upload permission, also checkChange. ClickOK.
- Create user accounts for each of the individuals who will need to
access your server. You can do so by opening the
Control Paneland then double-clicking theUsers and Passwordsicon. For each user, you will need to provide a username and domain. At Indiana University, the username should be the Network ID, and the domain should beADS.
- In the main
Control Panelwindow, double-clickAdministrative Tools, and then double-click theComputer Managementicon. A new window will open. On the left, besideServices and Applications, click the+(plus sign), and then click the+(plus sign) besideInternet Information Services.
- Right-click
Default FTP serverand selectProperties. Under "Services", make sure thatAllow anonymous connectionsis not checked. This will prevent unauthorized access to your workstation. ClickOK, and then close all windows.
Windows NT 4.0
Note: For security and support reasons, UITS recommends using Windows 2000 Professional or Windows XP Professional, rather than NT Workstation 4.0, on Indiana University's network. Microsoft retired both mainstream and extended support for this version in June 2004, which means security updates are no longer being developed. For more information, see Microsoft's Windows Desktop Product Lifecycle Guidelines page at:
http://support.microsoft.com/?LN=en-us&pr=lifecycleIn Windows NT 4.0, the FTP server is included in Microsoft Peer Web Services, which is available on the NT 4.0 CD but is not installed by default. Once you install and configure Peer Web Services, the FTP server will be active.
These instructions assume that you want to grant FTP access to a limited selection of users within your domain. UITS does not recommend allowing anonymous or general FTP access to your computer.
Make sure you have the NT 4.0 installation media and Service Pack 3.0 (or higher). Throughout the process, please use the default locations when creating directories or saving files.
- Log into your domain, but make sure that you have administrative
rights to your local workstation (you may need to log out and log back
in as the local administrator).
- Install Microsoft Peer Web Services:
- Click
Start. From the menu that appears, chooseSettings, thenControl Panel. Double-click theNetworkicon. - Click the
Protocolstab. If "TCP/IP Protocol" is present in the list, continue to the next step. If "TCP/IP Protocol" is not displayed in the list, you will need to add it by clickingAdd.... From the list that appears, chooseTCP/IP Protocol, and then clickOK. - Click the
Servicestab. ClickAdd.... From the list that appears, clickMicrosoft Peer Web Server, and then clickOK. - Type the path for the Windows NT source files. For example, if
you are using the Windows NT CD-ROM in drive
D:, type: d:\i386 - Click
OKto start the Microsoft Peer Web Services Setup. - Make sure you uncheck the boxes for the other services listed.
The only boxes that should be checked are
FTP servicesand theInternet Service Manager. Do not checkInternet Service Manager for HTML. Unless you have a specific need to change the directory, just use the default offered. (This installation creates a directory calledInetpub, and within it, an FTP directory calledftproot.)
- Click
- Install (or reinstall) Service Pack 3.0 (or higher) and reboot.
The NT service packs are available from Microsoft at:
http://www.microsoft.com/msdownload/
If you see a message warning you that the version of a file being copied to your workstation is older than the version currently on your workstation, click
Yesto keep the existing file. - Configure the
ftprootdirectory to allow sharing:
- Click
Start. From the menu that appears, choosePrograms, thenWindows NT Explorer. - Select the resident drive and then the
Inetpubdirectory. - Right-click the
ftprootdirectory. Next, clickSharing..., then theShared as:radio button, thenPermissions.... From the list that appears, selectEveryone, and then clickRemove. - Click
Add.... At IU, change the directory toADS, and then clickShow Users. In the space provided, type your username, and then clickAdd. At the bottom of the window, set the type of access toFull Control. ClickOK. (To stop sharing a resource, right-click the file or folder and selectSharing.... Under theSharingtab, click theNot Sharedradio button, and then clickOK.) - Close Windows NT Explorer.
- Click
- Create and configure local accounts on your workstation for your
authorized FTP users:
- Click
Start. From the menu that appears, choosePrograms, thenAdministrative Tools, and thenUser Manager. - From the
Usermenu, selectNew User.... - Enter the appropriate information in the "Username:", "Password:",
and "Confirm Password:" fields. (The other fields are optional.)
Uncheck
User Must Change Password at Next Logon, and then clickOK. The account should show up in the "Username" list in theUser Managerwindow. - Repeat for each authorized user, and then close the window.
- Modify the local account's permissions:
- Click
Start. From the menu that appears, choosePrograms, thenMicrosoft Peer Web Services, thenInternet Services Manager. - Highlight your workstation's name. Next, right-click to pull down
the
Propertiesmenu. SelectService Properties. Under "Services", make sure thatAllow anonymous connectionsis not checked. This will prevent unauthorized access to your workstation. - Select
Directories, highlight the directory you'd like to make available, and clickEdit Properties. Check both theReadandWriteboxes. - Click
OKto return to Internet Services Manager. Close the window.
- Click
- Click
Your computer should be ready to accept FTP connections.
Last modified on November 26, 2007.






