FTP: Creating Users Manually in IIS

Creating the User

  1. First, you’ll want to navigate to the FTP site in IIS, then open the “FTP Authorization Rules.” Make a note of which specific user groups, if any, are allowed FTP access; in this case, we can see it’s limited to users in the “FtpUsers” group.

    If no Roles are specified, then any user can connect via FTP, and you can skip steps 1-3 in the “Setting Permissions for the New User” section of this article.

  1. Once you know which groups are allowed FTP access, open up the “Computer Management” tool and go to “System Tools > Local Users and Groups > Users.

    Once you’re there, you can right click on any blank space in the middle box, or select “More Actions” on the right-hand side, and select “New User.

  1. In the New User window, you’ll need to create a username and password. The Full Name and Description boxes are optional, but can be useful for organizing a large number of users.

    By default, the “User must change password at next logon” box will be checked; we’d generally recommend disabling this and checking the “Password Never Expires” option.

    Then, just click the “Create” button, and you’ll have your new user.

Setting Permissions for the New User

Once the new user has been created, it needs to be assigned the proper permissions to make it an FTP User, rather than just another user on the server.

  1. In the Computer Management screen, right click on the new user and select “Properties.” From there, navigate to the “Member Of” tab.

  1. Since FTP Authorization is limited to those in the FtpUser group on this server, we’ll first want to select the “Users” group in this list, remove it, then click “Apply.” Then, click the “Add” button to bring up the “Select Groups” window.

  1. In the box at the bottom of the Select Groups window, type in the name of the user group with FTP authorization, then click on “Check Names” to verify the group exists as typed.

    From there, just click the OK button to add the user to that group, then click “Apply” again in the Properties window.



  1. Now that the user is part of the group with FTP Authorization, we’ll need to go back to IIS and create a new Virtual Directory. Just navigate down to the FTP site, right click on the “LocalUser” virtual directory, and select “Add Virtual Directory.”

  1. Provide the name of the user in the “Alias” field, and set the “Physical Path” to whatever directory you want the user to be able to access through FTP.

  1. Next, you’ll need to navigate to the physical path that was specified, right click the directory they’ll need access to, and select “Properties.”

    From there, you’ll go to the “Security” tab, click the “Edit” button, then the “Add” button in the new window.

  1. Much like when we added the user to the FtpUsers group, we’ll type in the name of the user in the bottom box of the “Select Users or Groups window” and select “Check Names,” then click the OK button.


  1. Once the user has been added to the directory permissions, make sure it has the following permissions:

    a. Read & Execute
    b. List Folder Contents
    c. Read
    d. Write

    Then click “Apply” and “OK.

Congratulations! You’ve now created a functioning FTP User.

Adding an IP to the FTP Firewall Rule

As a final step, you’ll need to add the IP address for whoever is going to be connecting to the server with this new user.

  1. Use the Windows Search bar to pull up the “Windows Defender Firewall with Advanced Security” window.

  1. Go to “Inbound Rules,” right click on the rule “FTP Server (FTP Traffic-in),” and select “Properties.”

  1. In the new Properties window, navigate to the “Scope” tab, click the “Add” button under “Remote IP Addresses,” then provide the IP address in question in the new window.

    Finally, just click the “Apply” button in the Properties window, and the new user will be able to connect from that IP.

And with that, the process of adding and allowing a new FTP user is complete. If you encounter any issues while following these steps, please feel free to reach out to us at [email protected].