使用 PowerShell 建置 IIS FTP Server

# 要載入此模組才有 IIS 相關指令功能 Import-Module WebAdministration # 站台名稱 $FTPSiteName = 'Your IIS FTP Site Name' # FTP 伺服器目錄 # ex $FTPRootDir = "D:\FTPRoot" $FTPRootDir = 'FTP Root Folder Path' # FTP 伺服器通訊埠 $FTPPort = 21 # FTP 使用者帳號 $FTPUserName = "Your Account" # FTP 使用者密碼 $FTPPassword = 'Your Password' # FTP 使用者群組名稱 $FTPUserGroupName = "FTP Users" # 建立 FTP 伺服器目錄 If(!(Test-Path $FTPRootDir)){     new-item $FTPRootDir -itemtype directory     Write-Host ("Create " + $FTPSiteName + " FTP Folder") -ForegroundColor Blue -BackgroundColor White }Else{     Write-Host ("Folder " + $FTPSiteName + " exist !") -ForegroundColor Red -BackgroundColor White } # 建立 FTP 站台 If((Get-Website | Where-Object { $_.physicalPath -eq $FTPRootDir } | Measure).Count -eq 0){     New-WebFtpSite -Name $FTPSiteName -Port $FTPPort -PhysicalPath $FTPRootDir     Write-Host ("Create " + $FTPRootDir + " Site !") -ForegroundColor Blue -BackgroundColor White }Else{     Write-Host ("site " + $FTPRootDir + " already exist !") -ForegroundColor Red -BackgroundColor White } # 建立 FTP 使用者帳號 If((([ADSI]"WinNT://$env:ComputerName/$FTPUserName,User").Path).length -eq 0){     $ADSI = [ADSI]”WinNT://$env:ComputerName“     $CreateUserFTPUser = $ADSI.Create("User", $FTPUserName)     $CreateUserFTPUser.SetInfo()     $CreateUserFTPUser.SetPassword($FTPPassword)     $CreateUserFTPUser.Description = “FTP User“     $CreateUserFTPUser.SetInfo()     Write-Host "Create FTP User & Setup Default Password" -ForegroundColor Blue -BackgroundColor White }Else{     Write-Host ("User Name: " + $FTPUserName + " Exist") -ForegroundColor Red -BackgroundColor White } <# 建立 FTP 群組 #> If((([ADSI]"WinNT://$env:ComputerName/$FTPUserGroupName,Group").Path).length -eq 0){     $ADSI = [ADSI]"WinNT://$env:ComputerName"     $FTPUserGroup = $ADSI.Create("Group", "$FTPUserGroupName")     $FTPUserGroup.SetInfo()     $FTPUserGroup.Description = "Members of this group can connect through FTP"     $FTPUserGroup.SetInfo()     Write-Host "Create FTP Users Group" -ForegroundColor Blue -BackgroundColor White }Else{     Write-Host ("Group Name: " + $FTPUserGroupName + " Exist") -ForegroundColor Red -BackgroundColor White } <# 把使用者帳號加入 FTP Users 群組 #> $UserAccount = New-Object System.Security.Principal.NTAccount($FTPUserName) $SID = $UserAccount.Translate([System.Security.Principal.SecurityIdentifier]).Value $Group = [ADSI]"WinNT://$env:ComputerName/$FTPUserGroupName,Group" $User = [ADSI]"WinNT://$SID" $Group.Add($User.Path) Write-Host "FTP User Join FTP Users Group" -ForegroundColor Blue -BackgroundColor White <# 設定 FTP Server 為基本驗證 #> $FTPSitePath = "IIS:\Sites\$FTPSiteName" $BasicAuth = 'ftpServer.security.authentication.basicAuthentication.enabled' Set-ItemProperty -Path $FTPSitePath -Name $BasicAuth -Value $True Write-Host "Set Authentication to BASIC" -ForegroundColor Blue -BackgroundColor White # Add an authorization read rule for FTP Users. <# 設定 FTP Users 群組可以存取 FTP Server #> $Param = @{     Filter   = "/system.ftpServer/security/authorization"     Value    = @{         accessType  = "Allow";         roles       = $FTPUserGroupName;         permissions = 1;         Users       = $FTPUserName     }     PSPath   = 'IIS:\'     Location = $FTPSiteName } Add-WebConfiguration @param Write-Host "Set FTP Users Group can Access FTP Server" -ForegroundColor Blue -BackgroundColor White # Change the SSL policy from Require SSL to Allow SSL connections $SSLPolicy = @(     'ftpServer.security.ssl.controlChannelPolicy',     'ftpServer.security.ssl.dataChannelPolicy' ) Set-ItemProperty -Path $FTPSitePath -Name $SSLPolicy[0] -Value $false Set-ItemProperty -Path $FTPSitePath -Name $SSLPolicy[1] -Value $false Write-Host "Change the SSL policy from Require SSL to Allow SSL connections" -ForegroundColor Blue -BackgroundColor White <# 設定 FTP Users 群組有 NTFS 權限存取 FTP 目錄 #> $GroupAccount = New-Object System.Security.Principal.NTAccount("$FTPUserGroupName") $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($GroupAccount,     'ReadAndExecute',     'ContainerInherit,ObjectInherit',     'None',     'Allow' ) $ACL = Get-Acl -Path $FTPRootDir $ACL.SetAccessRule($AccessRule) $ACL | Set-Acl -Path $FTPRootDir Write-Host "Set FTP Users Group has NTFS Read & Execute Permission to Access FTP Root Folder" -ForegroundColor Blue -BackgroundColor White # Restart FTP Site Restart-WebItem "IIS:\Sites\$FTPSiteName" -Verbose Write-Host "Restart FTP Server" -ForegroundColor Blue -BackgroundColor White Write-Host "It's Done!" -ForegroundColor Blue -BackgroundColor White