$FTPSiteName='CPXV2_FTP'
$FTPRootDir='D:\FTP'
$FTPPort='2121'
$Username = "ALISFTP"
$Password = ConvertTo-SecureString "Kefico!@34" -AsPlainText -Force

if (-Not (Get-LocalUser -Name $Username -ErrorAction SilentlyContinue)) 
{
    New-LocalUser -Name $Username -Password $Password -FullName "ALISFTP" -Description "FTP User for IIS"
    Add-LocalGroupMember -Group "IIS_IUSRS" -Member $Username
}

if (-Not (Test-Path $FTPRootDir)) {
    New-Item -Path $FTPRootDir -ItemType Directory -Force
    NEW-Item -Path "C:\inetpub\ftproot\LocalUser\ALISFTP" -ItemType Directory -Force
}

$Acl = Get-Acl $FTPRootDir
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
    "IIS_IUSRS", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
)
$Acl.SetAccessRule($AccessRule)
Set-Acl -Path $FTPRootDir -AclObject $Acl

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
    "USERS", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
)
$Acl.SetAccessRule($AccessRule)
Set-Acl -Path $FTPRootDir -AclObject $Acl

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
    "ALISFTP", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
)
$Acl.SetAccessRule($AccessRule)
Set-Acl -Path $FTPRootDir -AclObject $Acl

New-WebFtpSite -Name $FTPSiteName -Port $FTPPort -PhysicalPath $FTPRootDir
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[@name='CPXV2_FTP']/ftpServer/security/authentication/anonymousAuthentication" -name "enabled" -value "False"
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST" -filter "system.applicationHost/sites/site[@name='CPXV2_FTP']/ftpServer/security/authentication/basicAuthentication" -name "enabled" -value "True"

Set-WebConfigurationProperty -Filter "system.ftpServer/firewallSupport" `
    -PSPath "MACHINE/WEBROOT/APPHOST" `
    -Name "lowDataChannelPort" `
    -Value 60000

Set-WebConfigurationProperty -Filter "system.ftpServer/firewallSupport" `
    -PSPath "MACHINE/WEBROOT/APPHOST" `
    -Name "highDataChannelPort" `
    -Value 62048

$FTPSitePath = "IIS:\Sites\$FTPSiteName"
$BasicAuth = 'ftpServer.security.authentication.basicAuthentication.enabled'
Set-ItemProperty -Path $FTPSitePath -Name $BasicAuth -Value $True

$Param = @{
    Filter   = "/system.ftpServer/security/authorization"
    Value    = @{
        accessType  = "Allow"
        users = "ALISFTP"

        permissions = 3
    }
    PSPath   = 'IIS:\'
    Location = $FTPSiteName
}
Add-WebConfiguration @param

Set-ItemProperty -Path $FTPSitePath -Name 'ftpServer.security.ssl.controlChannelPolicy' -Value $false
Set-ItemProperty -Path $FTPSitePath -Name 'ftpServer.security.ssl.dataChannelPolicy' -Value $false