You could use an SSH server, running on your Windows server to provide a Secure-FTP (SFTP) service. Google turns up several good descriptions on this, like this one:
I would recommend Van Dyke (http://www.vandyke.com) for one of many good commercial SSH server implementations for Windows. Open source alternatives include the SSHWindows project (http://sshwindows.sourceforge.net).
In any case, follow best practices for allowing access to your server, including:
- configure the SSH server to only allow the minimum access necessary, including restricting or disallowing interactive SSH command line access
- use distinct accounts for the fewest users possible, ideally an individual account per user
- use public key authentication where possible instead of username / passwords (requires out-of-band or secure distribution of the keys)
- enable SSH server logging and ensure your log monitoring tools are receiving events from the SSH server
Note this is an incomplete list, just off the top of my head.
Hopefully this helps.