IIS Answers tm                                                                                          
Support Central for Internet Information Server 4 and 5   

IIS Answers - Top 10 FAQ
How to Redirect Users to their Own Folder Using FTP

Ultimate IIS
hands-on, fast track, up-to-date training on IIS 4 and 5

IIS Lists
moderated email discussions on IIS related topics

About Brett Hill

Contact Information

IIS Administrator Newsletter
published by Windows 2000 magazine. See IIS Informant articles.
Microsoft's FTP service is an odd bird. It's a useful, but limited service overall when compared to IIS. Nevertheless, the question of sending users to a private folder comes up many times so here's how to do it.

Step 1: Create a home folder for your user.

Typically, this will be a subfolder under a parent folder that is named exactly the same as the username.  All users will need the right to Log on Locally. Of course, Admins should have full control of everything all the time :)

TIP: Do not set NTFS permissions yet. If you do, be sure the System account has access to the users' folder or you will get a 'stop sign" error when you try to create the Virtual Directory.

Step 2:  Create a Virtual Directory and map the user's folder.

The trick here is that the Virtual Directory has to be the exact same name as the user. In this case, we create a folder called BartS and map it to FTPusers/BartS. Note that the directory name is case sensitive!

Step 3:  Enable Write on the Virtual Directory

Unless this is a read-only FTP site, enable the write permission on the FTP snap in.

Step 4:  Remove Anonymous authentication from the Virtual Directory.

Uncheck the "Allow only anonymous authentication" on the Security Acccounts tab. Now, when BartS logs on, he will be automatically placed in his user folder.

Step 5: Assign NTFS permissions.

For the parent folder of your users' folders, you can assign No Access to the anonymous account. Despite what some KB articles say, the user does not need permissions to the parent folder. The System account, however, does need access to this folder so Everyone, No Access is not a good idea. If the System account can't access the folder,  you can have problems later when you go to make changes to the FTP server setup for the user.

For the users' folders, NTFS permissions Read and Write are typical. Execute permissions should be avoided.  Remove Everyone from the access list and add the user's account. According to your policy, you may or may not include Administrators.

That's it! Now when users log on with FTP, they will be routed to their own FTP folder.

TIP: You can keep users from seeing folders for other users:
1. Point your FTP server to an empty root. Fine to use Inetpub/ftproot, just don't put anything in there or your users will see it.
2. Map your users' Virtual Folders to a location outside of the FTP server virtual root. By keeping your users' folders in the same parent folder outside of the virtual FTP root, when they go "up" in the directory tree from their personal folder, they will be magically transported to the empty FTProot.

WARNING. Password sent to the FTP service are sent in absolute cleartext. SSL can't be used and you can't use NTFS authentication. No good solution exists for this problem using native Microsoft FTP server.