- Create a single FTP site with the default folder location, disallow anonymous access
- For each FTP username you want, create Active Directory or local Windows users on the IIS box with damn good passwords
- Create virtual directories in IIS with the same names as the usernames you just created. Point them to the home directories you want for your users
- For each of these folders, make sure its relavent username has NTFS write permissions
Easy! You would not want to set up thousands of users like this but if only have a couple it works a treat. Each user logging into your FTP site with their AD or local username and password (use an AD account if your FTP server is also a domain controller - yikes!) and see only their own folder.
Now, I've just got my first Windows Server 2008 web and FTP server I just assumed all this would still work, but I have just found its a bit more complicated. Actually, its positively bonkers. This example is for domain users, it might be different for local users. Anyway, to achieve the same thing in Windows Server 2008...
- Install IIS, Download the FTP server for Server 2008 (mutter mutter), set up an FTP site pointing at some empty folder - probably c:\inetpub\ftproot
- In the IIS tools, select your FTP site so all the options are displayed on the right. Select "FTP User Isolation", and set it to Isolate Users, using "user name directory" (the first Isolated option)
- In Windows Explorer, create a folder called the name of the domain (just the short version, no dots) in the ftp root folder (I really can't remember how I figured out this was needed!)
- Back in the IIS tools expand the site so you can see the new folder. Right click, New Virtual Directory. Give it one of the usernames and point it to the folder that username should be restricted to. Create a virtual directory for each of the users you want to have access.
Not the most obvious process!