Share via

Creating a New FTP Site with Isolate Users Mode

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008

Isolate users mode authenticates users against local or domain accounts before they can access the home directory that matches their user name. All user home directories are in a directory structure under a single FTP root directory where each user is placed and restricted to their home directory. Users are not permitted to navigate out of their home directory. If users need access to dedicated shared folders, you can also establish a virtual root. This mode does not authenticate against Active Directory directory service.


You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

To create a new FTP site with Isolate users mode

  1. In IIS Manager, click the local computer, right-click the FTP Sites folder, point to New, and then click FTP Site.

  2. In Welcome to the FTP Site Creation Wizard, click Next.

  3. In FTP Site Description, type a description for the FTP site, and then click Next.

  4. In IP Address and Port Settings, type an IP address and port number, and then click Next.

  5. In FTP User Isolation, click Isolate users, and then click Next.

  6. In FTP Site Home Directory, type or browse to the FTP site home directory, and then click Next.

  7. Enable the Read and Write permissions as appropriate, and then click Next, and click Finish.


Adhere to the following convention when creating each user's FTP site directories:

  • If anonymous access is allowed, create the subdirectories LocalUser and LocalUser\Publicunder the FTP site home directory.

  • If users of the local computer log on with their individual account user names (rather than as anonymous users), create the subdirectory LocalUserand a separate directory **LocalUser\**UserName under the FTP site home directory for each user allowed to connect to the FTP site.

  • If users of different domains log on with their explicit Domain\UserName credentials, create a subdirectory for each domain (by using the name of the domain) under the FTP site root directory. Under each domain directory, create a directory for each user. For example, to support access by user Contoso\user1, create the Contoso and Contoso\user1 directories.