isolate users. In the home dir. i have got divergent maps. It’s the meaning that users can only access their own map with the right username and password. How do i set this up. And what do I have to do precisely. Robert Bos Tandra

Click on below link and it will take you to Microsoft page, where it explains in detail on what you have to do. How to Isolate Users

Isolating FTP UsersFTP user isolation is a solution for Internet service providers (ISPs) and Application service providers who want to offer their customers individual FTP directories for uploading files and Web content. FTP user isolation prevents users from viewing or overwriting other users' Web content by restricting users to their own directories. Users cannot navigate higher up the directory tree because the top-level directory appears as the root of the FTP service. Within their specific site, users have the ability to create, modify, or delete files and folders. FTP user isolation is a site property, not a server property. It can be turned on or off for each FTP site. FTP User Isolation Modes FTP user isolation supports three isolation modes. Each mode enables different levels of isolation and authentication. Isolation Mode Description Do not isolate users This mode does not enable FTP user isolation. This mode is designed to work similarly to earlier versions of IIS. Because isolation is not enforced among different users logging on to your FTP server, this mode is ideal for a site that offers only download capabilities for shared content or for sites that do not require protection of data access between users. Isolate users This mode authenticates users against local or domain accounts before they can access the home directory that matches their user name. All user home directories are in a directory structure under a single FTP root directory where each user is placed and restricted to their home directory. Users are not permitted to navigate out of their home directory. If users need access to dedicated shared folders, you can also establish a virtual root. This mode does not authenticate against Active Directory directory service. Note Server performance can degrade when this mode is used to create hundreds of home directories. Isolate users using Active Directory This mode authenticates user credentials against a corresponding Active Directory container, rather than searching the entire Active Directory, which requires large amounts of processing time. Specific FTP server instances can be dedicated to each customer to ensure data integrity and isolation. When a user's object is located within the Active Directory container, the msIIS-FTPRoot and msIIS-FTPDir properties are extracted to provide the full path to the user's home directory. If the FTP service can successfully access the path, the user is placed within the home directory, which represents the FTP root location. The user sees only their FTP root location and is, therefore, restricted from navigating higher up the directory tree. The user is denied access if either the msIIS-FTPRoot or msIIS-FTPDir property do not exist, or, if these two together do not form a valid and accessible path. Note This mode requires an Active Directory server running on an operating system in the Windows Server 2003 family. A Windows 2000 Active Directory can also be used but requires manual extension of the User Object schema. To learn more about setting up an Active Directory server, see Windows Help. Configuring FTP User Isolation with IIS Manager When your FTP server is set to isolate users, all user home directories are located in a two-level directory structure in the FTP site directory (as configured on the FTP home directory property page). The FTP site directory can either reside on the local machine or on a network share. Important You must be a member of the Administrators group on the local computer to perform the following procedure (or procedures), or you must have been delegated the appropriate authority. As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. From the command prompt, type runas /user:administrative_accountname "mmc %systemroot%\system32\inetsrv\iis.msc". To create a new FTP site that does not isolate users In IIS Manager, expand the local computer, right-click the FTP Sites folder, point to New, and click FTP Site. Click Next. Provide the required information in the FTP Site Description and IP Address and Port Settings dialog boxes, and click Next. In the FTP User Isolation dialog box, click Do not isolate users, and click Next. Complete the remaining steps of the wizard. To create a new FTP site that isolates users In IIS Manager, expand the local computer, right-click the FTP Sites folder, point to New, and click FTP Site. Provide the required information in the FTP Site Description and IP Address and Port Settings dialog boxes, and click Next. In the FTP User Isolation dialog box, click Isolate users, and click Next. In the FTP User Isolation Credentials dialog box, type the user name (in the form domainname\username), password, and the default user domain of the account used to access Active Directory, and then click Next. Complete the remaining steps of the wizard. Right-click the new FTP site you created, and click Properties. Click the Security Accounts tab. If the Allow anonymous connections check box is selected, in the User name and Password boxes, type a user name and password to use to to authenticate anonymous users. If anonymous access is allowed, create the subdirectories LocalUser and LocalUser\Public under the FTP site home directory. If users of the local computer log in with their individual account user names (rather than as anonymous users), create the subdirectories LocalUser and LocalUser\username under the FTP site root directory for each user allowed to connect to this FTP site. If users of different domains log on with their explicit domain\username credentials, create a subdirectory for each domain (by using the name of the domain) under the FTP site root directory. Under each domain directory, create a directory for each user. For example, to support access by user Sales\user1, create the Sales and Sales\user1 directories. Configuring FTP User Isolation with Active Directory When you set your FTP server to isolate users with Active Directory, each user's home directory can reside on an arbitrary network path. In this mode, you have the flexibility to distribute user home directories across multiple servers, volumes, and directories as is appropriate to the network configuration. You can also set the msIIS-FTPRoot and msIIS-FTPDir properties for a user to form a local path to the FTP server machine. This mode integrates Active Directory authentication when retrieving a user's home directory information. This integration enables you to use Active Directory Services Interfaces (ADSI) and scripting to manage the physical location of user home directories. This mode is most appropriate for ISP deployments, where an array of front-end FTP servers all access an Active Directory to retrieve home directory information for users, and access an array of back-end file servers. The Active Directory User object has been extended to include two properties: msIIS-FTPRoot and msIIS-FTPDir. These properties store the file server share and relative home directory for each user. The msIIS-FTPRoot determines the Universal Naming Convention (UNC) file server share, while the msIIS-FTPDir indicates the relative path on the share. Concatenating these two properties results in the full UNC path to the users' home directory, or to the FTP server. These two properties correspond to the msIIS-FTPRoot and msIIS-FTPDir properties that were added to the Active Directory schema in the Windows Server 2003 family. They can also be set and modified using the iisftp.vbs command-line administration script. For more information on setting these properties using the iisftp.vbs command-line administration script to set these properties, search for "iisftp.vbs" in Windows Help. You can also install the Admin Pack, available with Windows Server 2003 family Resource Kit, and modify these properties using the Active Directory snap-in. Configuring user isolation by using Active Directory involves setting up the following corresponding services: File servers: You can use file servers to create the shares and user directories for all users permitted to connect to the FTP service, including anonymous accounts. You should plan for expected disk space usage, storage management, network traffic, and other processes related to your server infrastructure. Active Directory: This mode of user isolation requires the availability of an Active Directory server running on an operating system in the Windows Server 2003 family. The Windows Server 2003 family Active Directory schema is the first to contain the user object properties used by the FTP service. For more information about setting up an Active Directory server, see Windows Help. You should also configure the user object in Active Directory for each user (including anonymous accounts) by setting the msIIS-FTPRoot and msIIS-FTPDir properties to point to the home directories. Also note that frequently used information retrieved from Active Directory is cached on the FTP server. You can limit the maximum elapsed time before flushing the cache for the Active Directory properties corresponding to the anonymous user by using the registry parameter DsCacheRefreshSecs. Important To use FTP user isolation in Active Directory mode with Windows 2000 domain controllers, you need to extend the base user object in the Windows 2000 Active Directory schema to include the new FTP properties, msIIS-FTPRoot and msIIS-FTPDir. For more information on how to extend the base user object in the Windows 2000 Active Directory schema, see the Active Directory Programmer's Guide. To create a new FTP site that isolates users with Active Directory In IIS Manager, right-click the FTP Sites folder, point to New, and click FTP Site. Provide the required information in the FTP Site Description and IP Address and Port Settings dialog boxes, and click Next. In the FTP User Isolation dialog box, click Isolate users using Active Directory, and click Next. Complete the remaining steps of the wizard. Right-click the new FTP site you created, and click Properties. Click the Security Accounts tab. If the Allow anonymous connections check box is selected, in the User name and Password boxes, type a user name and password to use to to authenticate anonymous users. This user should not be a local computer user, but rather a domain user with appropriate home directory configuration in the Active Directory object. Type a default logon domain name. This domain name is given to users who do not specify their user domain when they log on. In other words, a user connecting with the user name "domain1\user1" is authenticated against domain1, while a user connecting as user2 is authenticated against the default logon domain. If a default domain is not set, and a user does not specify a domain name, access is denied for all but anonymous users.