What we do is this: When we create the user account in NT, we give them a
home directory that is their web directory. Then in IIS FTP setup, we create
an alias for each user that points to their home directory, with the alias
being their username. Then set permissions on their directory for that user
to have read-write access.
Each user can log with any FTP program using his username and password, and
they are connected automatically to their directory. If they try to change
to a higher directory, they are moved to our FTP home directory, which is
just a dummy directory with read-only access assigned. Oh, and we do not
have anonymous enabled at all.