IIS FTP Home Directory Isolation Using Symbolic Links

IIS FTP supports user isolation, which restricts each user to their own home directory and prevents traversal to other users' folders. When isolation is enabled, IIS expects user directories to exist under a LocalUser subfolder within the FTP root:

C:\inetpub\ftproot\LocalUser\username\

The Problem

If existing automation scripts have the user directories hardcoded at the FTP root (C:\inetpub\ftproot\username\), moving those directories to satisfy IIS's LocalUser requirement would break every script.

The Solution: Symbolic Link

Create a symbolic link at C:\inetpub\ftproot\LocalUser pointing back to C:\inetpub\ftproot itself. IIS follows the link and finds the user directories exactly where it expects them. The actual files don't move.

New-Item -Path "C:\inetpub\ftproot\LocalUser" -ItemType SymbolicLink -Value "C:\inetpub\ftproot"

From IIS's perspective, LocalUser\username resolves to ftproot\username — which is where the files actually are. Existing scripts continue to work because nothing moved.

Why Not a Shortcut?

A standard Windows shortcut (.lnk file) redirects at the shell level — applications don't follow them transparently. A symbolic link is resolved at the filesystem level, so IIS (and any other application) follows it without needing any special handling.

Remote Storage Extension

The same approach works for pointing user home directories at an SMB share on another server:

New-Item -Path "C:\inetpub\ftproot\LocalUser\username" -ItemType SymbolicLink -Value "\\fileserver\homes\username"

This keeps FTP working locally while actual storage lives on a dedicated file server.