I work for an ad agency that shares a lot of files with clients and vendors. These are large graphicsheavy and multimedia files that often can't be sent via email. We need an easy way to share these files over the Internet. Currently, we use FTP, but this causes a lot of problems for inexperienced users. Is there a simple way to let business partners see and download just the files they need by using a Web browser? We can't have them discovering who our other clients or vendors are and seeing each others' advertising projects. We tried Windows SharePoint Services document libraries, but our files are just too big for that solution to be practical.

The easiest way to share the files is to set up a directory on your Microsoft IIS server in which your internal users can create subfolders and place files for download by business partners. Here's how to make it work and keep it relatively private:

  1. Create a folder called FileDrop in the root of your IIS Web site.
  2. Set the NTFS permissions on FileDrop as follows:
    • Allow Administrators Full Control to the folder, its subfolders, and these folders' files
    • Allow Users Read access to the folder, subfolders, and files
    • Allow Users Create Folders access to the FileDrop folder only
    • Allow CREATOR OWNER Modify access to the subfolders and files only
    • Allow IUSR_machinename Read access to the folder, subfolders, and files
  3. On the IIS Directory tab of the FileDrop Properties dialog box, enable Read and Directory Browsing but set Execute to None.
  4. On the Documents tab of the FileDrop Properties dialog box, remove all default document pages, then add one called FileDrop.htm.
  5. Create a file called FileDrop.htm in the FileDrop folder that has the content in Figure 3, and set it as the default page.

Now, instruct your users to create subfolders as necessary for each business partner they need to share files with. For the sake of keeping things organized, the permissions will allow users to create subfolders of their own, modify the contents of their own folders, and have read-only access to other users' folders.

After one of your users creates a folder and drops a file in it, he or she can contact the business partner's users and instruct them to open serverURL/FileDrop/folder name. When business partner users enter this URL, your IIS server will fail to find a default page to return to the browser but will see that directory browsing is enabled and will thus return a page with a link to each file in the folder. The business partner users can then download the files from their corresponding links. The FileDrop.htm file prevents nosey business partner users who browse to serverURL/FileDrop/ from getting a listing of all FileDrop subfolders—all they'll get is a blank page.

You should warn your users to be careful to use nondescriptive folder names instead of names corresponding to the company names of the business partners and not to use a series of related folder names (such as One, Two, Three) to prevent a nosey business partner user from guessing folder names and poking around. To be on the safe side, remind users to clean out files after they're downloaded. You might even schedule a task to delete all subfolders each Sunday night.