If all your FTP directories allow anonymous connections, anyone can modify the contents. It is safer to disable the anonymous login, and then enable login for each subdirectory based on the user's name. You may need to add accounts for the authors to your machine, or use domain-based user login names.

To control security on a directory-by-directory basis, you will want to place the target virtual directories on an NTFS partition. Then, from Windows Explorer, right-click on the directory of interest. Select "Security", and for each directory assign the permissions as follows:

• For the c:\inetpub\wwwroot (or other web-viewable directory), give the authors full control privileges. The user IUSR_yourmachine should have read privileges.
• For the c:\inetpub\scripts\readygo directory and its subdirectories, the authors should have full control. The user IUSR_yourmachine should also have full control. However, this directory (and its children) should not be viewable on the web. All student registration and test results will be stored here.