I'm doing some work for a printing company right now. They'd like to setup a more secure FTP situation. It seems like, from what they've described to me, most printing companies have a general FTP account that they give the login info out to all of their clients to upload to. This is how theirs is currently setup. However, the problem is, the way the permissions are setup, you can view everybody else's uploads. They're trying to make their enviornment secure, but at the same time make it easy for clients to upload. I was telling them two quick things we could do is create client specific accounts or create temporary accounts (like 7 days) every time somebody needed to upload/download.
What would you recommend? What would be your ideal solution, and what would be most practical? They're currently using all windows based server.
I would create a different account for each client, locking them to their own directory. There is no way you want clients to see each other's work!
edit: just wanted to add, if you keep giving temp access out- it's going to annoy your repeat business. It's just as easy to setup perm accounts for them to use :)
If you choose to stick with FTP, please switch to something better, then with some FTP daemons you can setup permission such that a user will not be able to see files that are uploaded. For example see the section 'common configuration: an upload-only directory' in the proftpd mini-HOWTO. So the simple answer may be to find a ftp daemon that can support upload only feature. Here is a blind drop howto for IIS.
I would go one step further than @AliGibbs' recommendation and say "Ditch FTP, use a web-based upload system". If you google for "web upload script" you'll find a bunch (since you're on Windows you probably want an ASP based one), and you'll probably find one that has decent security controls.
There are some downsides, but FTP is a pretty old (and woefully insecure) protocol - Ditching it would be to your benefit, and the benefit of the internet at large...
We have used CrsuhFTP running on a spare Windows box. It can use many formats(SFTP,FTP,HTTPS,SCP, WEBDAV and others) but the fact that clients can send/download from a web browser is a big deal for us. And it is secure using SSL. You can have many accounts and it alerts on transfer if so configured. There is a free trial and support is great. Cost is reasonable. Setup is simple. Accounts and content can be set to expire. CrushFTP
We run Serv-U, it's pretty impressive with how flexible it is. We use it for SFTP.
As for a client, FileZilla, I know... not the simplest but if they can learn Office they can learn drag and drop.