*grumble*
*deleted a rude, unproductive comment*

\webroot (this funnels all access through IUSR_systemname)
\webroot\bill (this funnels all anon access through IUSR_bill)
\webroot\sally (this funnels all anon acces through IUSR_sally)
etc

Now from here you have two choices, choice 1 is to create a normal account for these as well now web_bill, web_sally that have write perms and read and write perms over their respective directories. Their IUSR accounts only have read/exe perms over their respective directories. Or if you want fewer users you create a single trusted application interface that manages an admin account to write in all the user dirs. This solution is bad for obvious reasons. You are better of going with dual accounts or using a trsuted application environment like pitbull which will allow IUSR_bill to have write perms over bill's dir as well, but will not allow the IIS process to propigate these rights, so you would need to access via something else (telnet, alternate instance of IIS etc.)

Understand?

catch