Pattern Strings in Directory Paths

Reflection for Secure IT supports the following pattern strings for specifying directory paths for user public key locations and SFTP file transfer directories.

Note: For local and domain users configured using Windows, these strings resolve to values based on Windows environment variables. If you are using Reflection for Secure IT Web Edition to provide access to external users, refer to the behavior described below for external users.

This string

Evaluates to


The user’s User profile. This equivalent to the Windows environment variable USERPROFILE. This directory is created if it doesn't exist.

For example, if the server is running on Windows Server 2008 and the user name is "joe", %D\.ssh2 will typically be equivalent to:


On Windows Server 2003 it will typically be equivalent to:

C:\Documents and Settings\joe\.ssh2

For external users, %D resolves to:


Where <run_as_user> is the External user access account (configured in the Reflection for Secure IT server to provide access to external users), and <external_user> is the user's UserID (added in the User Manager).



The user's Home folder. This is based on the Home folder value stored in the user's Windows account. The two Windows environment variables HOMEDRIVE and HOMEPATH are also based on this value.

By default this is the same as the User profile, but the Windows system administrator can specify a different location.

For external users %H is equivalent to %D.



The user’s login name. This directory must already exist. On Windows systems, this is equivalent to the Windows environment variable USERNAME.

For example, if the user name is "joe", ssh_users\%u is equivalent to:


For external users, %u is equivalent to the UserID configured in the User Manager.


  • With this option, the server is unable to distinguish between a local and domain user with the same user name — both are given access to the same directory.
  • Do not use %u to specify a location in the Windows profile folder. Depending on how users have logged into the server host previously, the user-specific subdirectory in the profile path may be just a user name, or may be both a user and domain in the format "user.domain".
  • If you configure both domain and external users, do not use %u. If an external UserID matches a domain username, both users will have access to the same location. In this case, use %U to ensure unique pathnames.




The user's domain name and login in the format "domain.username". This directory must already exist. This is based on two Windows environment variables: USERDOMAIN and USERNAME.

For example, if "joe" logs in from the "sky" domain (sky\joe), ssh_users\%U\ is equivalent to:


Note: Do not use %U to specify a location in the Windows profile folder. The format for specifying user and domain in the Windows profile path is "user.domain", which is the reverse of the order specified by %U.

For external users the domain = Reflection.VirtualDirectory. For example, for the external user whose UserID is "Mary", c:\upload\%U resolves to:



Related Topics

Public Key Pane

SFTP Directories Pane