Windows Server 2019 - Restricting Programs/Users to specific folder saving

AWilke 21 Reputation points
2021-01-25T15:36:46.68+00:00

Hi!

I'm new to using this forum, so my apologies for posting in the wrong place. I come more from a linux background and configuring Windows servers are more of a newer area for me, so please excuse any dumb questions or assumptions I may make in this post.

Recently I have been trying to configure a Windows 2019 Server which is meant to host a specific application for our users to create and save files from.

We have decided to go with a 3rd party cloud app virtualization service which is not on Azure. All the configuration of the server is done by us when creating the image our use case, with both server and application settings. After the image is created, an instance of this server is cloned to give to our user whenever they want to launch the instance.

I should mention that we are not using Active Directory.


The problem I'm having is that the program we want our users to run will attempt to save to the root C drive. This is generally inaccessible to the user unless they use the save as function from the application. There are no other ways to saving to this directory from the front end.

Because everything other than specific home folders is deleted after the instance terminates, we want to save to force the application to save somewhere other than this. Ideally these home folders. All the data in these folders is shared between different instances.

The folder we want users to always save to is
C:\Users\PhotonUser\My Files\Home Folder

Obviously, we could just tell them to save to this folder, but we don't want them to have to navigate to this folder when saving from their application. Ideally, we just want the application to default to this.

Is this possible to do through something like GPO?

TLDR:
Is it possible to restrict users to save to a specific folder instead of folder that an application defaults to? If so, how would I configure this?

Thanks!

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,837 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,269 questions
Windows Server Storage
Windows Server Storage
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Storage: The hardware and software system used to retain data for subsequent retrieval.
634 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vicky Wang 2,646 Reputation points
    2021-01-26T09:23:05.627+00:00

    You can use folder redirection in Group Policy to set everyone's "My Documents" folder to a standard location (local folder or a network share).

    Since most programs save to My Documents by default, this would cover most of your needs.

    owever, it won't prevent a user from explicitly picking a different location. To deal with that, you should be limiting write permissions.

    Are your users local Administrators? If so, shame on you. You'll need to cut that out. If they are regular users, by default they should be prohibited from writing to most "system wide" locations. Depending on how rigid you want to be, you may need to lock down further. You can set file permissions by right-clicking on a folder and going to Properties->Security. You can also script something with the cacls command.

    You should probably try implementing folder redirection and log in as a standard user and see where you can/can't save files. Always test something like this before you implement it system wide.

    Hope this information can help you
    Best wishes
    Vicky


2 additional answers

Sort by: Most helpful
  1. Vicky Wang 2,646 Reputation points
    2021-01-28T09:24:42.443+00:00

    Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,
    Vicky

    0 comments No comments

  2. Vicky Wang 2,646 Reputation points
    2021-02-01T09:13:39.357+00:00

    Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,
    Vicky

    0 comments No comments