9
1
Is it possible in Windows 7 to restrict which EXEs can access a certain folder?
Let's imagine I have a folder (c:\myfolder) with some data files that can only be opened by a certain EXE.
For example, I would like MyApp1.EXE to be able to open files in c:\myfolder but I do not want other EXEs (such as notepad) from being able to open the files in that folder.
Is this possible?
Mister Cook
Posted 2013-05-06T19:14:17.617
Reputation: 109
7
I don't think this is standard Windows functionality.
Access right are based on users, not applications.
You can however run the programs as different users. From the context menu (hold the Shift + Right Mouse click on the program) select Run as different user. You will need different user accounts with the correct access control settings to the folders based on the users.
XyZZy
Posted 2013-05-06T19:14:17.617
Reputation: 646
what if i want the oposite, lets say i downloaded a suspicious exe file, and i set so that the firewall doesnt allow any kind of connectivity, but I also want to prevent that exe from making changes to my disk/registry/etc, or at least, limit the "domain" that exe can access to a certain folder and its subdirectories? – Mr.Robot – 2017-12-30T15:44:44.150
2
Brad's answer above is a good answer. However, I have found a neat solution to provide this functionality. Basically I want to restrict access to files in a folder to my application only.
I will implement a Windows Service which is started by the administrator (this has access to my special folder). A standard Windows user does not have access to that folder.
My Windows Servies can expose functionality to access content in a particular folder. My custom application EXE uses the Windows service to access that content. This means that my application can edit files in the special folder via the Windows Service, but users with restricted access to the folder cannot make changes.
Mister Cook
Posted 2013-05-06T19:14:17.617
Reputation: 109
1So basically you're running your application in the context of another user account...in this case, a Service account. – I say Reinstate Monica – 2016-06-30T15:04:59.887
Why downvote??? – Tuan Anh Hoang-Vu – 2013-05-06T19:29:54.337
@hvtuananh I didn't dv but users do it for all sorts of reasons. You can upvote if you feel differently. – Brad Patton – 2013-05-06T19:32:04.470
Is this a homegrown app? – Austin T French – 2013-05-06T19:36:38.477
Yes its a .NET app I wrote myself – Mister Cook – 2013-05-06T19:39:15.397