WVD Windows 10 multi session - restrict user to single folder to download/store files

%3CLINGO-SUB%20id%3D%22lingo-sub-1331678%22%20slang%3D%22en-US%22%3EWVD%20Windows%2010%20multi%20session%20-%20restrict%20user%20to%20single%20folder%20to%20download%2Fstore%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1331678%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20plan%20to%20set%20up%20WVD%20with%20Windows%2010%20multi%20session.%20The%20requirement%20is%20to%20restrict%20the%20user%20to%20a%20single%20folder%20to%20download%2Fstore%20files.%20Additionally%2C%20the%20files%20should%20be%20deleted%20after%20certain%20period%20of%20time.%3C%2FP%3E%3CP%3EWould%20this%20be%20feasible%3F%20Would%20this%20be%20controlled%20by%20GPO%20or%20FSLogix.%20Please%20apologize%20if%20it%20is%20a%20stupid%20questions.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20in%20advance%3C%2FP%3E%3CP%3ESeb%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1332592%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20Windows%2010%20multi%20session%20-%20restrict%20user%20to%20single%20folder%20to%20download%2Fstore%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1332592%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F631717%22%20target%3D%22_blank%22%3E%40srasp%3C%2FA%3E%26nbsp%3Bnot%20sure%20about%20the%20GPO%20but%20have%20you%20taken%20a%20look%20at%20FSLogix%20app%20masking%3F%20If%20not%2C%20sharing%20link%20for%20the%20reference.%20It%20can%20effectively%20help%20you%20to%20hide%20%2F%20restrict%20access%20to%20directories%20as%20well%20as%20to%20applications.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Ffslogix%2Fapplication-masking-rules-ht%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Ffslogix%2Fapplication-masking-rules-ht%3C%2FA%3E%3C%2FP%3E%3CP%3EAbout%20requirement%20of%20periodically%20removing%20files%2C%20you%20can%20simply%20write%20a%20PowerShell%20script%20and%20put%20it%20in%20the%20host%20machine's%20task%20scheduler.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20it%20helps%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1334874%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20Windows%2010%20multi%20session%20-%20restrict%20user%20to%20single%20folder%20to%20download%2Fstore%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1334874%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F631717%22%20target%3D%22_blank%22%3E%40srasp%3C%2FA%3E!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eactually%20there%20are%20multiple%20ways%20to%20achieve%20what%20you%20like.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20first%20thing%20that%20comes%20into%20my%20mind%20is%20to%20use%26nbsp%3B%3CSPAN%3EEphemeral%20OS%20disks%20for%20your%20Session%20Hosts.%20These%20give%20you%20the%20advantage%20that%20any%20changes%20made%20the%20the%20OS%20%2F%20data%20disks%20will%20be%20reset%20when%20the%20machine%20gets%20deallocated%20and%20restarted%20(comparable%20to%20non-persistent%20VDI).(More%20Info%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DGyXx5Er9jYo%26amp%3Blist%3DPL-V4YVm6AmwXGvQ46W8mHkpvm6S5IIitK%26amp%3Bindex%3D19%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DGyXx5Er9jYo%26amp%3Blist%3DPL-V4YVm6AmwXGvQ46W8mHkpvm6S5IIitK%26amp%3Bindex%3D19%3C%2FA%3E)%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ETo%20provide%20your%20users%20a%20space%20where%20they%20can%20work%20you%20could%20use%20OneDrive%20or%20you%20create%20a%20network%20share%20%2F%20drive%20where%20your%20users%20can%20work%20exclusively%2C%20if%20necessary%20this%20can%20also%20be%20purged%20automatically%20via%20PS%20script%20in%20the%20task%20scheduler%20of%20the%20server%20%2F%20machine.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EFor%20the%20purging%20you%20could%20use%20the%20following%20command%20to%20delete%20files%2C%20that%20haven%C2%B4t%20been%20modified%20since%2030%20days%20(the%20number%20of%20days%20can%20be%20changed%20of%20course)%3A%3C%2FSPAN%3E%3C%2FP%3E%3CPRE%3EForFiles%20%2Fp%20%22C%3A%5Cpath%5Cto%5Cfolder%22%20%2Fs%20%2Fd%20-30%20%2Fc%20%22cmd%20%2Fc%20del%20%2Fq%20%40file%22%3C%2FPRE%3E%3CP%3E%3CSPAN%3EHope%20this%20helps.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1340468%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20Windows%2010%20multi%20session%20-%20restrict%20user%20to%20single%20folder%20to%20download%2Fstore%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1340468%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F624245%22%20target%3D%22_blank%22%3E%40bhushangawale%3C%2FA%3E%2C%3C%2FP%3E%3CP%3Ethank%20you%20for%20your%20reply.%20FSLogix%20app%20masking%20looks%20good.%20We%20will%20test%20it%20out.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20again%3C%2FP%3E%3CP%3ESeb%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1340476%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20Windows%2010%20multi%20session%20-%20restrict%20user%20to%20single%20folder%20to%20download%2Fstore%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1340476%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F448842%22%20target%3D%22_blank%22%3E%40patrickkoehler%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3Ethank%20you%20for%20your%20reply.%20I%20am%20haven't%20heard%20yet%20from%26nbsp%3B%3CSPAN%3EEphemeral%20OS%20disks.%20It%20is%26nbsp%3B%3C%2FSPAN%3Edefinitely%20worth%20to%20test%20it%20for%20our%20requirements.%20Thank%20you%20also%20for%20the%20PowerShell%20statement.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%20regards%3CBR%20%2F%3ESeb%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi all,

 

we plan to set up WVD with Windows 10 multi session. The requirement is to restrict the user to a single folder to download/store files. Additionally, the files should be deleted after certain period of time.

Would this be feasible? Would this be controlled by GPO or FSLogix. Please apologize if it is a stupid questions.

 

Thank you in advance

Seb

4 Replies

@srasp not sure about the GPO but have you taken a look at FSLogix app masking? If not, sharing link for the reference. It can effectively help you to hide / restrict access to directories as well as to applications. https://docs.microsoft.com/en-us/fslogix/application-masking-rules-ht

About requirement of periodically removing files, you can simply write a PowerShell script and put it in the host machine's task scheduler. 

 

Hope it helps you.

Hi @srasp!

 

actually there are multiple ways to achieve what you like.  

The first thing that comes into my mind is to use Ephemeral OS disks for your Session Hosts. These give you the advantage that any changes made the the OS / data disks will be reset when the machine gets deallocated and restarted (comparable to non-persistent VDI).(More Info here: https://www.youtube.com/watch?v=GyXx5Er9jYo&list=PL-V4YVm6AmwXGvQ46W8mHkpvm6S5IIitK&index=19

To provide your users a space where they can work you could use OneDrive or you create a network share / drive where your users can work exclusively, if necessary this can also be purged automatically via PS script in the task scheduler of the server / machine.

 

For the purging you could use the following command to delete files, that haven´t been modified since 30 days (the number of days can be changed of course):

ForFiles /p "C:\path\to\folder" /s /d -30 /c "cmd /c del /q @file"

Hope this helps.  

 

 

Hi @bhushangawale,

thank you for your reply. FSLogix app masking looks good. We will test it out.

 

Thanks again

Seb

Hi @patrickkoehler ,

thank you for your reply. I am haven't heard yet from Ephemeral OS disks. It is definitely worth to test it for our requirements. Thank you also for the PowerShell statement.

Best regards
Seb