We will be hosting our application in the cloud, using RemoteApp in RDS (terminal server).

Aside from being able to see the startup program, we would like to hide all drives in GETFILE() dialogs etc. so user can only see files and directories in the client computer. The application of course does need the right to create, read, write and delete files and directories in c: drive and in specific folders in the file server. We plan to use AppLocker to limit execution rights to certain files.

The question is, what NTFS right combination needs to be granted to achieve the desired result?

TIA,

Alex