[o11c]

I don't think it's possible on Windows.

It's trivial on Unix - just make the program setgid and change the folder permissions to only allow the group. This can be nested, though that requires that the relevant program be aware of the need to walk through several levels, though often a symlink can hide that.

Note that when creating such a directory setup, `chown`ing away the user requires a privileged helper utility. But you need to make such utilities anyway so the user can delete such directories.

***

Important note - most other "solutions" only protect you from apps the opt in to security. A proper solution, like this one, protects from all processes running as user, except the process of note.

[viraptor]

Or use selinux/apparmor - those have supported app sandboxing without group tricks for a long time.

[o11c]

Those are useless because they're opt-in, and we can't expect malicious programs to opt in.

There's probably some mandatory mode but since it breaks all sorts of programs nobody can afford to use it.

[viraptor]

Apparmor is opt-in so it protects from exploration mostly, but selinux can definitely work with the whole system by default. It's not trivial, but you can at least prevent apps from accessing personal information unless explicitly allowed. I've been using it for years without issues. It really requires only a minimal amount of learning and you don't need to turn it off.