On a *nix system I can use a chroot to isolate two processes from each other and from the rest of the system. Is there any similar security system under windows? Or is there any way to prevent two processes from reading/writing to each others files?
SnapOverflow
Sandboxie http://www.sandboxie.com/
Not exactly like chroot. It does setup a sandbox for each program you specify. It can easily keep processes isolated.
To solve this specific need (program assumes it's running off of a root directory), the SUBST command is probably what you want. It's a holdover from DOS, and still exists in windows 10.
the SUBST command will mount a directory as a new drive letter.
then you can run the software from the newly created drive, and it will think it's on your new drive S if you run it from that path.
I'm not sure you will gain anything on Windows by chrooting - do you have a specfic need?
In case any the top result on google is http://www.winquota.com/wj/.
Perhaps application virtualization might be an option? Microsoft has the following to say about it:
I wouldn't use anything like this, you are running under Windows mate.
NTFS has the most fine grained access rights you can find. Its not hard to let a prozess start with lower privileged user, and only giving that user access to the files of this single application.
No need to use something like chroot, which is not a security tool, when you can already define what user is allowed to do what in what directory.
Its no different than like giving the Apache under Linux its own user, only allowed to work inside his folders.
There is a chroot.exe included in Gow (Gnu On Windows)
If you are not uploading files from the website, simply create a read only ISO of your website and make that your root directory, then mount it.
Another solution is to use DISKPART and create a READONLY partition/drive with the webpages.
Hope this was useful.