Support for Controlled Folder Access
Windows 10 offers the feature of "Controlled Folder Access", where only specific executables are allowed to make modifications to specified paths.
This same feature should be available in Windows Server.
The use-case I have in mind is a backup application. The application backs up data (either from the local server, or multiple remote servers). Data is written to a volume (within the backup application, this is generally referred to as a "Library").
Now, if the server were to become infected with ransomware, the backup data would be encrypted, and restores would no longer be possible.
Using Controlled Folder Access would allow the administrator to protect the backup data from unauthorized modification by only allowing specific executables (those belonging to the backup application) to modify the data.
