The concept of a limited server is such that the owner of the hardware or OS can delegate server administration out to a third party, another admin.  This delegation allows the server owner to set a locked location for server config files, and the server install versus the location user data files are placed.\\

In this limited mode, the __TempAccounts__ and __Preview__ folders need to be moved from the default CrushFTP folder location to a location within the user data root. Then correct the path settings on Preferences->Preview page "Previews Path", respectively on Server Admin->Shares page, "General Settings" menu "Location of temp account file system" field. Otherwise image/document preview thumbnails or shared files can not be retrieved. If also the __"server.file.strict"__ flag is set to __"true"__, the CrushFTP service won't even start up for it's in violation of it's own access rules.\\

Example:\\
The server install could be: /C:/CrushFTP11/ , in __UNIX-style__ path notation, regardless of operating system family \\
So prefs, user config, certificates, private keys can all be there.\\

The user data storage could be: /D:/UserData/ , same UNIX-style path notation \\
So even if the admin tried to, they could not give a user access to something located in the C: drive.  They can only give users access to things in the D:\UserData\ folder area and sub areas.  The core functions in CrushFTP prevent accessing items out of their area.

The configuration is done via startup flags that change the behavior of CrushFTP.\\
__file.warn__ = log an error about the violation, mainly useful for debugging why something got blocked (default=true)\\
__file.log__ = if a separate audit log should be kept with all the error info (default=false)\\
__file.strict__ = if its true, the action is blocked. Otherwise its allowed and just the error info is logged (default=false)\\
__security.exec__ = controls if external processes can be launched from the Preview config, Execute task, etc (default=true)\\
__security.classloader__ = controls if DB drivers and other classes can be loaded on the fly and not part of the classpath (default=false)\\
__security.stop_start__ = controls if server process can be restarted or stopped (default=true)\\
__security.tunnels_allowed__ = controls if the server allows users configured with a tunnel to utilize them (default=true)\\
!Windows:
Edit the CrushFTPServer.ini file in the "service" subdirectory of the CrushFTP installation folder and append this to it (note the double backslashes due to config file encoding):\\
{{{
vmarg.2=-Dcrushftp.server.root=C:/CrushFTP11/
vmarg.3=-Dcrushftp.user.root=C:/ftproot/
vmarg.4=-Dcrushftp.server.file.warn=true
vmarg.5=-Dcrushftp.server.file.log=true
vmarg.6=-Dcrushftp.security.exec=false
vmarg.7=-Dcrushftp.security.classloader=false
vmarg.8=-Dcrushftp.security.stop_start=false
vmarg.9=-Dcrushftp.server.file.strict=true
vmarg.10=-Dcrushftp.server.tunnels_allowed=false
}}}
!OSX / Linux / Other
Edit the startup launcher (OSX=CrushFTP.command file in the CrushFTP folder) (Linux=/var/opt/CrushFTP11/crushftp_init.sh)\\
\\
Find the "-Xmx" which is setting the memory arguments and configure these arguments before it:
{{{
-Dcrushftp.server.root=/var/opt/CrushFTP11/ -Dcrushftp.user.root=/home/UserData/ -Dcrushftp.server.file.warn=true -Dcrushftp.server.file.log=false -Dcrushftp.server.file.strict=true -Dcrushftp.security.exec=true -Dcrushftp.security.classloader=false -Dcrushftp.security.stop_start=true -Xmx.........
}}}

''Path arguments are __case sensitive__ even if the OS/filesystem is not.''

Applying the crushftp.server.root and crushftp.user.root JVM runtime parameters at least , will have the equivalent results of UNIX chrooting.
\\
!IMPORTANT\\
Before applying the restrictive run time arguments, the __TempAccounts__ and __Preview__ folders need to be moved under the path set for user root. The server __SSL keystore__ file to be moved under the server root. Then the settings updated accordingly.\\
Especially in case of setting the __Dcrushftp.server.file.strict__ flag to __true__, for in case of any kind of misconfiguration in this area, the server process will not start.\\