Best Practice: Security - 2 installs on same server

I'd like advice on best practices on setting this application up for security.
I will have TWO or MORE installs of this application on same server.

My main concern is how to secure the ROOT FOLDER location. It seems that the Admin has control over what to set as the "Root Folder" location... for instance they could enter any drive location here and have access to whatever is there.

So I'm looking for best practice on how to configure the website "application" and user authentication, including the security on the application pool to prevent two clients being able to acess each other's data, or other off-limits data.  Is there way to provide a top-level Root folder than can be forced?

I recommend you to create different application pools with different users for each installation. Then you can arrange NTFS permissions such that each user is isolated within their folder. Even if a FileVista admin tries to create a root folder pointing to C:\, the access will be denied.