Have you tried using the Check-Out/Check-In functionality instead? The Check-Out dialog allows the user to choose the Location (folder) for the checked out document.
----
Feel free to skip the following passage because it describes a very unlikely customer scenario.
I am not well-versed in system security. Please read with healthy skepticism.
Typically, an application relies on the Windows API function "GetTempPath" to retrieve the temporary directory. This is typically configured using the "TEMP" environment variable.
Normally, a client-side application is run with the same credential as the currently logged-in user. Therefore, files which are created and accessible by the client-side application are also accessible to the user. Allowing access to files by an application while blocking access from the user by other means would either require specialized software, or require a complicated configuration that is unlikely to be waterproof.
If the security policy blocks every application from writing any file to any temporary directory, and blocks the user from opening any file from any local directory, this is a hint that the security policy is intended to force an implementation of "isolation by virtualization" strategy.
Under this strategy, applications (such as the Laserfiche Windows Client) run on a computer (possibly in a server room) to which the end-user do not have physical access. Desktop virtualization software is used to enable end-users to interact with the application via keyboard, mouse, and screen display only. There is no direct access to files and applications on that application machine (guest environment) except those configured by the administrator. We do not sell this type of software, but we have heard some customers using our software inside this type of environment.