diff --git a/server/src/domain/library/library.service.ts b/server/src/domain/library/library.service.ts
index b29446a54a..0afb4f4237 100644
--- a/server/src/domain/library/library.service.ts
+++ b/server/src/domain/library/library.service.ts
@@ -155,7 +155,7 @@ export class LibraryService {
       return false;
     }
 
-    if (!path.normalize(assetPath).match(new RegExp(`^${user.externalPath}`))) {
+    if (!path.normalize(assetPath).match(new RegExp(`^${path.normalize(user.externalPath)}`))) {
       this.logger.error("Asset must be within the user's external path");
       return false;
     }
diff --git a/server/src/domain/user/user.core.ts b/server/src/domain/user/user.core.ts
index 2034b1b7fa..44d977b750 100644
--- a/server/src/domain/user/user.core.ts
+++ b/server/src/domain/user/user.core.ts
@@ -8,6 +8,7 @@ import {
 } from '@nestjs/common';
 import { ReadStream, constants, createReadStream } from 'fs';
 import fs from 'fs/promises';
+import path from 'path';
 import sanitize from 'sanitize-filename';
 import { AuthUserDto } from '../auth';
 import { ICryptoRepository } from '../crypto';
@@ -63,6 +64,8 @@ export class UserCore {
 
       if (dto.externalPath === '') {
         dto.externalPath = null;
+      } else if (dto.externalPath) {
+        dto.externalPath = path.normalize(dto.externalPath);
       }
 
       return this.userRepository.update(id, dto);