Re: Vista & UAC: where to place "common files"
- From: "Chris Becke" <chris.becke@xxxxxxxxx>
- Date: Sun, 9 Sep 2007 22:41:09 +0200
The common, and correct, advice is to use SHGetSpecialFolderLocation to get
the correct place for files. COMMON_APPDATA is where your files belong
HOWEVER.
this advice is lies. its rubbish. Because the common files location problem
exists under all versions of Windows NT. In its default configuration, most
folders users can create files and folders in, including COMMON_APPDATA
gives fullaccess to the creator/owner, but other normal users typically get
read, but do not get write access. This means that the first user to create
a file gets RW access, everyone else gets r-only access.
Which means you are stuck using the security APIs on folder creation to
adjust the access list. You only need to do it once, when you first create
the root folder of your application store - once set up (properly) the
adjusted ACL gets applied to every file and sub folder created. So its best
done by a setup program.
And setup programs run elevated. Which means your setup program - by
definition - has the ability to use the same code to adjust the ACLs for
your program files folder. which means that you dont actually *need* to go
to COMMON_APPDATA, as the same code that fixes common app data fixes a
folder created under program files. Ironic.
The one thing I havnt found anywhere on the net is sample code demonstrating
the recommended way of adding all-user rw access to a folder.
"Mirek" <Mirek@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D793B33F-1007-4966-8E8D-EC6522628BE5@xxxxxxxxxxxxxxxx
Hi,
We have several applications that require read/write access to some
"per-machine files", i.e. files that are common for all users of the
machine.
Our applications (especially trial versions) need to read and write some
data
to these files always at their startup. Before Vista we had these files in
a
special subdirectory - for example "C:\Program Files\MyApp\Authorization".
Now on Windows Vista we have to solve the problem with UAC when all files
under C:\Program Files are not accessible for writing for standard users.
My
question is: where should we place these files to make our program fully
compatible with Vista's UAC and Microsoft's "best practices"? Is there any
dedicated "known-folder" for things like this? I think that "public
documents", which is often shared on LAN, is not the best place for
authorization files. We neither want to change privileges of the
"Authorization" folder programmatically (this is what we do now as a
temporary solution). The virtual store is witched off in the manifest.
I think that there must be many companies with similar problems and
therefore I hope that Microsoft has a simple solution for this. Any idea
is
appreciated.
Thanks Mirek
.
- Follow-Ups:
- Re: Vista & UAC: where to place "common files"
- From: lelteto
- Re: Vista & UAC: where to place "common files"
- Prev by Date: Re: NULL DACL versis Empty DACL and Owner implcit access
- Next by Date: Error 997 when callign DsGetDcName(..) from WlxLoggedOutSASDlgProc from GINA stub
- Previous by thread: Generating a user certificate?
- Next by thread: Re: Vista & UAC: where to place "common files"
- Index(es):
Relevant Pages
|
