cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
esiemiat
Level 9

ProgramData Permissions

I have an application I am writing an install for and they want to store some system level settings in a file located in a sub-folder of ProgramData. The problem is they need to elevate in order to write to this file due to folder permissions in ProgramData. I know how to change folder and file permission via the install but my question is is it OK to change the permissions on a sub-folder of ProgramData so that regular users can write to it?
Labels (1)
0 Kudos
(2) Replies
Tom_Anderson
Level 3

Hi esiemiat,

I have the same question/problem, as our application has shared configuration files, which have to be editable by different users.

esiemiat wrote:
[...] I know how to change folder and file permission via the install but my question is it OK to change the permissions on a sub-folder of ProgramData so that regular users can write to it?


How to you change permission to C:\ProgramData\MyCompany\MyApp, that all users can modify shared files? Do you use 'subinacl' or other technique?



Thanks in advance,
Tom

Btw, there was a discussion on http://blogs.msdn.com/b/cjacks/archive/2008/02/05/where-should-i-write-program-data-instead-of-program-files.aspx?PageIndex=2#comments about the intended file location. Maybe you can pull some information out...
0 Kudos
seamusmc
Level 3

I spent a couple days researching this. We feel this is the appropriate place for our shared configuration files which need to be updated by individual users but not seen by users.

We set the permissions on the folders using the Folder Tree View in InstallShield. Select the predefined folder, [CommonAppDataFolder], and add your folders. Right click on each folder, bring up the properties dialog, and select set permissions.

Now your stuck right? No, hit the Insert key to add a user. Very intuitive eh? god I hate InstallShield. Anyway ...

For us, we clear the [%USERDOMAIN] macro and input Everyone in the User column. IOW no domain. Set permissions as appropriate.

We do create some folders and files dynamically, we use CACLS to set permissions on these. I use the following function to do the job:

function SetPermissionsOnDir(szPath)	
STRING szCmd;
STRING szCmdArgs;
begin

StrRemoveLastSlash(szPath);

szCmd = WINSYSDIR ^ "cmd.exe";
szCmdArgs = "/c cacls \"" + szPath + "\" /T /E /G Everyone:F";

LaunchAppAndWait(szCmd, szCmdArgs, LAAW_OPTION_HIDDEN | LAAW_OPTION_WAIT);

end;
0 Kudos