When creating an application that will be targeted to many versions of Windows what is the best practice to determine where application specific data should be stored. Specifically:

  • Application Specific Data (e.g. app config data)
  • User Specific Data/Settings

I know on Windows Vista for instance there are environment variables, like %APPDATA%, that could be used, but what about Windows 7, Windows XP, Windows 98.

My main question is, does Microsoft have a best practices doc for this, outlining the file system locations for the different types of data (app vs. user) and the security implications that need to be kept in mind when reading/writing to these locations?

I'm also interested in how this pertains to not only .NET applications (where ApplicationSettingsBase can be utilized) but also in unmanaged C/C++ applications.

Thanks to Pax and Remus for both of the great answers. I've found this item as well (specific to XP):

How to write a Windows XP Application that stores user and application data in the correct location by using Visual C++

+2  A: 

There's a good description here of the various CSIDL values and the folders thet refer to (including a description which should hopefully tell you what you need to know).

It also contains links to the functions you should use to retrieve these special folder paths.

Note that, as of Vista, the method has changed a little. It now uses KNOWNFOLDERID instead of CSIDL and the functions have changed as well. See here.

You can still use the older functions (at the moment) since I believe they're now just wrappers around the new ones. At some point in the future, that may change.

+1  A: 

These are usually described in the Windows Software Logo Program. The link is to the Windows 7 logo requirements document, but similar documents exists for XP, Windows 2003, Vista and Windows 2008. In the Technical Requirements section you'll find some of the information you're looking for:

All application data that must be shared among users on the computer should be stored within ProgramData

All application data exclusive to a specific user and not to be shared with other users of the computer must be stored in Users\<username>\AppData

In “per-machine” installations, user data must be written at first run and not during the installation. This is because there is no correct user location to store data at time of installation.

Remus Rusanu