views:

527

answers:

2

I am creating a program that will be installed using the .net installer project. The program writes to settings files to its directory in the Program Files dir. It believe there are some active directory settings that will prevent the application from righting to that directory if a limited user is running the program. Is there away to change the settings for the application folder through the install so this will not be a problem?

A: 

You can write a custom installer class which can change the security permissions of the folder. This would assume the installation is done by a user who has permission to change file/directory security.

The best option is to not write to directories under Program Files at all.

Joseph Daigle
+2  A: 

Writing to the Program Files folder is a really bad idea, you should assume that this location is "read only" once installed.

Saving user settings in Program Files causes problems if more than two people use the computer at once (eg. Terminal Services) who's settings should be saved, do you want other users to know 'your' settings? What happens if your program writes settings to the file as user A, but user B can't edit the file? User B may have access to the directory, but not read/delete the preference file as this is owned by user A.

Legacy win9x programs often write to the program files folder, Windows Vista actually does some neat trickery to let these programs work. When your program writes a file, vista actually puts it someplace else that is only accessible to that user. The same is done for registry writes to HKLM (or so I discovered after hours of debugging...) and Server 2008 does the same thing.

If you're needing to save user settings the best alternative would be to save the settings to the Application Data folder (Environment Variable %APPDATA%)

If the settings are system wide, then the administrative user should set these after install or on first run and they should not be able to be overwritten by limited users.

So to answer your question - YES there is a way to do what you've asked. But it's a bad idea, it's insecure and will probably cause problems in the long run.

sascha