If the user uninstalls your program, what do you do with the user data?

Question

I'm a developer in need of ammo.

If the user chooses to uninstall your program, what do you do with the data your program kept in HKEY_CURRENT_USER, and other parts of the user profile?

The program stores user data (logs, etc) in the user folders. The client wants an uninstall to remove all those data...for all users. At the same time, the an ordinary non-admin user should be able to do the uninstall.

I've not been able to find a whitepaper, documentation or otherwise that says this shouldn't be done. The closes is Raymond Chen's post: http://blogs.msdn.com/oldnewthing/archive/2007/09/17/4948130.aspx

But a blog post is weak ammo.

Alternative : Create %SYSTEMDRIVE%\FooProgramData during install. All users write to this folder. This is ugly, I know. But this is the only way I can think of that can satisfy the "on-uninstall-all-files-must-be-cleared" requirement.

Thoughts? I need a better alternate (if one exists) or a solid whitepaper, documentation or logo requirement that says uninstalls shouldn't delete user data.

Answer 1

I would never delete user and/or configuration data when uninstalling. If the user really wants it all gone she should do it herself.

Answer 2

Uninstalls should delete all client data, except when the client doesn't want it to :)

Or, put it another way, a generic uninstaller should give the user the choice of whether to delete the data or not.

In your case, where you've got a customer who specifically wants the data removed, I guess that's what you're going to have to do, but there's no clean way of doing that if the uninstall is going to be run by a non-admin unless you do as you suggest and store the data someplace where every single user has full filesystem access.

Answer 3

I don't know for specificities of Windows, but as a user I'd like that my data don't get lost if I uninstall a software. Some arguments are:

• Other programs may be able to handle the same data
• I could later change my mind and reinstall the software
• Other people could need the data, which I could mail them

Answer 4

"At the same time, the an ordinary non-admin user should be able to do the uninstall."

A non-admin account should never (and should never be able to) alter other users' data.

The absolute most you could do in that case is delete the current user's data, and even then you should prompt or give a warning.

Go with Raymond, it may just be a blog post, but Raymond could be considered no ordinary blogger :)

EDIT: I've just found http://msdn.microsoft.com/en-us/library/bb204770.aspx#uninstall_clean but it doesn't say anything explicit about user data

Answer 5

Removal of all per-user data should be a separate process to the uninstall.

My recommendation (and what we do) would be to create a separate "cleanup" utility that must be run as an administrator and will enumerate through the profiles removing additional user files. Optionally it could also enumerate the users registry hives and removing additional registry keys, etc. One of our clients has their own custom scripts that does exactly that.

I would then provide the customer with this cleanup tool and say after uninstall, if you want to remove all user data then use this.

Consider the following cases

• Customer uninstalls prior to installing a new version
• Major upgrades (which will uninstall the old version so you need to be aware of this)
• Accidental uninstall by a user who shouldn't have done it but had the ability to do so

The cleanest way to remove this data for all users that I can think of would be to take advantage of Active Setup and use this to trigger a per-user script that runs the next time each user logs on. The data won't be deleted during the uninstall, but at the next logon. And you'll leave a few registry entries lying about, however it would be less likely to cause corruption than enumerating user profiles.