Where can I write data that can be viewed and modified by all users in Windows Vista?

Question

I need to write some data (for trial use/expiration) and I need the app to be able to read/write to that location from a Non-Admin account on Vista with UAC "on".

Also, I'd like to be able to see and modify the data from any user account.

I originally considered writing to the KHEY_CURRENT_USER Registry Hive but that will be unique for each user.

Any other locations?

I tried: %ALLUSERSPROFILE%\TestDirectory

But if NonAdmin1 creates and edits a file then Admin1 can't save the file after it's modified (although it can read the file).

Answer 1

When you create the file or after you write it out, I think you should be able to modify the permissions for the "Users" group to have more access. It looks like the "Creator Owner" gets full permission and the "Users" group only gets read & execute.

The other option might be to create the "TestDirectory" directory and set the Users group to have full access during the install.

Answer 2

There is a blog post about this: blogs.msdn.com/cjacks/archive/2008/02/05/where-should-i-write-program-data-instead-of-program-files.aspx (I'm not allowed to hyperlink yet, you'll have to cut-n-paste until it gets corrected).

It actually seems to revolve around a particular question: If you have files which are supposed to be writable by all users, do you expect the user to discover the files in explorer and be able to doubleclick on them, or do you want the files to be hidden and only used in the background by your application.

If you want the files to be discoverable in Explorer by all users, you probably want to put them in c:\users\public. All you have to do is put them in that location, and the default security should work.

If you want the files to be hidden from users, you probably want to put them in c:\programdata. In this case, when you create the files, the default security is probably not correct, so you will need to have your application ACL the files. Or better is probably to have your setup program create a directory structure for your app under c:\programdata, and have the setup program set good default ACL's on each directory - then your app doesn't have to sorry about setting ACL's when it actually creates the files, it just has to create the files in the right places.

In all cases, you should call the appropriate Win32 (or .Net Framework) function to get the path to the c:\programdata or c:\users\public directory. Don't hardcode those paths in your app - if you hardcode, you will miss some case where the user has moved the directory or installed Windows in some uncommon way, and your app will break.