Windows – write data that can be viewed and modified by all users in Windows Vista

windows-vista

I need to write some data (for trial use/expiration) and I need the app to be able to read/write to that location from a Non-Admin account on Vista with UAC "on".

Also, I'd like to be able to see and modify the data from any user account.

I originally considered writing to the KHEY_CURRENT_USER Registry Hive but that will be unique for each user.

Any other locations?

I tried:
%ALLUSERSPROFILE%\TestDirectory

But if NonAdmin1 creates and edits a file then Admin1 can't save the file after it's modified (although it can read the file).

Best Answer

There is a blog post about this: blogs.msdn.com/cjacks/archive/2008/02/05/where-should-i-write-program-data-instead-of-program-files.aspx (I'm not allowed to hyperlink yet, you'll have to cut-n-paste until it gets corrected).

It actually seems to revolve around a particular question: If you have files which are supposed to be writable by all users, do you expect the user to discover the files in explorer and be able to doubleclick on them, or do you want the files to be hidden and only used in the background by your application.

If you want the files to be discoverable in Explorer by all users, you probably want to put them in c:\users\public. All you have to do is put them in that location, and the default security should work.

If you want the files to be hidden from users, you probably want to put them in c:\programdata. In this case, when you create the files, the default security is probably not correct, so you will need to have your application ACL the files. Or better is probably to have your setup program create a directory structure for your app under c:\programdata, and have the setup program set good default ACL's on each directory - then your app doesn't have to sorry about setting ACL's when it actually creates the files, it just has to create the files in the right places.

In all cases, you should call the appropriate Win32 (or .Net Framework) function to get the path to the c:\programdata or c:\users\public directory. Don't hardcode those paths in your app - if you hardcode, you will miss some case where the user has moved the directory or installed Windows in some uncommon way, and your app will break.

Related Solutions

Python – Request UAC elevation from within a Python script

As of 2017, an easy method to achieve this is the following:

import ctypes, sys

def is_admin():
    try:
        return ctypes.windll.shell32.IsUserAnAdmin()
    except:
        return False

if is_admin():
    # Code of your program here
else:
    # Re-run the program with admin rights
    ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, " ".join(sys.argv), None, 1)

If you are using Python 2.x, then you should replace the last line for:

ctypes.windll.shell32.ShellExecuteW(None, u"runas", unicode(sys.executable), unicode(" ".join(sys.argv)), None, 1)

Also note that if you converted you python script into an executable file (using tools like py2exe, cx_freeze, pyinstaller) then you should use sys.argv[1:] instead of sys.argv in the fourth parameter.

Some of the advantages here are:

No external libraries required. It only uses ctypes and sys from standard library.
Works on both Python 2 and Python 3.
There is no need to modify the file resources nor creating a manifest file.
If you don't add code below if/else statement, the code won't ever be executed twice.
You can get the return value of the API call in the last line and take an action if it fails (code <= 32). Check possible return values here.
You can change the display method of the spawned process modifying the sixth parameter.

Documentation for the underlying ShellExecute call is here.

Windows – write data to on Windows Vista using any account and be viewable from all other accounts

During install time you can write it to your program's install folder, since presumably it won't change (require write access) later. You should still have read access there as a standard user. Otherwise, how would run the program? :)

Or you can use the All Users Application Data folder. In XP, that would normally map to C:\Documents and Settings\All Users\Application Data\YourApp\. I don't have Vista in front of me, so I can't give you the exact location at the moment, but it should be a pretty simple mapping.

Best Answer

Related Solutions

Python – Request UAC elevation from within a Python script

Windows – write data to on Windows Vista using any account and be viewable from all other accounts

Related Topic