Vista install, ACLs, program resources, SQL Server CE

Question

I've created a program that uses an SQL Server CE database.

I have also created 32 and 64 bit installers for the program.

The installers work, but when the app is run on vista the error message "access to the database is not allowed" appears.

In searching the web I have discovered that Vista does weird things in this regard. Even though the program was able to be installed, vista apparently blocks access to files in the "program files" directory. But my SQL Server CE database lives in the application folder, and I don't know where else it would go.

How, then, can I create an installer for my program that uses SQL Server CE and will allow someone with windows vista to use it?

Answer 1

Suggest you always install the database file in %ALLUSERSPROFILE% (C:\ProgramData on my Win 7 machine), and let your installer modify the connection string to macth this location.

---

http://erikej.blogspot.com Erik Ejlskov Jensen - Please mark as answer, if this was it.

Answer 2

Thanks Erik. Do you mean to say I can set the DefaultLocation property of a file system folder in the installer project to [AllUsersProfile]\[ProductName], and set the string for the Linq.DataContext constructor in the application to |AllUsersProfile|\MyProductName, or do I need to write some extra code to actually look up this environment variable?

Answer 3

You will need to resolve the full path in code.

---

http://erikej.blogspot.com Erik Ejlskov Jensen - Please mark as answer, if this was it.

Answer 4

Erik or anyone else:

Elsewhere it was suggested to me that I use the common application data folder. I'm not sure if this is also the "all users profile" folder that you have mentioned here. I changed my projects as follows:

In the application, I load the datacontext thus:

db = new FDDB.FDDB(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData) + "\\" + Application.ProductName + "\\FDDB.sdf")

In the setup project I created a custom folder on the target machine with the following properties:

DefaultLocation = [CommonAppDataFolder]\[ProductName]
Property = COMMONAPPDATAFOLDER

I then attempted to run my program on my XP machine with a user who is only a member of the "users" group.

The application fails when database access is attempted. The error is "access to the database is not allowed".

If the AllUsersProfile folder not the special folder "common application data"?

Answer 5

Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData) = C:\ProgramData on Win 7, yes.

What does it resolve to on Windows XP?

---

http://erikej.blogspot.com Erik Ejlskov Jensen - Please mark as answer, if this was it.

Answer 6

It resolves to C:\Documents and Settings\All Users\Application Data

Answer 7

All users on Windows XP should have write access to this folder.

---

http://erikej.blogspot.com Erik Ejlskov Jensen - Please mark as answer, if this was it.

Answer 8

Indeed. And yet, the error remains.

(In fact, with the limited rights user I was able to create a file in the directory into which the sdf was installed, but I still get "access to the database file is not allowed" when I run the program).

Answer 9

Try to check with Process Explorer what is going on... Is the sdf file marked read-only or ???

---

http://erikej.blogspot.com Erik Ejlskov Jensen - Please mark as answer, if this was it.

Answer 10

OK, I tried a few more things:

I installed my program as administrator, with the .sdf going into a subdirectory of all users. I then logged on as my "weaksauce" user (a member of "users" only) and opened the .sdf with textpad. I was able to open the file but could not modify it.

I then opened the .sdf using visual studio, still with the weaksauce user.  Visual studio reported the same error ("accss to the database file is not allowed").

I checked the owner of the .sdf. The owner is listed as "administrators".

I was able to create another text document in the same directory, and I was able to modfiy the contents of this document and save it.

The .sdf is not flagged as read only. The program performs without error when it is being run by my administrator user.

The only thing I can see that is the differentiating factor here is that the owner of the .sdf is administrators. I assume this is because the program was installed using an administrator user. However, is this not as it should be? That is to say, installation requires administrator privilges, but use of the application should only require a user account. In fact, I cannot install (or uninstall) the program as my "weaksauce" user due to the security policies on the machine.

By the way: in the setup project, the "InstallAllUsers" property of the project is set to true.

Answer 11

Further investigation: I disabled simple file sharing and checked the permissions on the "all users" folder (C:\documents and settings\all users). Members of the "users" group do NOT have write permission to this directory on the security tab itself.

But... the users group DOES have write permission under "advanced" on the security tab to this directory and subdirectories, including the one containing the .sdf file.

But... the users group does NOT have write permission under "advanced" on the security tab for the .sdf file itself!!

This is driving me crazy.

Answer 12

Well, Microsoft has won, and I've given up. My program is now single user only, and unable to share data across multiple windows logins. This is absurd and significantly reduces the functionality of the program, but at least non-administrators can now use it.

In other words, I have solved the problem but not allowing an "install for all users" option, and having the .sdf file install to the user's application data directory (as opposed to the all users' application data directory).

If anyone happnes to come across this thread and knows what the real answer should have been, I'm still interested for future projects.

Answer 13

Can someone at Microsoft please help shed some light on this? I am having the exact same problem. Where are sdf files supposed to go for an ALLUSERS install? [COMMONAPPDATAFOLDER] is not the answer as Sql Server Compact gives a permissions error when trying to access an sdf file stored under this directory.  Obviously, users should not have to elevate to run my app. 

Answer 14

Can someone at Microsoft please help shed some light on this? I am having the exact same problem. Where are sdf files supposed to go for an ALLUSERS install? [COMMONAPPDATAFOLDER] is not the answer as Sql Server Compact gives a permissions error when trying to access an sdf file stored under this directory.  Obviously, users should not have to elevate to run my app. 

Answer 15

I think you will have to run something like this in your installer:

echo y| cacls.exe "%ALLUSERSPROFILE%\MyCompany\MyApplication" /T /E /G BUILTIN\Users:F

 

 

---

http://erikej.blogspot.com Erik Ejlskov Jensen - Please mark as answer, if this was it.

Answer 16

Thank you for the solution Erik, it solves my problem. But shouldn't this be the default set of permissions for %ALLUSERSPROFILE% folder? What's the point in having it  then? I'm just curious is all.

---

http://www.carcontrolapp.com Radsyn Software

Answer 17

I had the same problem with a program I created in windows xp and then tried to install it to a Vista machine. The program had a couple of .sdf files and I couldn't access them on the vista machine, but they worked well on the xp machine. Your program may not allow it, but I simply copied and pasted the entire program folder to c:\program and everything worked as designed. From what I have read, Vista doesn't allow you access the data bases in the Program Files folder. I now have the installer install the program in c:\ so it will work on both xp and vista. I haven't tried it, but 7 may have the issue.

 

---

hemicro