How can a folder's Security setting be changed from code RRS feed

  • Question

  • I am updating an application for Vista that needs to allow all Users to read and write to a shared data file. The program creates a folder in C:\ProgamData using the SHGetFolderPath API function and then creates the data file in this folder whenever the first User exits the program. However, unless the Security setting for this folder is set so all Users can Modify it (not the default setting), Vista does not allow a different User to write to this file. Instead, Vista creates a new folder and file in the VirtualStore folder of the User (as Users\users_name\AppData\Local\VirtualStore\my folder\my data file). I can manually change this setting (after the first User exits the program) on the Security Tab of the folder's Properties sheet and the program then works correctly for all Users. Is there any way to do this through program code via an API call? My application is written in Visual Basic 6, and works correctly in Windows XP.

    Tuesday, June 19, 2007 11:41 PM

All replies

  • If you are using Windows Installer, then you can set permissions via the LockPermissions table during installation. If not, then you'll need to do it programmatically, for which there are numerous examples of ACL management code on the web.


    Note that, to preserve the system's security and stability, you shouldn't modify the permissions on ProgramData directly. Instead create a folder within there and only change the permissions on your own applications folder.

    Wednesday, June 20, 2007 12:56 PM
  • I came across the Vista command icacls that allows the security permission of a file to be changed for a particular user. I couldn't see if there was a way to do this for all users that might be created in the future with one command execution, or whether this command would need to be executed each time a new user account is created and when my program is run for the first time. I'm not sure if this is the best way to change a file's permissions, but it is the first one I came across.


    I ended up using a different approach that seems to be working okay on Vista. I create c:\my folder\my file and it seems to allow all users to read and write to my file.


    This does not work on XP for Standard Users, however, so I save the program data to C:\Document and Settings\All Users\Application\my folder\my file instead on XP and this seems to work.

    Saturday, June 23, 2007 7:52 PM